ISHACK AI BOT

Alma Linux: CVE-2023-24539: Moderate: container-tools:4.0 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-24539 CVE - 2023-24539 https://errata.almalinux.org/8/ALSA-2023-6938.html https://errata.almalinux.org/8/ALSA-2023-6939.html https://errata.almalinux.org/9/ALSA-2023-6346.html https://errata.almalinux.org/9/ALSA-2023-6363.html https://errata.almalinux.org/9/ALSA-2023-6402.html https://errata.almalinux.org/9/ALSA-2023-6473.html https://errata.almalinux.org/9/ALSA-2023-6474.html View more

Amazon Linux AMI 2: CVE-2023-24540: Security patch for amazon-ssm-agent, containerd, docker, golang (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/11/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/30/2025 Description Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. Solution(s) amazon-linux-ami-2-upgrade-amazon-ssm-agent amazon-linux-ami-2-upgrade-amazon-ssm-agent-debuginfo amazon-linux-ami-2-upgrade-containerd amazon-linux-ami-2-upgrade-containerd-debuginfo amazon-linux-ami-2-upgrade-containerd-stress amazon-linux-ami-2-upgrade-docker amazon-linux-ami-2-upgrade-docker-debuginfo amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-race amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests References https://attackerkb.com/topics/cve-2023-24540 AL2/ALAS-2023-2163 AL2/ALAS-2023-2303 AL2/ALASDOCKER-2023-029 AL2/ALASDOCKER-2023-031 AL2/ALASECS-2023-019 AL2/ALASGOLANG1.19-2023-001 AL2/ALASNITRO-ENCLAVES-2023-026 AL2/ALASNITRO-ENCLAVES-2023-030 CVE - 2023-24540 View more

Ubuntu: USN-7247-1 (CVE-2023-2618): OpenCV vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/10/2023 Created 02/05/2025 Added 02/04/2025 Modified 02/04/2025 Description A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548. Solution(s) ubuntu-pro-upgrade-libopencv-contrib4-5d ubuntu-pro-upgrade-libopencv-core3-2 ubuntu-pro-upgrade-libopencv-core4-5d ubuntu-pro-upgrade-libopencv-dev ubuntu-pro-upgrade-libopencv-dnn4-5d ubuntu-pro-upgrade-libopencv-flann4-5d ubuntu-pro-upgrade-libopencv-imgcodecs4-5d ubuntu-pro-upgrade-libopencv-objdetect4-5d ubuntu-pro-upgrade-opencv-data References https://attackerkb.com/topics/cve-2023-2618 CVE - 2023-2618 USN-7247-1

SUSE: CVE-2023-2483: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/10/2023 Created 05/11/2023 Added 05/11/2023 Modified 11/08/2023 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-2483 CVE - 2023-2483

Microsoft Windows: CVE-2023-29325: Windows OLE Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 09/06/2024 Description Windows OLE Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-29325 CVE - 2023-29325 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-24905: Remote Desktop Client Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Remote Desktop Client Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 References https://attackerkb.com/topics/cve-2023-24905 CVE - 2023-24905 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026372

Microsoft CVE-2023-29335: Microsoft Word Security Feature Bypass Vulnerability Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Microsoft CVE-2023-29335: Microsoft Word Security Feature Bypass Vulnerability Solution(s) msft-kb5002365-42fb49b2-c274-4a2d-ac87-f1d623b8fa81 msft-kb5002365-5a3bd1d5-37fc-4ac2-a225-6dba657fb1cd References https://attackerkb.com/topics/cve-2023-29335 CVE - 2023-29335 5002365 5002369

Microsoft CVE-2023-24904: Windows Installer Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Microsoft CVE-2023-24904: Windows Installer Elevation of Privilege Vulnerability Solution(s) msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-24904 CVE - 2023-24904 5026408 5026413 5026426 5026427

Microsoft Windows: CVE-2023-24901: Windows NFS Portmapper Information Disclosure Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows NFS Portmapper Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 References https://attackerkb.com/topics/cve-2023-24901 CVE - 2023-24901 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-24899: Windows Graphics Component Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows Graphics Component Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 References https://attackerkb.com/topics/cve-2023-24899 CVE - 2023-24899 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372

Huawei EulerOS: CVE-2023-2156: kernel security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-2156 CVE - 2023-2156 EulerOS-SA-2023-2860

Microsoft Windows: CVE-2023-24940: Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-24940 CVE - 2023-24940 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-24942: Remote Procedure Call Runtime Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Remote Procedure Call Runtime Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-24942 CVE - 2023-24942 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-24944: Windows Bluetooth Driver Information Disclosure Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:C/I:N/A:N) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows Bluetooth Driver Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 References https://attackerkb.com/topics/cve-2023-24944 CVE - 2023-24944 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372

Microsoft Windows: CVE-2023-24945: Windows iSCSI Target Service Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows iSCSI Target Service Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-24945 CVE - 2023-24945 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-28251: Windows Driver Revocation List Security Feature Bypass Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows Driver Revocation List Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-28251 CVE - 2023-28251 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-24946: Windows Backup Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows Backup Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b References https://attackerkb.com/topics/cve-2023-24946 CVE - 2023-24946 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 View more

Alma Linux: CVE-2022-3522: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 09/19/2024 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2022-3522 CVE - 2022-3522 https://errata.almalinux.org/8/ALSA-2023-2736.html https://errata.almalinux.org/8/ALSA-2023-2951.html https://errata.almalinux.org/9/ALSA-2023-2148.html https://errata.almalinux.org/9/ALSA-2023-2458.html

Amazon Linux AMI 2: CVE-2023-2609: Security patch for vim (ALAS-2023-2085) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 amazon-linux-ami-2-upgrade-xxd References https://attackerkb.com/topics/cve-2023-2609 AL2/ALAS-2023-2085 CVE - 2023-2609

Alpine Linux: CVE-2023-2610: Integer Overflow or Wraparound Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-2610 CVE - 2023-2610 https://security.alpinelinux.org/vuln/CVE-2023-2610

SUSE: CVE-2023-32570: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 06/27/2023 Added 06/26/2023 Modified 01/28/2025 Description VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Solution(s) suse-upgrade-dav1d suse-upgrade-dav1d-devel suse-upgrade-libdav1d6 suse-upgrade-libdav1d6-32bit References https://attackerkb.com/topics/cve-2023-32570 CVE - 2023-32570

Oracle Linux: CVE-2023-32206: ELSA-2023-3137:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 06/09/2023 Added 06/08/2023 Modified 12/06/2024 Description An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led to a crash in the RLBox Expat driver. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32206 CVE - 2023-32206 ELSA-2023-3137 ELSA-2023-3221 ELSA-2023-3150 ELSA-2023-3151 ELSA-2023-3220 ELSA-2023-3143 View more

FreeBSD: VID-4A08A4FB-F152-11ED-9C88-001B217B3468 (CVE-2023-2181): Gitlab -- Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 05/10/2023 Created 05/17/2023 Added 05/16/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-2181

Amazon Linux 2023: CVE-2023-2610: Important priority package update for vim Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo amazon-linux-2023-upgrade-xxd amazon-linux-2023-upgrade-xxd-debuginfo References https://attackerkb.com/topics/cve-2023-2610 CVE - 2023-2610 https://alas.aws.amazon.com/AL2023/ALAS-2023-194.html

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 05/10/2023 Created 12/15/2023 Added 12/14/2023 Modified 01/28/2025 Description Deprecated Solution(s)