ISHACK AI BOT

Red Hat: CVE-2023-32573: qt: Uninitialized variable usage in m_unitsPerEm (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) redhat-upgrade-adwaita-qt-debuginfo redhat-upgrade-adwaita-qt-debugsource redhat-upgrade-adwaita-qt5 redhat-upgrade-adwaita-qt5-debuginfo redhat-upgrade-libadwaita-qt5 redhat-upgrade-libadwaita-qt5-debuginfo redhat-upgrade-python-pyqt5-sip-debugsource redhat-upgrade-python-qt5-debuginfo redhat-upgrade-python-qt5-debugsource redhat-upgrade-python-qt5-rpm-macros redhat-upgrade-python3-pyqt5-sip redhat-upgrade-python3-pyqt5-sip-debuginfo redhat-upgrade-python3-qt5 redhat-upgrade-python3-qt5-base redhat-upgrade-python3-qt5-base-debuginfo redhat-upgrade-python3-qt5-debuginfo redhat-upgrade-python3-qt5-devel redhat-upgrade-qgnomeplatform redhat-upgrade-qgnomeplatform-debuginfo redhat-upgrade-qgnomeplatform-debugsource redhat-upgrade-qt5 redhat-upgrade-qt5-assistant redhat-upgrade-qt5-assistant-debuginfo redhat-upgrade-qt5-designer redhat-upgrade-qt5-designer-debuginfo redhat-upgrade-qt5-devel redhat-upgrade-qt5-doctools redhat-upgrade-qt5-doctools-debuginfo redhat-upgrade-qt5-linguist redhat-upgrade-qt5-linguist-debuginfo redhat-upgrade-qt5-qdbusviewer redhat-upgrade-qt5-qdbusviewer-debuginfo redhat-upgrade-qt5-qt3d redhat-upgrade-qt5-qt3d-debuginfo redhat-upgrade-qt5-qt3d-debugsource redhat-upgrade-qt5-qt3d-devel redhat-upgrade-qt5-qt3d-devel-debuginfo redhat-upgrade-qt5-qt3d-doc redhat-upgrade-qt5-qt3d-examples redhat-upgrade-qt5-qt3d-examples-debuginfo redhat-upgrade-qt5-qt3d-tests-debuginfo redhat-upgrade-qt5-qtbase redhat-upgrade-qt5-qtbase-common redhat-upgrade-qt5-qtbase-debuginfo redhat-upgrade-qt5-qtbase-debugsource redhat-upgrade-qt5-qtbase-devel redhat-upgrade-qt5-qtbase-devel-debuginfo redhat-upgrade-qt5-qtbase-doc redhat-upgrade-qt5-qtbase-examples redhat-upgrade-qt5-qtbase-examples-debuginfo redhat-upgrade-qt5-qtbase-gui redhat-upgrade-qt5-qtbase-gui-debuginfo redhat-upgrade-qt5-qtbase-mysql redhat-upgrade-qt5-qtbase-mysql-debuginfo redhat-upgrade-qt5-qtbase-odbc redhat-upgrade-qt5-qtbase-odbc-debuginfo redhat-upgrade-qt5-qtbase-postgresql redhat-upgrade-qt5-qtbase-postgresql-debuginfo redhat-upgrade-qt5-qtbase-private-devel redhat-upgrade-qt5-qtbase-static redhat-upgrade-qt5-qtbase-tests-debuginfo redhat-upgrade-qt5-qtconnectivity redhat-upgrade-qt5-qtconnectivity-debuginfo redhat-upgrade-qt5-qtconnectivity-debugsource redhat-upgrade-qt5-qtconnectivity-devel redhat-upgrade-qt5-qtconnectivity-doc redhat-upgrade-qt5-qtconnectivity-examples redhat-upgrade-qt5-qtconnectivity-examples-debuginfo redhat-upgrade-qt5-qtconnectivity-tests-debuginfo redhat-upgrade-qt5-qtdeclarative redhat-upgrade-qt5-qtdeclarative-debuginfo redhat-upgrade-qt5-qtdeclarative-debugsource redhat-upgrade-qt5-qtdeclarative-devel redhat-upgrade-qt5-qtdeclarative-devel-debuginfo redhat-upgrade-qt5-qtdeclarative-doc redhat-upgrade-qt5-qtdeclarative-examples redhat-upgrade-qt5-qtdeclarative-examples-debuginfo redhat-upgrade-qt5-qtdeclarative-static redhat-upgrade-qt5-qtdeclarative-tests-debuginfo redhat-upgrade-qt5-qtdoc redhat-upgrade-qt5-qtgraphicaleffects redhat-upgrade-qt5-qtgraphicaleffects-debuginfo redhat-upgrade-qt5-qtgraphicaleffects-debugsource redhat-upgrade-qt5-qtgraphicaleffects-doc redhat-upgrade-qt5-qtgraphicaleffects-tests-debuginfo redhat-upgrade-qt5-qtimageformats redhat-upgrade-qt5-qtimageformats-debuginfo redhat-upgrade-qt5-qtimageformats-debugsource redhat-upgrade-qt5-qtimageformats-doc redhat-upgrade-qt5-qtimageformats-tests-debuginfo redhat-upgrade-qt5-qtlocation redhat-upgrade-qt5-qtlocation-debuginfo redhat-upgrade-qt5-qtlocation-debugsource redhat-upgrade-qt5-qtlocation-devel redhat-upgrade-qt5-qtlocation-doc redhat-upgrade-qt5-qtlocation-examples redhat-upgrade-qt5-qtlocation-examples-debuginfo redhat-upgrade-qt5-qtlocation-tests-debuginfo redhat-upgrade-qt5-qtmultimedia redhat-upgrade-qt5-qtmultimedia-debuginfo redhat-upgrade-qt5-qtmultimedia-debugsource redhat-upgrade-qt5-qtmultimedia-devel redhat-upgrade-qt5-qtmultimedia-doc redhat-upgrade-qt5-qtmultimedia-examples redhat-upgrade-qt5-qtmultimedia-examples-debuginfo redhat-upgrade-qt5-qtmultimedia-tests-debuginfo redhat-upgrade-qt5-qtquickcontrols redhat-upgrade-qt5-qtquickcontrols-debuginfo redhat-upgrade-qt5-qtquickcontrols-debugsource redhat-upgrade-qt5-qtquickcontrols-doc redhat-upgrade-qt5-qtquickcontrols-examples redhat-upgrade-qt5-qtquickcontrols-examples-debuginfo redhat-upgrade-qt5-qtquickcontrols-tests-debuginfo redhat-upgrade-qt5-qtquickcontrols2 redhat-upgrade-qt5-qtquickcontrols2-debuginfo redhat-upgrade-qt5-qtquickcontrols2-debugsource redhat-upgrade-qt5-qtquickcontrols2-devel redhat-upgrade-qt5-qtquickcontrols2-doc redhat-upgrade-qt5-qtquickcontrols2-examples redhat-upgrade-qt5-qtquickcontrols2-examples-debuginfo redhat-upgrade-qt5-qtquickcontrols2-tests-debuginfo redhat-upgrade-qt5-qtscript redhat-upgrade-qt5-qtscript-debuginfo redhat-upgrade-qt5-qtscript-debugsource redhat-upgrade-qt5-qtscript-devel redhat-upgrade-qt5-qtscript-doc redhat-upgrade-qt5-qtscript-examples redhat-upgrade-qt5-qtscript-examples-debuginfo redhat-upgrade-qt5-qtscript-tests-debuginfo redhat-upgrade-qt5-qtsensors redhat-upgrade-qt5-qtsensors-debuginfo redhat-upgrade-qt5-qtsensors-debugsource redhat-upgrade-qt5-qtsensors-devel redhat-upgrade-qt5-qtsensors-doc redhat-upgrade-qt5-qtsensors-examples redhat-upgrade-qt5-qtsensors-examples-debuginfo redhat-upgrade-qt5-qtsensors-tests-debuginfo redhat-upgrade-qt5-qtserialbus redhat-upgrade-qt5-qtserialbus-debuginfo redhat-upgrade-qt5-qtserialbus-debugsource redhat-upgrade-qt5-qtserialbus-devel redhat-upgrade-qt5-qtserialbus-doc redhat-upgrade-qt5-qtserialbus-examples redhat-upgrade-qt5-qtserialbus-examples-debuginfo redhat-upgrade-qt5-qtserialbus-tests-debuginfo redhat-upgrade-qt5-qtserialport redhat-upgrade-qt5-qtserialport-debuginfo redhat-upgrade-qt5-qtserialport-debugsource redhat-upgrade-qt5-qtserialport-devel redhat-upgrade-qt5-qtserialport-doc redhat-upgrade-qt5-qtserialport-examples redhat-upgrade-qt5-qtserialport-examples-debuginfo redhat-upgrade-qt5-qtserialport-tests-debuginfo redhat-upgrade-qt5-qtsvg redhat-upgrade-qt5-qtsvg-debuginfo redhat-upgrade-qt5-qtsvg-debugsource redhat-upgrade-qt5-qtsvg-devel redhat-upgrade-qt5-qtsvg-doc redhat-upgrade-qt5-qtsvg-examples redhat-upgrade-qt5-qtsvg-examples-debuginfo redhat-upgrade-qt5-qtsvg-tests-debuginfo redhat-upgrade-qt5-qttools redhat-upgrade-qt5-qttools-common redhat-upgrade-qt5-qttools-debuginfo redhat-upgrade-qt5-qttools-debugsource redhat-upgrade-qt5-qttools-devel redhat-upgrade-qt5-qttools-devel-debuginfo redhat-upgrade-qt5-qttools-doc redhat-upgrade-qt5-qttools-examples redhat-upgrade-qt5-qttools-examples-debuginfo redhat-upgrade-qt5-qttools-libs-designer redhat-upgrade-qt5-qttools-libs-designer-debuginfo redhat-upgrade-qt5-qttools-libs-designercomponents redhat-upgrade-qt5-qttools-libs-designercomponents-debuginfo redhat-upgrade-qt5-qttools-libs-help redhat-upgrade-qt5-qttools-libs-help-debuginfo redhat-upgrade-qt5-qttools-static redhat-upgrade-qt5-qttools-tests-debuginfo redhat-upgrade-qt5-qttranslations redhat-upgrade-qt5-qtwayland redhat-upgrade-qt5-qtwayland-debuginfo redhat-upgrade-qt5-qtwayland-debugsource redhat-upgrade-qt5-qtwayland-devel redhat-upgrade-qt5-qtwayland-devel-debuginfo redhat-upgrade-qt5-qtwayland-doc redhat-upgrade-qt5-qtwayland-examples redhat-upgrade-qt5-qtwayland-examples-debuginfo redhat-upgrade-qt5-qtwayland-tests-debuginfo redhat-upgrade-qt5-qtwebchannel redhat-upgrade-qt5-qtwebchannel-debuginfo redhat-upgrade-qt5-qtwebchannel-debugsource redhat-upgrade-qt5-qtwebchannel-devel redhat-upgrade-qt5-qtwebchannel-doc redhat-upgrade-qt5-qtwebchannel-examples redhat-upgrade-qt5-qtwebchannel-examples-debuginfo redhat-upgrade-qt5-qtwebchannel-tests-debuginfo redhat-upgrade-qt5-qtwebsockets redhat-upgrade-qt5-qtwebsockets-debuginfo redhat-upgrade-qt5-qtwebsockets-debugsource redhat-upgrade-qt5-qtwebsockets-devel redhat-upgrade-qt5-qtwebsockets-doc redhat-upgrade-qt5-qtwebsockets-examples redhat-upgrade-qt5-qtwebsockets-examples-debuginfo redhat-upgrade-qt5-qtwebsockets-tests-debuginfo redhat-upgrade-qt5-qtx11extras redhat-upgrade-qt5-qtx11extras-debuginfo redhat-upgrade-qt5-qtx11extras-debugsource redhat-upgrade-qt5-qtx11extras-devel redhat-upgrade-qt5-qtx11extras-doc redhat-upgrade-qt5-qtx11extras-tests-debuginfo redhat-upgrade-qt5-qtxmlpatterns redhat-upgrade-qt5-qtxmlpatterns-debuginfo redhat-upgrade-qt5-qtxmlpatterns-debugsource redhat-upgrade-qt5-qtxmlpatterns-devel redhat-upgrade-qt5-qtxmlpatterns-devel-debuginfo redhat-upgrade-qt5-qtxmlpatterns-doc redhat-upgrade-qt5-qtxmlpatterns-examples redhat-upgrade-qt5-qtxmlpatterns-examples-debuginfo redhat-upgrade-qt5-qtxmlpatterns-tests-debuginfo redhat-upgrade-qt5-rpm-macros redhat-upgrade-qt5-srpm-macros References CVE-2023-32573 RHSA-2023:6369 RHSA-2023:6961

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 05/10/2023 Created 01/08/2025 Added 01/07/2025 Modified 01/16/2025 Description A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. Solution(s) palo-alto-networks-pan-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-0007 CVE - 2023-0007 https://security.paloaltonetworks.com/CVE-2023-0007

Oracle Linux: CVE-2023-2295: ELSA-2023-3148:libreswan security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/05/2024 Description A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) oracle-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-2295 CVE - 2023-2295 ELSA-2023-3148 ELSA-2023-3107

Huawei EulerOS: CVE-2023-2609: vim security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Solution(s) huawei-euleros-2_0_sp9-upgrade-vim-common huawei-euleros-2_0_sp9-upgrade-vim-enhanced huawei-euleros-2_0_sp9-upgrade-vim-filesystem huawei-euleros-2_0_sp9-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-2609 CVE - 2023-2609 EulerOS-SA-2023-2630

Huawei EulerOS: CVE-2023-2610: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-2610 CVE - 2023-2610 EulerOS-SA-2023-2714

Red Hat: CVE-2023-31490: frr: missing length check in bgp_attr_psid_sub() can lead do DoS (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/01/2024 Added 05/01/2024 Modified 11/26/2024 Description An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Solution(s) redhat-upgrade-frr redhat-upgrade-frr-debuginfo redhat-upgrade-frr-debugsource redhat-upgrade-frr-selinux References CVE-2023-31490 RHSA-2024:2156 RHSA-2024:2981

Red Hat: CVE-2023-31489: frr: incorrect length check in bgp_capability_llgr() can lead do DoS (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. Solution(s) redhat-upgrade-frr redhat-upgrade-frr-debuginfo redhat-upgrade-frr-debugsource redhat-upgrade-frr-selinux References CVE-2023-31489 RHSA-2024:2156

Aruba AOS-10: CVE-2023-22790: Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/09/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22790 References https://attackerkb.com/topics/cve-2023-22790 CVE - 2023-22790 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-006.json

MFSA2023-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.11 (CVE-2023-32207) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-esr-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32207 CVE - 2023-32207 http://www.mozilla.org/security/announce/2023/mfsa2023-17.html

Aruba AOS-10: CVE-2023-22779: Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22779 References https://attackerkb.com/topics/cve-2023-22779 CVE - 2023-22779 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-006.json

Aruba AOS-10: CVE-2023-22782: Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22782 References https://attackerkb.com/topics/cve-2023-22782 CVE - 2023-22782 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-006.json

Huawei EulerOS: CVE-2023-2610: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Solution(s) huawei-euleros-2_0_sp9-upgrade-vim-common huawei-euleros-2_0_sp9-upgrade-vim-enhanced huawei-euleros-2_0_sp9-upgrade-vim-filesystem huawei-euleros-2_0_sp9-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-2610 CVE - 2023-2610 EulerOS-SA-2023-2630

Aruba AOS-10: CVE-2023-22788: Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/09/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22788 References https://attackerkb.com/topics/cve-2023-22788 CVE - 2023-22788 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-006.json

Aruba AOS-10: CVE-2023-22780: Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22780 References https://attackerkb.com/topics/cve-2023-22780 CVE - 2023-22780 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-006.json

MFSA2023-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.11 (CVE-2023-32215) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-esr-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32215 CVE - 2023-32215 http://www.mozilla.org/security/announce/2023/mfsa2023-17.html

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32215) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32215 CVE - 2023-32215 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html

Aruba AOS-10: CVE-2023-22785: Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22785 References https://attackerkb.com/topics/cve-2023-22785 CVE - 2023-22785 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-006.json

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32209) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32209 CVE - 2023-32209 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html

VMware Photon OS: CVE-2021-31239 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2021-31239 CVE - 2021-31239

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32211) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32211 CVE - 2023-32211 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32214) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32214 CVE - 2023-32214 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html

MFSA2023-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.11 (CVE-2023-32211) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-esr-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32211 CVE - 2023-32211 http://www.mozilla.org/security/announce/2023/mfsa2023-17.html

Alpine Linux: CVE-2023-31975: Missing Release of Memory after Effective Lifetime Severity 2 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:P) Published 05/09/2023 Created 03/22/2024 Added 03/21/2024 Modified 05/20/2024 Description yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. Solution(s) alpine-linux-upgrade-yasm References https://attackerkb.com/topics/cve-2023-31975 CVE - 2023-31975 https://security.alpinelinux.org/vuln/CVE-2023-31975

Ubuntu: USN-6271-1 (CVE-2023-31137): MaraDNS vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination. The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service. One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58. Solution(s) ubuntu-pro-upgrade-duende ubuntu-pro-upgrade-maradns ubuntu-pro-upgrade-maradns-deadwood ubuntu-pro-upgrade-maradns-zoneserver References https://attackerkb.com/topics/cve-2023-31137 CVE - 2023-31137 USN-6271-1

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32207) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32207 CVE - 2023-32207 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html