ISHACK AI BOT

MFSA2023-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.11 (CVE-2023-32206) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-esr-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32206 CVE - 2023-32206 http://www.mozilla.org/security/announce/2023/mfsa2023-17.html

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32205) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32205 CVE - 2023-32205 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html

MFSA2023-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.11 (CVE-2023-32214) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-esr-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32214 CVE - 2023-32214 http://www.mozilla.org/security/announce/2023/mfsa2023-17.html

CentOS Linux: CVE-2023-2491: Important: emacs security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) centos-upgrade-emacs centos-upgrade-emacs-common centos-upgrade-emacs-common-debuginfo centos-upgrade-emacs-debuginfo centos-upgrade-emacs-debugsource centos-upgrade-emacs-filesystem centos-upgrade-emacs-lucid centos-upgrade-emacs-lucid-debuginfo centos-upgrade-emacs-nox centos-upgrade-emacs-nox-debuginfo centos-upgrade-emacs-terminal References CVE-2023-2491

CentOS Linux: CVE-2023-2203: Important: webkit2gtk3 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-2203

CentOS Linux: CVE-2023-27539: Important: pcs security and bug fix update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 11/13/2023 Description A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. Solution(s) centos-upgrade-foreman-cli centos-upgrade-pcs centos-upgrade-pcs-snmp centos-upgrade-python39-pulp_manifest centos-upgrade-rubygem-amazing_print centos-upgrade-rubygem-apipie-bindings centos-upgrade-rubygem-clamp centos-upgrade-rubygem-domain_name centos-upgrade-rubygem-fast_gettext centos-upgrade-rubygem-ffi centos-upgrade-rubygem-ffi-debuginfo centos-upgrade-rubygem-ffi-debugsource centos-upgrade-rubygem-foreman_maintain centos-upgrade-rubygem-gssapi centos-upgrade-rubygem-hammer_cli centos-upgrade-rubygem-hammer_cli_foreman centos-upgrade-rubygem-hammer_cli_foreman_admin centos-upgrade-rubygem-hammer_cli_foreman_ansible centos-upgrade-rubygem-hammer_cli_foreman_azure_rm centos-upgrade-rubygem-hammer_cli_foreman_bootdisk centos-upgrade-rubygem-hammer_cli_foreman_discovery centos-upgrade-rubygem-hammer_cli_foreman_google centos-upgrade-rubygem-hammer_cli_foreman_openscap centos-upgrade-rubygem-hammer_cli_foreman_remote_execution centos-upgrade-rubygem-hammer_cli_foreman_tasks centos-upgrade-rubygem-hammer_cli_foreman_templates centos-upgrade-rubygem-hammer_cli_foreman_virt_who_configure centos-upgrade-rubygem-hammer_cli_foreman_webhooks centos-upgrade-rubygem-hammer_cli_katello centos-upgrade-rubygem-hashie centos-upgrade-rubygem-highline centos-upgrade-rubygem-http-accept centos-upgrade-rubygem-http-cookie centos-upgrade-rubygem-jwt centos-upgrade-rubygem-little-plugger centos-upgrade-rubygem-locale centos-upgrade-rubygem-logging centos-upgrade-rubygem-mime-types centos-upgrade-rubygem-mime-types-data centos-upgrade-rubygem-multi_json centos-upgrade-rubygem-netrc centos-upgrade-rubygem-oauth centos-upgrade-rubygem-oauth-tty centos-upgrade-rubygem-powerbar centos-upgrade-rubygem-rest-client centos-upgrade-rubygem-snaky_hash centos-upgrade-rubygem-unf centos-upgrade-rubygem-unf_ext centos-upgrade-rubygem-unf_ext-debuginfo centos-upgrade-rubygem-unf_ext-debugsource centos-upgrade-rubygem-unicode centos-upgrade-rubygem-unicode-debuginfo centos-upgrade-rubygem-unicode-debugsource centos-upgrade-rubygem-unicode-display_width centos-upgrade-rubygem-version_gem centos-upgrade-satellite-cli centos-upgrade-satellite-clone centos-upgrade-satellite-maintain References CESA-2023:2652 CESA-2023:3082 CESA-2023:6818 CVE-2023-27539

CentOS Linux: CVE-2023-2319: Important: pcs security and bug fix update (CESA-2023:2652) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. Solution(s) centos-upgrade-pcs centos-upgrade-pcs-snmp References CVE-2023-2319

Amazon Linux 2023: CVE-2023-2609: Important priority package update for vim Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo amazon-linux-2023-upgrade-xxd amazon-linux-2023-upgrade-xxd-debuginfo References https://attackerkb.com/topics/cve-2023-2609 CVE - 2023-2609 https://alas.aws.amazon.com/AL2023/ALAS-2023-194.html

CentOS Linux: CVE-2023-1195: Important: kernel-rt security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-1195

Microsoft Windows: CVE-2023-24941: Windows Network File System Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 09/06/2024 Description Windows Network File System Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 References https://attackerkb.com/topics/cve-2023-24941 CVE - 2023-24941 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-24943: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 09/06/2024 Description Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-24943 CVE - 2023-24943 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Alpine Linux: CVE-2023-2609: NULL Pointer Dereference Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-2609 CVE - 2023-2609 https://security.alpinelinux.org/vuln/CVE-2023-2609

Debian: CVE-2023-2610: vim -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 06/14/2023 Added 06/14/2023 Modified 01/28/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-2610 CVE - 2023-2610 DLA-3453-1

VMware Photon OS: CVE-2023-2609 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2609 CVE - 2023-2609

Ubuntu: USN-6136-1 (CVE-2023-31489): FRR vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. Solution(s) ubuntu-upgrade-frr References https://attackerkb.com/topics/cve-2023-31489 CVE - 2023-31489 USN-6136-1

Gentoo Linux: CVE-2021-31239: SQLite: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Solution(s) gentoo-linux-upgrade-dev-db-sqlite References https://attackerkb.com/topics/cve-2021-31239 CVE - 2021-31239 202311-03

Alpine Linux: CVE-2023-31972: Use After Free Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 03/22/2024 Added 03/21/2024 Modified 05/20/2024 Description yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. Solution(s) alpine-linux-upgrade-yasm References https://attackerkb.com/topics/cve-2023-31972 CVE - 2023-31972 https://security.alpinelinux.org/vuln/CVE-2023-31972

Alpine Linux: CVE-2023-31974: Use After Free Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 03/22/2024 Added 03/21/2024 Modified 05/20/2024 Description yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. Solution(s) alpine-linux-upgrade-yasm References https://attackerkb.com/topics/cve-2023-31974 CVE - 2023-31974 https://security.alpinelinux.org/vuln/CVE-2023-31974

Red Hat: CVE-2022-3522: race condition in hugetlb_no_page() in mm/hugetlb.c (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 05/28/2024 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-3522 RHSA-2023:2148 RHSA-2023:2458 RHSA-2023:2736 RHSA-2023:2951 RHSA-2024:0412

Ubuntu: USN-6154-1 (CVE-2023-2610): Vim vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Solution(s) ubuntu-pro-upgrade-vim ubuntu-pro-upgrade-vim-tiny References https://attackerkb.com/topics/cve-2023-2610 CVE - 2023-2610 USN-6154-1

Red Hat: CVE-2022-21505: lockdown bypass using IMA (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/30/2025 Description In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-21505 RHSA-2023:2148 RHSA-2023:2458

Microsoft SharePoint: CVE-2023-24955: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/14/2025 Description Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002397 microsoft-sharepoint-sharepoint_2019-kb5002389 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002390 References https://attackerkb.com/topics/cve-2023-24955 CVE - 2023-24955 https://support.microsoft.com/help/5002389 https://support.microsoft.com/help/5002390 https://support.microsoft.com/help/5002397

MFSA2023-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.11 (CVE-2023-32213) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-esr-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32213 CVE - 2023-32213 http://www.mozilla.org/security/announce/2023/mfsa2023-17.html

Oracle Linux: CVE-2023-2491: ELSA-2023-2626:emacs security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/18/2024 Description A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the &quot;org-babel-execute:latex&quot; function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) oracle-linux-upgrade-emacs oracle-linux-upgrade-emacs-common oracle-linux-upgrade-emacs-filesystem oracle-linux-upgrade-emacs-lucid oracle-linux-upgrade-emacs-nox oracle-linux-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2023-2491 CVE - 2023-2491 ELSA-2023-2626 ELSA-2023-3104

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32208) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32208 CVE - 2023-32208 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html