ISHACK AI BOT

Oracle Linux: CVE-2023-32215: ELSA-2023-3137:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 06/09/2023 Added 06/08/2023 Modified 12/06/2024 Description Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32215 CVE - 2023-32215 ELSA-2023-3137 ELSA-2023-3221 ELSA-2023-3150 ELSA-2023-3151 ELSA-2023-3220 ELSA-2023-3143 View more

MFSA2023-16 Firefox: Security Vulnerabilities fixed in Firefox 113 (CVE-2023-32213) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-firefox-upgrade-113_0 References https://attackerkb.com/topics/cve-2023-32213 CVE - 2023-32213 http://www.mozilla.org/security/announce/2023/mfsa2023-16.html

Huawei EulerOS: CVE-2023-2609: vim security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-2609 CVE - 2023-2609 EulerOS-SA-2023-2714

Alma Linux: CVE-2022-21505: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/30/2025 Description In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2022-21505 CVE - 2022-21505 https://errata.almalinux.org/9/ALSA-2023-2148.html https://errata.almalinux.org/9/ALSA-2023-2458.html

Red Hat: CVE-2023-1195: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-1195 RHSA-2023:2148 RHSA-2023:2458 RHSA-2023:2736 RHSA-2023:2951 RHSA-2024:0412 RHSA-2024:0431 RHSA-2024:0432 View more

Debian: CVE-2021-31239: sqlite3 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Solution(s) debian-upgrade-sqlite3 References https://attackerkb.com/topics/cve-2021-31239 CVE - 2021-31239

CVE-2023-29344: Microsoft Office Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description CVE-2023-29344: Microsoft Office Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_73_0 References https://attackerkb.com/topics/cve-2023-29344 CVE - 2023-29344 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#may-16-2023

Oracle Linux: CVE-2023-32207: ELSA-2023-3137:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 06/09/2023 Added 06/08/2023 Modified 12/06/2024 Description A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32207 CVE - 2023-32207 ELSA-2023-3137 ELSA-2023-3221 ELSA-2023-3150 ELSA-2023-3151 ELSA-2023-3220 ELSA-2023-3143 View more

Oracle Linux: CVE-2023-32205: ELSA-2023-3137:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 06/09/2023 Added 06/08/2023 Modified 12/06/2024 Description In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32205 CVE - 2023-32205 ELSA-2023-3137 ELSA-2023-3221 ELSA-2023-3150 ELSA-2023-3151 ELSA-2023-3220 ELSA-2023-3143 View more

Oracle Linux: CVE-2023-32211: ELSA-2023-3137:firefox security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/09/2023 Created 06/09/2023 Added 06/08/2023 Modified 12/06/2024 Description A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox &lt; 113, Firefox ESR &lt; 102.11, and Thunderbird &lt; 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32211 CVE - 2023-32211 ELSA-2023-3137 ELSA-2023-3221 ELSA-2023-3150 ELSA-2023-3151 ELSA-2023-3220 ELSA-2023-3143 View more

Oracle Linux: CVE-2023-2319: ELSA-2023-12595:pcs security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 05/09/2023 Created 07/25/2023 Added 07/21/2023 Modified 11/29/2024 Description It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. Solution(s) oracle-linux-upgrade-pcs oracle-linux-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-2319 CVE - 2023-2319 ELSA-2023-12595

Alma Linux: CVE-2023-27539: Moderate: pcs security and bug fix update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/10/2025 Description There is a denial of service vulnerability in the header parsing component of Rack. Solution(s) alma-upgrade-pcs alma-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-27539 CVE - 2023-27539 https://errata.almalinux.org/8/ALSA-2023-3082.html https://errata.almalinux.org/9/ALSA-2023-2652.html

Red Hat: CVE-2023-2203: Regression of CVE-2023-28205 fixes in the Red Hat Enterprise Linux (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-2203 RHSA-2023:2653 RHSA-2023:3108

Red Hat: CVE-2023-2319: Regression of CVE-2023-28154 fixes in the Red Hat Enterprise Linux (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. Solution(s) redhat-upgrade-pcs redhat-upgrade-pcs-snmp References CVE-2023-2319 RHSA-2023:2652

Alma Linux: CVE-2023-31490: Moderate: frr security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Solution(s) alma-upgrade-frr alma-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-31490 CVE - 2023-31490 https://errata.almalinux.org/8/ALSA-2024-2981.html https://errata.almalinux.org/9/ALSA-2024-2156.html

Alma Linux: CVE-2023-2319: Important: pcs security and bug fix update (ALSA-2023-2652) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. Solution(s) alma-upgrade-pcs alma-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-2319 CVE - 2023-2319 https://errata.almalinux.org/9/ALSA-2023-2652.html

Alma Linux: CVE-2023-2203: Important: webkit2gtk3 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-2203 CVE - 2023-2203 https://errata.almalinux.org/8/ALSA-2023-3108.html https://errata.almalinux.org/9/ALSA-2023-2653.html

OS X update for Vim (CVE-2023-2610) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 12/23/2023 Added 12/22/2023 Modified 01/28/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-2610 CVE - 2023-2610 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

FreeBSD: VID-7913FE6D-2C6E-40BA-A7D7-35696F3DB2B6 (CVE-2023-29338): vscode -- Visual Studio Code Information Disclosure Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:N) Published 05/09/2023 Created 05/17/2023 Added 05/16/2023 Modified 01/28/2025 Description Visual Studio Code Information Disclosure Vulnerability Solution(s) freebsd-upgrade-package-vscode References CVE-2023-29338

CentOS Linux: CVE-2023-30774: Moderate: libtiff security update (CESA-2023:2340) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Solution(s) centos-upgrade-libtiff centos-upgrade-libtiff-debuginfo centos-upgrade-libtiff-debugsource centos-upgrade-libtiff-devel centos-upgrade-libtiff-tools-debuginfo References CVE-2023-30774

Ubuntu: (Multiple Advisories) (CVE-2023-31490): FRR vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Solution(s) ubuntu-pro-upgrade-frr References https://attackerkb.com/topics/cve-2023-31490 CVE - 2023-31490 DSA-5495 USN-6136-1 USN-6323-1 USN-6807-1

Microsoft Windows: CVE-2023-28283: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 09/06/2024 Description Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-28283 CVE - 2023-28283 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Microsoft Windows: CVE-2023-24900: Windows NTLM Security Support Provider Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/09/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Windows NTLM Security Support Provider Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5026382 microsoft-windows-windows_10-1607-kb5026363 microsoft-windows-windows_10-1809-kb5026362 microsoft-windows-windows_10-20h2-kb5026361 microsoft-windows-windows_10-21h2-kb5026361 microsoft-windows-windows_10-22h2-kb5026361 microsoft-windows-windows_11-21h2-kb5026368 microsoft-windows-windows_11-22h2-kb5026372 microsoft-windows-windows_server_2012-kb5026411 microsoft-windows-windows_server_2012_r2-kb5026409 microsoft-windows-windows_server_2016-1607-kb5026363 microsoft-windows-windows_server_2019-1809-kb5026362 microsoft-windows-windows_server_2022-21h2-kb5026370 microsoft-windows-windows_server_2022-22h2-kb5026370 msft-kb5026411-552a389c-4c6b-42f8-9784-efdd9e3e32ce msft-kb5026411-5e88d9ea-3c8d-493f-9134-d986ce552c34 msft-kb5026426-06249243-9d94-44b3-883d-c0a8d1a5b34b msft-kb5026426-5fc54a55-d281-427c-aae2-93ae423e9e0b msft-kb5026426-dde2f3ce-8305-431d-8cf7-b9523786861b msft-kb5026427-702ea976-1438-4419-8d8a-f707f8210ec3 msft-kb5026427-91c91897-a29e-4d25-b0d6-b48e4646615f References https://attackerkb.com/topics/cve-2023-24900 CVE - 2023-24900 https://support.microsoft.com/help/5026361 https://support.microsoft.com/help/5026362 https://support.microsoft.com/help/5026363 https://support.microsoft.com/help/5026368 https://support.microsoft.com/help/5026370 https://support.microsoft.com/help/5026372 https://support.microsoft.com/help/5026382 https://support.microsoft.com/help/5026409 https://support.microsoft.com/help/5026411 https://support.microsoft.com/help/5026415 View more

Red Hat: CVE-2023-30774: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-30774 RHSA-2023:2340

Red Hat: CVE-2023-30775: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-30775 RHSA-2023:2340