ISHACK AI BOT

Microsoft Windows: CVE-2023-28307: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025273-4c1204fc-057e-45a0-a6fc-31d0df2e73b2 msft-kb5025273-bb0d6f54-0719-4c2e-a080-00915a9b9804 msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-28307 CVE - 2023-28307 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

Microsoft Windows: CVE-2023-28226: Windows Enroll Engine Security Feature Bypass Vulnerability Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows Enroll Engine Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5025234 microsoft-windows-windows_10-1607-kb5025228 microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 References https://attackerkb.com/topics/cve-2023-28226 CVE - 2023-28226 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025234 https://support.microsoft.com/help/5025239 View more

Microsoft Windows: CVE-2023-28252: Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 09/06/2024 Description Windows Common Log File System Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5025234 microsoft-windows-windows_10-1607-kb5025228 microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025273-4c1204fc-057e-45a0-a6fc-31d0df2e73b2 msft-kb5025273-bb0d6f54-0719-4c2e-a080-00915a9b9804 msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-28252 CVE - 2023-28252 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025234 https://support.microsoft.com/help/5025239 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

Amazon Linux AMI 2: CVE-2023-26552: Security patch for ntp (ALAS-2024-2396) Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Solution(s) amazon-linux-ami-2-upgrade-ntp amazon-linux-ami-2-upgrade-ntp-debuginfo amazon-linux-ami-2-upgrade-ntp-doc amazon-linux-ami-2-upgrade-ntp-perl amazon-linux-ami-2-upgrade-ntpdate amazon-linux-ami-2-upgrade-sntp References https://attackerkb.com/topics/cve-2023-26552 AL2/ALAS-2024-2396 CVE - 2023-26552

Amazon Linux AMI 2: CVE-2023-26551: Security patch for ntp (ALAS-2024-2396) Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Solution(s) amazon-linux-ami-2-upgrade-ntp amazon-linux-ami-2-upgrade-ntp-debuginfo amazon-linux-ami-2-upgrade-ntp-doc amazon-linux-ami-2-upgrade-ntp-perl amazon-linux-ami-2-upgrade-ntpdate amazon-linux-ami-2-upgrade-sntp References https://attackerkb.com/topics/cve-2023-26551 AL2/ALAS-2024-2396 CVE - 2023-26551

Oracle Linux: (CVE-2022-27487) (Multiple Advisories): olcne security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 04/11/2023 Created 05/29/2023 Added 05/26/2023 Modified 01/28/2025 Description A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. Solution(s) oracle-linux-upgrade-istio oracle-linux-upgrade-istio-istioctl oracle-linux-upgrade-kubeadm oracle-linux-upgrade-kubectl oracle-linux-upgrade-kubelet oracle-linux-upgrade-kubernetes oracle-linux-upgrade-olcne oracle-linux-upgrade-olcne-agent oracle-linux-upgrade-olcne-api-server oracle-linux-upgrade-olcne-calico-chart oracle-linux-upgrade-olcne-extra-modules oracle-linux-upgrade-olcne-gluster-chart oracle-linux-upgrade-olcne-grafana-chart oracle-linux-upgrade-olcne-istio-chart oracle-linux-upgrade-olcne-kubevirt-chart oracle-linux-upgrade-olcne-metallb-chart oracle-linux-upgrade-olcne-multus-chart oracle-linux-upgrade-olcne-nginx oracle-linux-upgrade-olcne-oci-ccm-chart oracle-linux-upgrade-olcne-olm-chart oracle-linux-upgrade-olcne-prometheus-chart oracle-linux-upgrade-olcne-rook-chart oracle-linux-upgrade-olcne-utils oracle-linux-upgrade-olcnectl References CVE-2022-27487

Microsoft Windows: CVE-2023-24885: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5025234 microsoft-windows-windows_10-1607-kb5025228 microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b References https://attackerkb.com/topics/cve-2023-24885 CVE - 2023-24885 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025234 https://support.microsoft.com/help/5025239 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

Microsoft Windows: CVE-2023-28308: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025273-4c1204fc-057e-45a0-a6fc-31d0df2e73b2 msft-kb5025273-bb0d6f54-0719-4c2e-a080-00915a9b9804 msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-28308 CVE - 2023-28308 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

Microsoft CVE-2023-28288: Microsoft SharePoint Server Spoofing Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Microsoft CVE-2023-28288: Microsoft SharePoint Server Spoofing Vulnerability Solution(s) msft-kb5002383-c9d0b67c-d120-40a7-a891-15c1028c6b5f References https://attackerkb.com/topics/cve-2023-28288 CVE - 2023-28288 5002373 5002375 5002383 5002385

Microsoft Windows: CVE-2023-28275: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5025234 microsoft-windows-windows_10-1607-kb5025228 microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025273-4c1204fc-057e-45a0-a6fc-31d0df2e73b2 msft-kb5025273-bb0d6f54-0719-4c2e-a080-00915a9b9804 msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-28275 CVE - 2023-28275 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025234 https://support.microsoft.com/help/5025239 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

Microsoft Windows: CVE-2023-28272: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5025234 microsoft-windows-windows_10-1607-kb5025228 microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025273-4c1204fc-057e-45a0-a6fc-31d0df2e73b2 msft-kb5025273-bb0d6f54-0719-4c2e-a080-00915a9b9804 msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-28272 CVE - 2023-28272 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025234 https://support.microsoft.com/help/5025239 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

Microsoft Windows: CVE-2023-28271: Windows Kernel Memory Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows Kernel Memory Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5025234 microsoft-windows-windows_10-1607-kb5025228 microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025273-4c1204fc-057e-45a0-a6fc-31d0df2e73b2 msft-kb5025273-bb0d6f54-0719-4c2e-a080-00915a9b9804 msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-28271 CVE - 2023-28271 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025234 https://support.microsoft.com/help/5025239 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

SUSE: CVE-2023-26552: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Solution(s) suse-upgrade-ntp suse-upgrade-ntp-doc References https://attackerkb.com/topics/cve-2023-26552 CVE - 2023-26552

SUSE: CVE-2023-29541: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-29541 CVE - 2023-29541

Microsoft Defender Denial of Service Vulnerability (CVE-2023-24860) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Microsoft Defender Denial of Service Vulnerability Solution(s) windows-defender-upgrade-latest References https://attackerkb.com/topics/cve-2023-24860 CVE - 2023-24860 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24860

SUSE: CVE-2023-26554: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Solution(s) suse-upgrade-ntp suse-upgrade-ntp-doc References https://attackerkb.com/topics/cve-2023-26554 CVE - 2023-26554

SUSE: CVE-2023-29542: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnkwith .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-29542 CVE - 2023-29542

SUSE: CVE-2023-29533: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-29533 CVE - 2023-29533

Amazon Linux 2023: CVE-2023-28484: Medium priority package update for libxml2 Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 04/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas. Solution(s) amazon-linux-2023-upgrade-libxml2 amazon-linux-2023-upgrade-libxml2-debuginfo amazon-linux-2023-upgrade-libxml2-debugsource amazon-linux-2023-upgrade-libxml2-devel amazon-linux-2023-upgrade-libxml2-static amazon-linux-2023-upgrade-python3-libxml2 amazon-linux-2023-upgrade-python3-libxml2-debuginfo References https://attackerkb.com/topics/cve-2023-28484 CVE - 2023-28484 https://alas.aws.amazon.com/AL2023/ALAS-2023-163.html

SUSE: CVE-2023-29550: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-29550 CVE - 2023-29550

APSB23-24:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-26395) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-26395 CVE - 2023-26395 https://helpx.adobe.com/security/products/reader/apsb23-24.html

SUSE: CVE-2023-1945: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-1945 CVE - 2023-1945

APSB23-24:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-26406) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-26406 CVE - 2023-26406 https://helpx.adobe.com/security/products/reader/apsb23-24.html

VMware Photon OS: CVE-2023-26555 Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-26555 CVE - 2023-26555

MFSA2023-15 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.10 (CVE-2023-29531) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. Solution(s) mozilla-thunderbird-upgrade-102_10 References https://attackerkb.com/topics/cve-2023-29531 CVE - 2023-29531 http://www.mozilla.org/security/announce/2023/mfsa2023-15.html