ISHACK AI BOT

MFSA2023-15 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.10 (CVE-2023-1945) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. Solution(s) mozilla-thunderbird-upgrade-102_10 References https://attackerkb.com/topics/cve-2023-1945 CVE - 2023-1945 http://www.mozilla.org/security/announce/2023/mfsa2023-15.html

MFSA2023-15 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.10 (CVE-2023-29545) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/30/2025 Description Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. Solution(s) mozilla-thunderbird-upgrade-102_10 References https://attackerkb.com/topics/cve-2023-29545 CVE - 2023-29545 http://www.mozilla.org/security/announce/2023/mfsa2023-15.html

MFSA2023-15 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.10 (CVE-2023-0547) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/11/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. Solution(s) mozilla-thunderbird-upgrade-102_10 References https://attackerkb.com/topics/cve-2023-0547 CVE - 2023-0547 http://www.mozilla.org/security/announce/2023/mfsa2023-15.html

Microsoft Windows: CVE-2023-24931: Windows Secure Channel Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows Secure Channel Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5025234 microsoft-windows-windows_10-1607-kb5025228 microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-24931 CVE - 2023-24931 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025234 https://support.microsoft.com/help/5025239 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

OS X update for Boot Camp (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for APFS (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Crash Reporter (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: (Multiple Advisories) (CVE-2023-1989): Linux kernel (OEM) vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. Solution(s) ubuntu-upgrade-linux-image-6-1-0-1009-oem ubuntu-upgrade-linux-image-6-2-0-1003-ibm ubuntu-upgrade-linux-image-6-2-0-1005-aws ubuntu-upgrade-linux-image-6-2-0-1005-azure ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1005-oracle ubuntu-upgrade-linux-image-6-2-0-1006-kvm ubuntu-upgrade-linux-image-6-2-0-1006-raspi ubuntu-upgrade-linux-image-6-2-0-1006-raspi-nolpae ubuntu-upgrade-linux-image-6-2-0-1007-gcp ubuntu-upgrade-linux-image-6-2-0-23-generic ubuntu-upgrade-linux-image-6-2-0-23-generic-64k ubuntu-upgrade-linux-image-6-2-0-23-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual References https://attackerkb.com/topics/cve-2023-1989 CVE - 2023-1989 DSA-5492 USN-6033-1 USN-6175-1 USN-6186-1

IBM AIX: ntp_advisory14 (CVE-2023-26552): Multiple vulnerabilities in NTP could allow a remote attacker to cause a denial of service (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554). Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Solution(s) ibm-aix-ntp_advisory14 References https://attackerkb.com/topics/cve-2023-26552 CVE - 2023-26552 https://aix.software.ibm.com/aix/efixes/security/ntp_advisory14.asc

IBM AIX: ntp_advisory14 (CVE-2023-26554): Multiple vulnerabilities in NTP could allow a remote attacker to cause a denial of service (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554). Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Solution(s) ibm-aix-ntp_advisory14 References https://attackerkb.com/topics/cve-2023-26554 CVE - 2023-26554 https://aix.software.ibm.com/aix/efixes/security/ntp_advisory14.asc

Oracle Linux: CVE-2023-1999: ELSA-2023-2078:libwebp security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/22/2024 Added 05/21/2024 Modified 01/07/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. Solution(s) oracle-linux-upgrade-libwebp oracle-linux-upgrade-libwebp-devel oracle-linux-upgrade-libwebp-java oracle-linux-upgrade-libwebp-tools References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 ELSA-2023-2078 ELSA-2023-2077 ELSA-2023-2076

Huawei EulerOS: CVE-2023-26555: ntp security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. Solution(s) huawei-euleros-2_0_sp11-upgrade-ntp huawei-euleros-2_0_sp11-upgrade-ntp-help References https://attackerkb.com/topics/cve-2023-26555 CVE - 2023-26555 EulerOS-SA-2023-2700

Huawei EulerOS: CVE-2023-26553: ntp security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Solution(s) huawei-euleros-2_0_sp9-upgrade-ntp References https://attackerkb.com/topics/cve-2023-26553 CVE - 2023-26553 EulerOS-SA-2023-2621

Obsolete version of Microsoft Skype for Business Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 06/26/2024 Description Microsoft Skype for Business 2015, and all prior versions are no longer supported. Unsupported versions of Microsoft Skype for Business may contain unpatched security flaws. It is recommended to upgrade to the latest version. Solution(s) microsoft-skype-for-business-upgrade-latest References https://learn.microsoft.com/en-us/lifecycle/products/skype-for-business-2015

SUSE: CVE-2023-1989: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 04/11/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-ec2 suse-upgrade-kernel-ec2-base suse-upgrade-kernel-ec2-devel suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-trace suse-upgrade-kernel-trace-base suse-upgrade-kernel-trace-devel suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-xen suse-upgrade-kernel-xen-base suse-upgrade-kernel-xen-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-1989 CVE - 2023-1989 DSA-5492

Fortinet FortiManager: Improper Certificate Validation (CVE-2023-22642) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 06/28/2023 Added 06/27/2023 Modified 01/28/2025 Description An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. Solution(s) fortinet-fortimanager-upgrade-6_4_10 fortinet-fortimanager-upgrade-6_4_11 fortinet-fortimanager-upgrade-7_0_5 fortinet-fortimanager-upgrade-7_0_6 fortinet-fortimanager-upgrade-7_2_1 fortinet-fortimanager-upgrade-7_2_2 References https://attackerkb.com/topics/cve-2023-22642 CVE - 2023-22642 https://fortiguard.com/psirt/FG-IR-22-502

Amazon Linux 2023: CVE-2023-29469: Medium priority package update for libxml2 Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 04/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the &apos;\0&apos; value). A flaw was found in libxml2. This issue occurs when hashing empty strings which aren&apos;t null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors. Solution(s) amazon-linux-2023-upgrade-libxml2 amazon-linux-2023-upgrade-libxml2-debuginfo amazon-linux-2023-upgrade-libxml2-debugsource amazon-linux-2023-upgrade-libxml2-devel amazon-linux-2023-upgrade-libxml2-static amazon-linux-2023-upgrade-python3-libxml2 amazon-linux-2023-upgrade-python3-libxml2-debuginfo References https://attackerkb.com/topics/cve-2023-29469 CVE - 2023-29469 https://alas.aws.amazon.com/AL2023/ALAS-2023-163.html

Fortinet FortiOS: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2022-41330) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/11/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/30/2025 Description An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. Solution(s) fortios-upgrade-6_2_13 fortios-upgrade-6_4_12 fortios-upgrade-7_0_10 fortios-upgrade-7_2_4 References https://attackerkb.com/topics/cve-2022-41330 CVE - 2022-41330 https://fortiguard.com/psirt/FG-IR-22-363

Fortinet FortiOS: Improper Restriction of Excessive Authentication Attempts (CVE-2022-43947) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions. Solution(s) fortios-upgrade-6_4_13 fortios-upgrade-7_0_11 fortios-upgrade-7_2_4 References https://attackerkb.com/topics/cve-2022-43947 CVE - 2022-43947 https://fortiguard.com/psirt/FG-IR-22-444

Microsoft Windows: CVE-2023-28240: Windows Network Load Balancing Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:L/Au:N/C:C/I:C/A:C) Published 04/11/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows Network Load Balancing Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5025272 microsoft-windows-windows_server_2012_r2-kb5025288 microsoft-windows-windows_server_2016-1607-kb5025228 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 msft-kb5025272-9aef982c-2621-4c48-84c7-d4226da9d84f msft-kb5025272-fdd3a379-31cc-4112-8189-5fb2f5b8ca2b msft-kb5025273-4c1204fc-057e-45a0-a6fc-31d0df2e73b2 msft-kb5025273-bb0d6f54-0719-4c2e-a080-00915a9b9804 msft-kb5025277-3675320a-2e68-4c03-b985-6e3c23fa05b6 msft-kb5025277-6ae87183-0394-4692-9c4c-d2ff2cd3d2d6 msft-kb5025277-a87f382e-0b30-42ca-96e6-bea553208de8 References https://attackerkb.com/topics/cve-2023-28240 CVE - 2023-28240 https://support.microsoft.com/help/5025228 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025272 https://support.microsoft.com/help/5025285 https://support.microsoft.com/help/5025288 View more

Oracle Linux: CVE-2023-1945: ELSA-2023-1802:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 04/11/2023 Created 05/22/2024 Added 05/21/2024 Modified 01/07/2025 Description Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 102.10 and Firefox ESR &lt; 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-1945 CVE - 2023-1945 ELSA-2023-1802 ELSA-2023-1791 ELSA-2023-1806 ELSA-2023-1786 ELSA-2023-1787 ELSA-2023-1809 View more

Red Hat: CVE-2023-1668: Moderate: openvswitch2.17 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:C) Published 04/10/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. Solution(s) redhat-upgrade-network-scripts-openvswitch2-13 redhat-upgrade-network-scripts-openvswitch2-15 redhat-upgrade-network-scripts-openvswitch2-17 redhat-upgrade-network-scripts-openvswitch3-1 redhat-upgrade-openvswitch2-13 redhat-upgrade-openvswitch2-13-debuginfo redhat-upgrade-openvswitch2-13-debugsource redhat-upgrade-openvswitch2-13-devel redhat-upgrade-openvswitch2-13-ipsec redhat-upgrade-openvswitch2-13-test redhat-upgrade-openvswitch2-15 redhat-upgrade-openvswitch2-15-debuginfo redhat-upgrade-openvswitch2-15-debugsource redhat-upgrade-openvswitch2-15-devel redhat-upgrade-openvswitch2-15-ipsec redhat-upgrade-openvswitch2-15-test redhat-upgrade-openvswitch2-17 redhat-upgrade-openvswitch2-17-debuginfo redhat-upgrade-openvswitch2-17-debugsource redhat-upgrade-openvswitch2-17-devel redhat-upgrade-openvswitch2-17-ipsec redhat-upgrade-openvswitch2-17-test redhat-upgrade-openvswitch3-1 redhat-upgrade-openvswitch3-1-debuginfo redhat-upgrade-openvswitch3-1-debugsource redhat-upgrade-openvswitch3-1-devel redhat-upgrade-openvswitch3-1-ipsec redhat-upgrade-openvswitch3-1-test redhat-upgrade-python3-openvswitch2-13 redhat-upgrade-python3-openvswitch2-13-debuginfo redhat-upgrade-python3-openvswitch2-15 redhat-upgrade-python3-openvswitch2-15-debuginfo redhat-upgrade-python3-openvswitch2-17 redhat-upgrade-python3-openvswitch2-17-debuginfo redhat-upgrade-python3-openvswitch3-1 redhat-upgrade-python3-openvswitch3-1-debuginfo References DSA-5387 CVE-2023-1668

Oracle Linux: CVE-2023-29469: ELSA-2023-4349:libxml2 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 04/11/2023 Created 08/04/2023 Added 08/03/2023 Modified 12/05/2024 Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the &apos;\0&apos; value). A flaw was found in libxml2. This issue occurs when hashing empty strings which aren&apos;t null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors. Solution(s) oracle-linux-upgrade-libxml2 oracle-linux-upgrade-libxml2-devel oracle-linux-upgrade-python3-libxml2 References https://attackerkb.com/topics/cve-2023-29469 CVE - 2023-29469 ELSA-2023-4349 ELSA-2023-4529

OS X update for Accounts (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Assets (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)