ISHACK AI BOT

Huawei EulerOS: CVE-2023-1281: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-1281 CVE - 2023-1281 EulerOS-SA-2023-2152

Google Chrome Vulnerability: CVE-2023-1530 Use after free in PDF Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1530 CVE - 2023-1530 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

Google Chrome Vulnerability: CVE-2023-1529 Out of bounds memory access in WebHID Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1529 CVE - 2023-1529 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

Amazon Linux AMI: CVE-2023-0464: Security patch for openssl (ALAS-2023-1762) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 06/12/2023 Added 06/09/2023 Modified 01/28/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) amazon-linux-upgrade-openssl References ALAS-2023-1762 CVE-2023-0464

Amazon Linux AMI: CVE-2023-28708: Security patch for tomcat8 (ALAS-2023-1732) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/22/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Solution(s) amazon-linux-upgrade-tomcat8 References ALAS-2023-1732 CVE-2023-28708

Cisco Catalyst SD-WAN: CVE-2023-20113: Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 03/22/2023 Created 07/02/2024 Added 06/25/2024 Modified 08/29/2024 Description A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. Solution(s) cisco-catalyst-sdwan-update-latest References https://attackerkb.com/topics/cve-2023-20113 CVE - 2023-20113 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-csrf-76RDbLEh cisco-sa-vman-csrf-76RDbLEh

Google Chrome Vulnerability: CVE-2023-1534 Out of bounds read in ANGLE Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

Google Chrome Vulnerability: CVE-2023-1531 Use after free in ANGLE Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1531 CVE - 2023-1531 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

Google Chrome Vulnerability: CVE-2023-1528 Use after free in Passwords Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1528 CVE - 2023-1528 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

Cisco FTD: CVE-2023-20081: Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20081 CVE - 2023-20081 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv

CentOS Linux: CVE-2023-0386: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-4_18_0-425_10_1 centos-upgrade-kpatch-patch-4_18_0-425_10_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-425_10_1-debugsource centos-upgrade-kpatch-patch-4_18_0-425_13_1 centos-upgrade-kpatch-patch-4_18_0-425_13_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-425_13_1-debugsource centos-upgrade-kpatch-patch-4_18_0-425_3_1 centos-upgrade-kpatch-patch-4_18_0-425_3_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-425_3_1-debugsource centos-upgrade-kpatch-patch-5_14_0-162_12_1 centos-upgrade-kpatch-patch-5_14_0-162_12_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-162_12_1-debugsource centos-upgrade-kpatch-patch-5_14_0-162_18_1 centos-upgrade-kpatch-patch-5_14_0-162_18_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-162_18_1-debugsource centos-upgrade-kpatch-patch-5_14_0-162_22_2 centos-upgrade-kpatch-patch-5_14_0-162_22_2-debuginfo centos-upgrade-kpatch-patch-5_14_0-162_22_2-debugsource centos-upgrade-kpatch-patch-5_14_0-162_6_1 centos-upgrade-kpatch-patch-5_14_0-162_6_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-162_6_1-debugsource References DSA-5402 CVE-2023-0386

Oracle WebLogic: CVE-2023-1436 : Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. Solution(s) oracle-weblogic-jul-2023-cpu-12_2_1_4_0 oracle-weblogic-jul-2023-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2023-1436 CVE - 2023-1436 http://www.oracle.com/security-alerts/cpujul2023.html https://support.oracle.com/rs?type=doc&id=2958367.2

Debian: CVE-2023-0464: openssl -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 06/02/2023 Added 06/02/2023 Modified 01/30/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464 DSA-5417-1

Debian: CVE-2023-0386: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-0386 CVE - 2023-0386 DSA-5402 DSA-5402-1

Google Chrome Vulnerability: CVE-2023-1532 Out of bounds read in GPU Video Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1532 CVE - 2023-1532 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

Google Chrome Vulnerability: CVE-2023-1533 Use after free in WebProtect Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1533 CVE - 2023-1533 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

Huawei EulerOS: CVE-2023-1281: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/30/2025 Description Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-1281 CVE - 2023-1281 EulerOS-SA-2023-2335

Cisco IOS: CVE-2023-20080: Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 03/24/2023 Added 03/23/2023 Modified 11/13/2024 Description A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly. Solution(s) cisco-ios-upgrade-latest References https://attackerkb.com/topics/cve-2023-20080 CVE - 2023-20080 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dhcpv6-dos-44cMvdDK cisco-sa-ios-dhcpv6-dos-44cMvdDK

Amazon Linux AMI 2: CVE-2023-28176: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-28176 AL2/ALAS-2023-1988 AL2/ALASFIREFOX-2023-004 CVE - 2023-28176

Amazon Linux AMI 2: CVE-2023-28708: Security patch for tomcat (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/22/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description When using the RemoteIpFilter with requests received from areverse proxy via HTTP that include the X-Forwarded-Protoheader set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Solution(s) amazon-linux-ami-2-upgrade-tomcat amazon-linux-ami-2-upgrade-tomcat-admin-webapps amazon-linux-ami-2-upgrade-tomcat-docs-webapp amazon-linux-ami-2-upgrade-tomcat-el-2-2-api amazon-linux-ami-2-upgrade-tomcat-el-3-0-api amazon-linux-ami-2-upgrade-tomcat-javadoc amazon-linux-ami-2-upgrade-tomcat-jsp-2-2-api amazon-linux-ami-2-upgrade-tomcat-jsp-2-3-api amazon-linux-ami-2-upgrade-tomcat-jsvc amazon-linux-ami-2-upgrade-tomcat-lib amazon-linux-ami-2-upgrade-tomcat-servlet-3-0-api amazon-linux-ami-2-upgrade-tomcat-servlet-3-1-api amazon-linux-ami-2-upgrade-tomcat-servlet-4-0-api amazon-linux-ami-2-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-28708 AL2/ALAS-2023-2020 AL2/ALASTOMCAT8.5-2023-013 AL2/ALASTOMCAT9-2023-008 CVE - 2023-28708

Amazon Linux AMI 2: CVE-2023-28163: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-28163 AL2/ALAS-2023-1988 AL2/ALASFIREFOX-2023-004 CVE - 2023-28163

Amazon Linux AMI 2: CVE-2023-28162: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/22/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-28162 AL2/ALAS-2023-1988 AL2/ALASFIREFOX-2023-004 CVE - 2023-28162

OpenSSL vulnerability (CVE-2023-0464) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 06/06/2024 Added 06/05/2024 Modified 01/30/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) http-openssl-1_0_2-upgrade-1_0_2_z_h http-openssl-1_1_1-upgrade-1_1_1_u http-openssl-3_0_9-upgrade-3_0_9 http-openssl-3_1_1-upgrade-3_1_1 References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464

Alma Linux: CVE-2023-0386: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-0386 CVE - 2023-0386 https://errata.almalinux.org/8/ALSA-2023-1566.html https://errata.almalinux.org/8/ALSA-2023-1584.html https://errata.almalinux.org/9/ALSA-2023-1691.html https://errata.almalinux.org/9/ALSA-2023-1703.html

Red Hat OpenShift: CVE-2023-1370: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. Solution(s) linuxrpm-upgrade-jenkins-2-plugins References https://attackerkb.com/topics/cve-2023-1370 CVE - 2023-1370 RHSA-2023:2099 RHSA-2023:2100 RHSA-2023:3179 RHSA-2023:3193 RHSA-2023:3223 RHSA-2023:3362 RHSA-2023:3610 RHSA-2023:3622 RHSA-2023:3641 RHSA-2023:3663 RHSA-2023:3906 RHSA-2023:3954 RHSA-2023:7697 RHSA-2024:3527 View more