ISHACK AI BOT

Alpine Linux: CVE-2023-1534: Out-of-bounds Read Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 https://security.alpinelinux.org/vuln/CVE-2023-1534

SUSE: CVE-2022-42331: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/21/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks. Solution(s) suse-upgrade-xen suse-upgrade-xen-devel suse-upgrade-xen-doc-html suse-upgrade-xen-libs suse-upgrade-xen-libs-32bit suse-upgrade-xen-tools suse-upgrade-xen-tools-domu suse-upgrade-xen-tools-xendomains-wait-disk References https://attackerkb.com/topics/cve-2022-42331 CVE - 2022-42331

Microsoft Edge Chromium: CVE-2023-1532 Out of bounds read in GPU Video Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1532 CVE - 2023-1532 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1532

Microsoft Edge Chromium: CVE-2023-1529 Out of bounds memory access in WebHID Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1529 CVE - 2023-1529 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529

Oracle Linux: CVE-2023-28756: ELSA-2023-7025:ruby:2.5 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/21/2023 Created 07/10/2023 Added 07/08/2023 Modified 01/08/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS). Solution(s) oracle-linux-upgrade-ruby oracle-linux-upgrade-ruby-bundled-gems oracle-linux-upgrade-ruby-default-gems oracle-linux-upgrade-ruby-devel oracle-linux-upgrade-ruby-doc oracle-linux-upgrade-rubygem-abrt oracle-linux-upgrade-rubygem-abrt-doc oracle-linux-upgrade-rubygem-bigdecimal oracle-linux-upgrade-rubygem-bson oracle-linux-upgrade-rubygem-bson-doc oracle-linux-upgrade-rubygem-bundler oracle-linux-upgrade-rubygem-bundler-doc oracle-linux-upgrade-rubygem-did-you-mean oracle-linux-upgrade-rubygem-io-console oracle-linux-upgrade-rubygem-irb oracle-linux-upgrade-rubygem-json oracle-linux-upgrade-rubygem-minitest oracle-linux-upgrade-rubygem-mongo oracle-linux-upgrade-rubygem-mongo-doc oracle-linux-upgrade-rubygem-mysql2 oracle-linux-upgrade-rubygem-mysql2-doc oracle-linux-upgrade-rubygem-net-telnet oracle-linux-upgrade-rubygem-openssl oracle-linux-upgrade-rubygem-pg oracle-linux-upgrade-rubygem-pg-doc oracle-linux-upgrade-rubygem-power-assert oracle-linux-upgrade-rubygem-psych oracle-linux-upgrade-rubygem-rake oracle-linux-upgrade-rubygem-rbs oracle-linux-upgrade-rubygem-rdoc oracle-linux-upgrade-rubygem-rexml oracle-linux-upgrade-rubygem-rss oracle-linux-upgrade-rubygems oracle-linux-upgrade-rubygems-devel oracle-linux-upgrade-rubygem-test-unit oracle-linux-upgrade-rubygem-typeprof oracle-linux-upgrade-rubygem-xmlrpc oracle-linux-upgrade-ruby-irb oracle-linux-upgrade-ruby-libs References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 ELSA-2023-7025 ELSA-2024-3500 ELSA-2024-1431 ELSA-2024-1576 ELSA-2024-3838 ELSA-2023-3821 View more

Amazon Linux AMI: CVE-2023-27533: Security patch for curl (ALAS-2023-1727) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) amazon-linux-upgrade-curl References ALAS-2023-1727 CVE-2023-27533

Ubuntu: USN-6021-1 (CVE-2023-1533): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-1533 CVE - 2023-1533 USN-6021-1

Debian: CVE-2023-1529: chromium -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1529 CVE - 2023-1529 DSA-5377-1

Debian: CVE-2023-1530: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1530 CVE - 2023-1530 DSA-5377-1

Debian: CVE-2023-1534: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 DSA-5377-1

Debian: CVE-2023-1531: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1531 CVE - 2023-1531 DSA-5377-1

FreeBSD: VID-C8B334E0-6E83-4575-81D1-F9D5803CEB07 (CVE-2023-1530): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1530

FreeBSD: VID-A4F8BB03-F52F-11ED-9859-080027083A05 (CVE-2023-28322): curl -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/21/2023 Created 05/23/2023 Added 05/20/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-A4F8BB03-F52F-11ED-9859-080027083A05: Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21 Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02 Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17 Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19 Solution(s) freebsd-upgrade-package-curl References CVE-2023-28322 SUSE-SU-2023:2224-1 SUSE-SU-2023:2225-1 SUSE-SU-2023:2226-1 SUSE-SU-2023:2227-1 SUSE-SU-2023:2228-1 SUSE-SU-2023:2230-1 View more

FreeBSD: VID-A4F8BB03-F52F-11ED-9859-080027083A05 (CVE-2023-28321): curl -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/21/2023 Created 05/23/2023 Added 05/20/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-A4F8BB03-F52F-11ED-9859-080027083A05: Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21 Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02 Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17 Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19 Solution(s) freebsd-upgrade-package-curl References CVE-2023-28321 SUSE-SU-2023:2224-1 SUSE-SU-2023:2225-1 SUSE-SU-2023:2226-1 SUSE-SU-2023:2227-1 SUSE-SU-2023:2228-1 SUSE-SU-2023:2230-1 View more

FreeBSD: VID-C8B334E0-6E83-4575-81D1-F9D5803CEB07 (CVE-2023-1534): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1534

SUSE: CVE-2023-1528: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1528 CVE - 2023-1528

FreeBSD: VID-C8B334E0-6E83-4575-81D1-F9D5803CEB07 (CVE-2023-1529): chromium -- multiple vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1529

Microsoft Edge Chromium: CVE-2023-1530 Use after free in PDF Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1530 CVE - 2023-1530 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1530

Oracle Linux: CVE-2023-28755: ELSA-2023-7025:ruby:2.5 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/21/2023 Created 07/10/2023 Added 07/08/2023 Modified 01/08/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS). Solution(s) oracle-linux-upgrade-ruby oracle-linux-upgrade-ruby-bundled-gems oracle-linux-upgrade-ruby-default-gems oracle-linux-upgrade-ruby-devel oracle-linux-upgrade-ruby-doc oracle-linux-upgrade-rubygem-abrt oracle-linux-upgrade-rubygem-abrt-doc oracle-linux-upgrade-rubygem-bigdecimal oracle-linux-upgrade-rubygem-bson oracle-linux-upgrade-rubygem-bson-doc oracle-linux-upgrade-rubygem-bundler oracle-linux-upgrade-rubygem-bundler-doc oracle-linux-upgrade-rubygem-did-you-mean oracle-linux-upgrade-rubygem-io-console oracle-linux-upgrade-rubygem-irb oracle-linux-upgrade-rubygem-json oracle-linux-upgrade-rubygem-minitest oracle-linux-upgrade-rubygem-mongo oracle-linux-upgrade-rubygem-mongo-doc oracle-linux-upgrade-rubygem-mysql2 oracle-linux-upgrade-rubygem-mysql2-doc oracle-linux-upgrade-rubygem-net-telnet oracle-linux-upgrade-rubygem-openssl oracle-linux-upgrade-rubygem-pg oracle-linux-upgrade-rubygem-pg-doc oracle-linux-upgrade-rubygem-power-assert oracle-linux-upgrade-rubygem-psych oracle-linux-upgrade-rubygem-rake oracle-linux-upgrade-rubygem-rbs oracle-linux-upgrade-rubygem-rdoc oracle-linux-upgrade-rubygem-rexml oracle-linux-upgrade-rubygem-rss oracle-linux-upgrade-rubygems oracle-linux-upgrade-rubygems-devel oracle-linux-upgrade-rubygem-test-unit oracle-linux-upgrade-rubygem-typeprof oracle-linux-upgrade-rubygem-xmlrpc oracle-linux-upgrade-ruby-irb oracle-linux-upgrade-ruby-libs References https://attackerkb.com/topics/cve-2023-28755 CVE - 2023-28755 ELSA-2023-7025 ELSA-2024-3500 ELSA-2024-1431 ELSA-2024-1576 ELSA-2024-3838 ELSA-2023-3821 View more

SUSE: CVE-2023-1532: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1532 CVE - 2023-1532

FreeBSD: VID-0D7D104C-C6FB-11ED-8A4B-080027F5FEC9 (CVE-2023-27538): curl -- multiple vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/20/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-0D7D104C-C6FB-11ED-8A4B-080027F5FEC9: Harry Sintonen reports: CVE-2023-27533 curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options to the server as provided. This could allow users to pass in carefully crafted content that pass on content or do option negotiation without the application intending to do so. In particular if an application for example allows users to provide the data or parts of the data. CVE-2023-27534 curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde (~) character as the first path element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the once proposed to-become RFC draft that was to dictate how SFTP URLs work. Due to a bug, the handling of the tilde in SFTP path did however not only replace it when it is used stand-alone as the first path element but also wrongly when used as a mere prefix in the first element. Using a path like /~2/foo when accessing a server using the user dan (with home directory /home/dan) would then quite surprisingly access the file /home/dan2/foo. This can be taken advantage of to circumvent filtering or worse. CVE-2023-27535 libcurl would reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one, thus leading to the doing the second transfer with wrong credentials. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level. CVE-2023-27536 ibcurl would reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers. CVE-2023-27537 libcurl supports sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. CVE-2023-27538 libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were left out from the configuration match checks, making them match too easily. Solution(s) freebsd-upgrade-package-curl References CVE-2023-27538 SUSE-SU-2023:0865-1

Ubuntu: USN-6021-1 (CVE-2023-1534): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 USN-6021-1

Red Hat: CVE-2023-28162: Invalid downcast in Worklets (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/20/2023 Created 03/22/2023 Added 03/21/2023 Modified 01/28/2025 Description While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-28162 RHSA-2023:1333 RHSA-2023:1336 RHSA-2023:1337 RHSA-2023:1364 RHSA-2023:1367 RHSA-2023:1401 RHSA-2023:1402 RHSA-2023:1403 RHSA-2023:1404 RHSA-2023:1407 RHSA-2023:1444 RHSA-2023:1472 View more

Debian: CVE-2023-27586: cairosvg -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 03/20/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/30/2025 Description CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default. Solution(s) debian-upgrade-cairosvg References https://attackerkb.com/topics/cve-2023-27586 CVE - 2023-27586 DSA-5382-1

CentOS Linux: CVE-2023-25751: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/20/2023 Created 03/22/2023 Added 03/21/2023 Modified 01/28/2025 Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-25751