ISHACK AI BOT

SUSE: CVE-2023-28162: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-28162 CVE - 2023-28162

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-28176) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-28176 CVE - 2023-28176 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

MFSA2023-10 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.9 (CVE-2023-25751) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-esr-upgrade-102_9 References https://attackerkb.com/topics/cve-2023-25751 CVE - 2023-25751 http://www.mozilla.org/security/announce/2023/mfsa2023-10.html

MFSA2023-10 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.9 (CVE-2023-28164) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-esr-upgrade-102_9 References https://attackerkb.com/topics/cve-2023-28164 CVE - 2023-28164 http://www.mozilla.org/security/announce/2023/mfsa2023-10.html

MFSA2023-10 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.9 (CVE-2023-25752) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-esr-upgrade-102_9 References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752 http://www.mozilla.org/security/announce/2023/mfsa2023-10.html

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-28163) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-28163 CVE - 2023-28163 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-25752) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

Alpine Linux: CVE-2023-27585: Classic Buffer Overflow Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. Solution(s) alpine-linux-upgrade-pjproject References https://attackerkb.com/topics/cve-2023-27585 CVE - 2023-27585 https://security.alpinelinux.org/vuln/CVE-2023-27585

Adobe Illustrator: CVE-2023-25862: Security updates available for Adobe Illustrator (APSB23-19) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 03/14/2023 Created 04/17/2024 Added 04/17/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to memory leak and arbitrary code execution. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2023-25862 CVE - 2023-25862 https://helpx.adobe.com/security/products/illustrator/apsb23-19.html

Microsoft Windows: CVE-2023-23402: Windows Media Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows Media Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d msft-kb5023759-600e942b-cbc4-4c74-9695-9a5d4e308d16 msft-kb5023759-6a979f06-7415-48c6-9c7e-78009d2aad5a msft-kb5023759-b42fdc42-0957-42cd-976d-f4897893ae9f References https://attackerkb.com/topics/cve-2023-23402 CVE - 2023-23402 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

Alpine Linux: CVE-2023-1296: Missing Authorization Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1. Solution(s) alpine-linux-upgrade-nomad References https://attackerkb.com/topics/cve-2023-1296 CVE - 2023-1296 https://security.alpinelinux.org/vuln/CVE-2023-1296

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-28161) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/30/2025 Description If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-28161 CVE - 2023-28161 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-28160) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-28160 CVE - 2023-28160 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

MFSA2023-10 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.9 (CVE-2023-28162) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-esr-upgrade-102_9 References https://attackerkb.com/topics/cve-2023-28162 CVE - 2023-28162 http://www.mozilla.org/security/announce/2023/mfsa2023-10.html

Zoom: CVE-2023-22880: Information Disclosure in Zoom for Windows Clients Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/14/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft's online Spellcheck service instead of the local Windows Spellcheck. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-22880 CVE - 2023-22880 https://explore.zoom.us/en/trust/security/security-bulletin

Oracle Linux: CVE-2023-25752: ELSA-2023-1407:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 03/14/2023 Created 03/23/2023 Added 03/21/2023 Modified 01/07/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when accessing throttled streams, the count of available bytes needs to be checked in the calling function to be within bounds. This may have led future code to be incorrect and vulnerable. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752 ELSA-2023-1407 ELSA-2023-1337 ELSA-2023-1403 ELSA-2023-1336 ELSA-2023-1333 ELSA-2023-1401 View more

Oracle Linux: CVE-2023-28162: ELSA-2023-1407:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/14/2023 Created 03/23/2023 Added 03/21/2023 Modified 01/07/2025 Description While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9. The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-28162 CVE - 2023-28162 ELSA-2023-1407 ELSA-2023-1337 ELSA-2023-1403 ELSA-2023-1336 ELSA-2023-1333 ELSA-2023-1401 View more

Oracle Linux: CVE-2023-28176: ELSA-2023-1407:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/23/2023 Added 03/21/2023 Modified 01/07/2025 Description Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thunderbird &lt; 102.9. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue in which Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and ESR 102.8. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-28176 CVE - 2023-28176 ELSA-2023-1407 ELSA-2023-1337 ELSA-2023-1403 ELSA-2023-1336 ELSA-2023-1333 ELSA-2023-1401 View more

Microsoft Windows: CVE-2023-23388: Windows Bluetooth Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows Bluetooth Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 References https://attackerkb.com/topics/cve-2023-23388 CVE - 2023-23388 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 View more

Microsoft Windows: CVE-2023-23392: HTTP Protocol Stack Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description HTTP Protocol Stack Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 References https://attackerkb.com/topics/cve-2023-23392 CVE - 2023-23392 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706

Microsoft Windows: CVE-2023-23393: Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 References https://attackerkb.com/topics/cve-2023-23393 CVE - 2023-23393 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706

Microsoft CVE-2023-23395: Microsoft SharePoint Server Spoofing Vulnerability Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-23395: Microsoft SharePoint Server Spoofing Vulnerability Solution(s) msft-kb5002168-162339dd-029d-4077-afb3-0128c1ac86c3 msft-kb5002367-1eb6f37a-eacd-416c-ba1a-f780c918d03c References https://attackerkb.com/topics/cve-2023-23395 CVE - 2023-23395 5002168 5002355 5002358 5002367 5002368

Microsoft CVE-2023-23396: Microsoft Excel Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-23396: Microsoft Excel Denial of Service Vulnerability Solution(s) msft-kb5002356-4b60684c-6de0-4366-9ca4-d2ae617c04f0 msft-kb5002362-3d24e57a-eb13-4b1b-9cab-d4a0f9ee22dc References https://attackerkb.com/topics/cve-2023-23396 CVE - 2023-23396 5002356 5002362

Adobe Illustrator: CVE-2023-26426: Security updates available for Adobe Illustrator (APSB23-19) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 04/17/2024 Added 04/17/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to memory leak and arbitrary code execution. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2023-26426 CVE - 2023-26426 https://helpx.adobe.com/security/products/illustrator/apsb23-19.html

Adobe Illustrator: CVE-2023-25860: Security updates available for Adobe Illustrator (APSB23-19) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 04/17/2024 Added 04/17/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to memory leak and arbitrary code execution. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2023-25860 CVE - 2023-25860 https://helpx.adobe.com/security/products/illustrator/apsb23-19.html