ISHACK AI BOT

Microsoft Windows: CVE-2023-24864: Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d References https://attackerkb.com/topics/cve-2023-24864 CVE - 2023-24864 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

Microsoft Windows: CVE-2023-24861: Windows Graphics Component Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows Graphics Component Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d msft-kb5023754-6ea3033e-1d7f-4ec2-b779-41149e13113b msft-kb5023754-8cd024f0-d5cb-4ce9-9717-88ac23c82187 msft-kb5023759-600e942b-cbc4-4c74-9695-9a5d4e308d16 msft-kb5023759-6a979f06-7415-48c6-9c7e-78009d2aad5a msft-kb5023759-b42fdc42-0957-42cd-976d-f4897893ae9f References https://attackerkb.com/topics/cve-2023-24861 CVE - 2023-24861 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

Microsoft Windows: CVE-2023-23404: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d References https://attackerkb.com/topics/cve-2023-23404 CVE - 2023-23404 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

SUSE: CVE-2022-37704: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. Solution(s) suse-upgrade-amanda References https://attackerkb.com/topics/cve-2022-37704 CVE - 2022-37704

Microsoft Windows: CVE-2023-23405: Remote Procedure Call Runtime Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Remote Procedure Call Runtime Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d msft-kb5023754-6ea3033e-1d7f-4ec2-b779-41149e13113b msft-kb5023754-8cd024f0-d5cb-4ce9-9717-88ac23c82187 msft-kb5023759-600e942b-cbc4-4c74-9695-9a5d4e308d16 msft-kb5023759-6a979f06-7415-48c6-9c7e-78009d2aad5a msft-kb5023759-b42fdc42-0957-42cd-976d-f4897893ae9f References https://attackerkb.com/topics/cve-2023-23405 CVE - 2023-23405 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

Microsoft Windows: CVE-2023-23385: Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d msft-kb5023754-6ea3033e-1d7f-4ec2-b779-41149e13113b msft-kb5023754-8cd024f0-d5cb-4ce9-9717-88ac23c82187 msft-kb5023759-600e942b-cbc4-4c74-9695-9a5d4e308d16 msft-kb5023759-6a979f06-7415-48c6-9c7e-78009d2aad5a msft-kb5023759-b42fdc42-0957-42cd-976d-f4897893ae9f References https://attackerkb.com/topics/cve-2023-23385 CVE - 2023-23385 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

Microsoft Windows: CVE-2023-1017: CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 References https://attackerkb.com/topics/cve-2023-1017 CVE - 2023-1017 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 View more

Microsoft Windows: CVE-2023-23410: Windows HTTP.sys Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows HTTP.sys Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d msft-kb5023754-6ea3033e-1d7f-4ec2-b779-41149e13113b msft-kb5023754-8cd024f0-d5cb-4ce9-9717-88ac23c82187 msft-kb5023759-600e942b-cbc4-4c74-9695-9a5d4e308d16 msft-kb5023759-6a979f06-7415-48c6-9c7e-78009d2aad5a msft-kb5023759-b42fdc42-0957-42cd-976d-f4897893ae9f References https://attackerkb.com/topics/cve-2023-23410 CVE - 2023-23410 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

SUSE: CVE-2023-25749: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. <br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-25749 CVE - 2023-25749

Debian: CVE-2023-27585: asterisk, ring -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/14/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/30/2025 Description PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. Solution(s) debian-upgrade-asterisk debian-upgrade-ring References https://attackerkb.com/topics/cve-2023-27585 CVE - 2023-27585 DLA-3394-1 DSA-5438

Microsoft Windows: CVE-2023-23419: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5023706 References https://attackerkb.com/topics/cve-2023-23419 CVE - 2023-23419 https://support.microsoft.com/help/5023706

CVE-2023-24910: Windows Graphics Component Elevation of Privilege Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description CVE-2023-24910: Windows Graphics Component Elevation of Privilege Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_71_0 References https://attackerkb.com/topics/cve-2023-24910 CVE - 2023-24910 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#march-14-2023

APSB23-25: Security updates available for Adobe ColdFusion | APSB23-25 (CVE-2023-26361) Severity 6 CVSS (AV:N/AC:L/Au:M/C:C/I:N/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/30/2025 Description Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges. Solution(s) adobe-coldfusion-2018-release-update-16 adobe-coldfusion-2021-release-update-6 References https://attackerkb.com/topics/cve-2023-26361 CVE - 2023-26361 https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

SUSE: CVE-2023-28161: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-28161 CVE - 2023-28161

SUSE: CVE-2023-28177: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-28177 CVE - 2023-28177

SUSE: CVE-2023-28164: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-28164 CVE - 2023-28164

SUSE: CVE-2023-28163: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-28163 CVE - 2023-28163

Microsoft Windows: CVE-2023-21708: Remote Procedure Call Runtime Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Remote Procedure Call Runtime Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-windows_11-21h2-kb5023698 microsoft-windows-windows_11-22h2-kb5023706 microsoft-windows-windows_server_2012-kb5023752 microsoft-windows-windows_server_2012_r2-kb5023764 microsoft-windows-windows_server_2016-1607-kb5023697 microsoft-windows-windows_server_2019-1809-kb5023702 microsoft-windows-windows_server_2022-21h2-kb5023705 microsoft-windows-windows_server_2022-22h2-kb5023705 msft-kb5023752-02603d2a-edd5-431d-a467-26c72af3d174 msft-kb5023752-e7ced92e-6978-4fb5-af81-ebdd42ff271d msft-kb5023754-6ea3033e-1d7f-4ec2-b779-41149e13113b msft-kb5023754-8cd024f0-d5cb-4ce9-9717-88ac23c82187 msft-kb5023759-600e942b-cbc4-4c74-9695-9a5d4e308d16 msft-kb5023759-6a979f06-7415-48c6-9c7e-78009d2aad5a msft-kb5023759-b42fdc42-0957-42cd-976d-f4897893ae9f References https://attackerkb.com/topics/cve-2023-21708 CVE - 2023-21708 https://support.microsoft.com/help/5023696 https://support.microsoft.com/help/5023697 https://support.microsoft.com/help/5023698 https://support.microsoft.com/help/5023702 https://support.microsoft.com/help/5023705 https://support.microsoft.com/help/5023706 https://support.microsoft.com/help/5023713 https://support.microsoft.com/help/5023752 https://support.microsoft.com/help/5023764 https://support.microsoft.com/help/5023765 View more

Adobe Photoshop: CVE-2023-25908: Security updates available for Adobe Photoshop (APSB23-23) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 04/29/2024 Added 03/04/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2023-25908 CVE - 2023-25908 https://helpx.adobe.com/security/products/photoshop/apsb23-23.html

SUSE: CVE-2023-28176: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-28176 CVE - 2023-28176

SUSE: CVE-2023-25752: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752

Adobe ColdFusion Unauthenticated Remote Code Execution Disclosed 03/14/2023 Created 04/28/2023 Description This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. Author(s) sf <[email protected]> Platform Java,Linux,Unix,Windows Architectures java, cmd, x86, x64 Development Source Code History

Amazon Linux 2023: CVE-2024-0562: Important priority package update for kernel Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/10/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-10-15-42 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-0562 CVE - 2024-0562 https://alas.aws.amazon.com/AL2023/ALAS-2023-070.html

Red Hat: CVE-2023-27530: Denial of service in Multipart MIME parsing (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 05/05/2023 Added 04/26/2023 Modified 01/28/2025 Description A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Solution(s) redhat-upgrade-pcs redhat-upgrade-pcs-snmp References CVE-2023-27530 RHSA-2023:1961 RHSA-2023:1981 RHSA-2023:2652 RHSA-2023:3082 RHSA-2023:3403

Rocky Linux: CVE-2023-27530: Satellite-6.14 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Solution(s) rocky-upgrade-libdb-cxx rocky-upgrade-libdb-cxx-debuginfo rocky-upgrade-libdb-debuginfo rocky-upgrade-libdb-debugsource rocky-upgrade-libdb-sql-debuginfo rocky-upgrade-libdb-sql-devel-debuginfo rocky-upgrade-libdb-utils-debuginfo rocky-upgrade-pcs rocky-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-27530 CVE - 2023-27530 https://errata.rockylinux.org/RLSA-2023:2652 https://errata.rockylinux.org/RLSA-2023:3082 https://errata.rockylinux.org/RLSA-2023:6818