ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-25737): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25737 CVE - 2023-25737 USN-5880-1 USN-5880-2 USN-5943-1

Red Hat: CVE-2023-24998: Apache Commons FileUpload: FileUpload DoS with excessive parts (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Solution(s) redhat-upgrade-tomcat redhat-upgrade-tomcat-admin-webapps redhat-upgrade-tomcat-docs-webapp redhat-upgrade-tomcat-el-3-0-api redhat-upgrade-tomcat-jsp-2-3-api redhat-upgrade-tomcat-lib redhat-upgrade-tomcat-servlet-4-0-api redhat-upgrade-tomcat-webapps References CVE-2023-24998 RHSA-2023:6570 RHSA-2023:7065

Red Hat: CVE-2023-25746: Memory safety bugs fixed in Firefox ESR 102.8 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-25746 RHSA-2023:0805 RHSA-2023:0807 RHSA-2023:0808 RHSA-2023:0809 RHSA-2023:0810 RHSA-2023:0812 RHSA-2023:0817 RHSA-2023:0820 RHSA-2023:0821 RHSA-2023:0822 RHSA-2023:0823 RHSA-2023:0824 View more

Oracle Linux: CVE-2023-0664: ELSA-2023-12342:virt:kvm_utils security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/20/2023 Created 05/18/2023 Added 05/17/2023 Modified 01/07/2025 Description A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent&apos;s Windows installer via repair custom actions to elevate their privileges on the system. Solution(s) oracle-linux-upgrade-hivex oracle-linux-upgrade-hivex-devel oracle-linux-upgrade-ivshmem-tools oracle-linux-upgrade-libguestfs oracle-linux-upgrade-libguestfs-appliance oracle-linux-upgrade-libguestfs-bash-completion oracle-linux-upgrade-libguestfs-benchmarking oracle-linux-upgrade-libguestfs-devel oracle-linux-upgrade-libguestfs-gfs2 oracle-linux-upgrade-libguestfs-gobject oracle-linux-upgrade-libguestfs-gobject-devel oracle-linux-upgrade-libguestfs-inspect-icons oracle-linux-upgrade-libguestfs-java oracle-linux-upgrade-libguestfs-java-devel oracle-linux-upgrade-libguestfs-javadoc oracle-linux-upgrade-libguestfs-man-pages-ja oracle-linux-upgrade-libguestfs-man-pages-uk oracle-linux-upgrade-libguestfs-rescue oracle-linux-upgrade-libguestfs-rsync oracle-linux-upgrade-libguestfs-tools oracle-linux-upgrade-libguestfs-tools-c oracle-linux-upgrade-libguestfs-winsupport oracle-linux-upgrade-libguestfs-xfs oracle-linux-upgrade-libiscsi oracle-linux-upgrade-libiscsi-devel oracle-linux-upgrade-libiscsi-utils oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-libtpms oracle-linux-upgrade-libtpms-devel oracle-linux-upgrade-libvirt oracle-linux-upgrade-libvirt-admin oracle-linux-upgrade-libvirt-bash-completion oracle-linux-upgrade-libvirt-client oracle-linux-upgrade-libvirt-daemon oracle-linux-upgrade-libvirt-daemon-config-network oracle-linux-upgrade-libvirt-daemon-config-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-interface oracle-linux-upgrade-libvirt-daemon-driver-network oracle-linux-upgrade-libvirt-daemon-driver-nodedev oracle-linux-upgrade-libvirt-daemon-driver-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-qemu oracle-linux-upgrade-libvirt-daemon-driver-secret oracle-linux-upgrade-libvirt-daemon-driver-storage oracle-linux-upgrade-libvirt-daemon-driver-storage-core oracle-linux-upgrade-libvirt-daemon-driver-storage-disk oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct oracle-linux-upgrade-libvirt-daemon-driver-storage-logical oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi oracle-linux-upgrade-libvirt-daemon-kvm oracle-linux-upgrade-libvirt-dbus oracle-linux-upgrade-libvirt-devel oracle-linux-upgrade-libvirt-docs oracle-linux-upgrade-libvirt-libs oracle-linux-upgrade-libvirt-lock-sanlock oracle-linux-upgrade-libvirt-nss oracle-linux-upgrade-libvirt-wireshark oracle-linux-upgrade-lua-guestfs oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-nbdkit oracle-linux-upgrade-nbdkit-bash-completion oracle-linux-upgrade-nbdkit-basic-filters oracle-linux-upgrade-nbdkit-basic-plugins oracle-linux-upgrade-nbdkit-curl-plugin oracle-linux-upgrade-nbdkit-devel oracle-linux-upgrade-nbdkit-example-plugins oracle-linux-upgrade-nbdkit-gzip-filter oracle-linux-upgrade-nbdkit-gzip-plugin oracle-linux-upgrade-nbdkit-linuxdisk-plugin oracle-linux-upgrade-nbdkit-nbd-plugin oracle-linux-upgrade-nbdkit-python-plugin oracle-linux-upgrade-nbdkit-server oracle-linux-upgrade-nbdkit-ssh-plugin oracle-linux-upgrade-nbdkit-tar-filter oracle-linux-upgrade-nbdkit-tar-plugin oracle-linux-upgrade-nbdkit-tmpdisk-plugin oracle-linux-upgrade-nbdkit-vddk-plugin oracle-linux-upgrade-nbdkit-xz-filter oracle-linux-upgrade-netcf oracle-linux-upgrade-netcf-devel oracle-linux-upgrade-netcf-libs oracle-linux-upgrade-perl-hivex oracle-linux-upgrade-perl-sys-guestfs oracle-linux-upgrade-perl-sys-virt oracle-linux-upgrade-python3-hivex oracle-linux-upgrade-python3-libguestfs oracle-linux-upgrade-python3-libnbd oracle-linux-upgrade-python3-libvirt oracle-linux-upgrade-qemu oracle-linux-upgrade-qemu-block-gluster oracle-linux-upgrade-qemu-block-iscsi oracle-linux-upgrade-qemu-block-rbd oracle-linux-upgrade-qemu-common oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-gluster oracle-linux-upgrade-qemu-kvm-block-iscsi oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-block-ssh oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-system-aarch64 oracle-linux-upgrade-qemu-system-aarch64-core oracle-linux-upgrade-qemu-system-x86 oracle-linux-upgrade-qemu-system-x86-core oracle-linux-upgrade-qemu-virtiofsd oracle-linux-upgrade-ruby-hivex oracle-linux-upgrade-ruby-libguestfs oracle-linux-upgrade-seabios oracle-linux-upgrade-seabios-bin oracle-linux-upgrade-seavgabios-bin oracle-linux-upgrade-sgabios oracle-linux-upgrade-sgabios-bin oracle-linux-upgrade-supermin oracle-linux-upgrade-supermin-devel oracle-linux-upgrade-swtpm oracle-linux-upgrade-swtpm-devel oracle-linux-upgrade-swtpm-libs oracle-linux-upgrade-swtpm-tools oracle-linux-upgrade-swtpm-tools-pkcs11 oracle-linux-upgrade-virt-dib oracle-linux-upgrade-virt-v2v oracle-linux-upgrade-virt-v2v-bash-completion oracle-linux-upgrade-virt-v2v-man-pages-ja oracle-linux-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2023-0664 CVE - 2023-0664 ELSA-2023-12342 ELSA-2024-12605 ELSA-2023-12368

Amazon Linux AMI 2: CVE-2022-48337: Security patch for emacs (ALAS-2023-1981) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/30/2025 Description GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. Solution(s) amazon-linux-ami-2-upgrade-emacs amazon-linux-ami-2-upgrade-emacs-common amazon-linux-ami-2-upgrade-emacs-debuginfo amazon-linux-ami-2-upgrade-emacs-devel amazon-linux-ami-2-upgrade-emacs-filesystem amazon-linux-ami-2-upgrade-emacs-lucid amazon-linux-ami-2-upgrade-emacs-nox amazon-linux-ami-2-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2022-48337 AL2/ALAS-2023-1981 CVE - 2022-48337

SUSE: CVE-2023-25728: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/20/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728

Zoho ManageEngine ServiceDesk Plus: XXE Vulnerability (CVE-2023-29443) Severity 6 CVSS (AV:N/AC:L/Au:M/C:C/I:N/A:N) Published 02/20/2023 Created 12/19/2024 Added 12/18/2024 Modified 01/21/2025 Description An admin only XXE vulnerability in the Reports integration has been fixed and released. Solution(s) zoho-manageengine-servicedesk-plus-upgrade-latest References https://attackerkb.com/topics/cve-2023-29443 CVE - 2023-29443 https://www.manageengine.com/products/service-desk/CVE-2023-29443.html

Ubuntu: (Multiple Advisories) (CVE-2023-25733): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-25733 CVE - 2023-25733 USN-5880-1 USN-5880-2

Ubuntu: (Multiple Advisories) (CVE-2023-25735): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-libmozjs-102-0 ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25735 CVE - 2023-25735 USN-5880-1 USN-5880-2 USN-5943-1 USN-6120-1

Ubuntu: (Multiple Advisories) (CVE-2023-0767): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) ubuntu-pro-upgrade-firefox ubuntu-pro-upgrade-libnss3 ubuntu-pro-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 USN-5880-1 USN-5880-2 USN-5892-1 USN-5892-2 USN-5943-1

Ubuntu: (Multiple Advisories) (CVE-2023-25745): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-25745 CVE - 2023-25745 USN-5880-1 USN-5880-2

SUSE: CVE-2023-20032: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. Solution(s) suse-upgrade-clamav suse-upgrade-clamav-devel suse-upgrade-libclamav9 suse-upgrade-libfreshclam2 References https://attackerkb.com/topics/cve-2023-20032 CVE - 2023-20032

Ubuntu: (Multiple Advisories) (CVE-2023-25744): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-25744 CVE - 2023-25744 USN-5880-1 USN-5880-2

SUSE: CVE-2023-20052: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 02/20/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process. Solution(s) suse-upgrade-clamav suse-upgrade-clamav-devel suse-upgrade-libclamav9 suse-upgrade-libfreshclam2 References https://attackerkb.com/topics/cve-2023-20052 CVE - 2023-20052

Ubuntu: (Multiple Advisories) (CVE-2023-25728): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728 USN-5880-1 USN-5880-2 USN-5943-1

CentOS Linux: CVE-2022-48339: Moderate: emacs security update (CESA-2023:3481) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. Solution(s) centos-upgrade-emacs centos-upgrade-emacs-common centos-upgrade-emacs-debuginfo centos-upgrade-emacs-el centos-upgrade-emacs-filesystem centos-upgrade-emacs-nox centos-upgrade-emacs-terminal References DSA-5360 CVE-2022-48339

Ubuntu: (Multiple Advisories) (CVE-2023-25730): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25730 CVE - 2023-25730 USN-5880-1 USN-5880-2 USN-5943-1

Huawei EulerOS: CVE-2022-48339: emacs security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. Solution(s) huawei-euleros-2_0_sp8-upgrade-emacs-common huawei-euleros-2_0_sp8-upgrade-emacs-filesystem huawei-euleros-2_0_sp8-upgrade-emacs-nox References https://attackerkb.com/topics/cve-2022-48339 CVE - 2022-48339 EulerOS-SA-2023-3124

Amazon Linux AMI 2: CVE-2023-24998: Security patch for tomcat (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Solution(s) amazon-linux-ami-2-upgrade-tomcat amazon-linux-ami-2-upgrade-tomcat-admin-webapps amazon-linux-ami-2-upgrade-tomcat-docs-webapp amazon-linux-ami-2-upgrade-tomcat-el-2-2-api amazon-linux-ami-2-upgrade-tomcat-el-3-0-api amazon-linux-ami-2-upgrade-tomcat-javadoc amazon-linux-ami-2-upgrade-tomcat-jsp-2-2-api amazon-linux-ami-2-upgrade-tomcat-jsp-2-3-api amazon-linux-ami-2-upgrade-tomcat-jsvc amazon-linux-ami-2-upgrade-tomcat-lib amazon-linux-ami-2-upgrade-tomcat-servlet-3-0-api amazon-linux-ami-2-upgrade-tomcat-servlet-3-1-api amazon-linux-ami-2-upgrade-tomcat-servlet-4-0-api amazon-linux-ami-2-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-24998 AL2/ALAS-2024-2517 AL2/ALASTOMCAT8.5-2023-013 AL2/ALASTOMCAT9-2023-008 CVE - 2023-24998

CentOS Linux: CVE-2023-24998: Moderate: tomcat security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Solution(s) centos-upgrade-tomcat centos-upgrade-tomcat-admin-webapps centos-upgrade-tomcat-docs-webapp centos-upgrade-tomcat-el-3-0-api centos-upgrade-tomcat-jsp-2-3-api centos-upgrade-tomcat-lib centos-upgrade-tomcat-servlet-4-0-api centos-upgrade-tomcat-webapps References CVE-2023-24998

CentOS Linux: CVE-2022-48338: Important: emacs security update (CESA-2023:2626) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 02/20/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. Solution(s) centos-upgrade-emacs centos-upgrade-emacs-common centos-upgrade-emacs-common-debuginfo centos-upgrade-emacs-debuginfo centos-upgrade-emacs-debugsource centos-upgrade-emacs-filesystem centos-upgrade-emacs-lucid centos-upgrade-emacs-lucid-debuginfo centos-upgrade-emacs-nox centos-upgrade-emacs-nox-debuginfo References DSA-5360 CVE-2022-48338

Huawei EulerOS: CVE-2022-48337: emacs security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/30/2025 Description GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. Solution(s) huawei-euleros-2_0_sp11-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2022-48337 CVE - 2022-48337 EulerOS-SA-2023-2288

CentOS Linux: CVE-2022-48337: Important: emacs security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. Solution(s) centos-upgrade-emacs centos-upgrade-emacs-common centos-upgrade-emacs-common-debuginfo centos-upgrade-emacs-debuginfo centos-upgrade-emacs-debugsource centos-upgrade-emacs-filesystem centos-upgrade-emacs-lucid centos-upgrade-emacs-lucid-debuginfo centos-upgrade-emacs-nox centos-upgrade-emacs-nox-debuginfo centos-upgrade-emacs-terminal References DSA-5360 CVE-2022-48337

SUSE: CVE-2023-25743: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/20/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-25743 CVE - 2023-25743

Red Hat: CVE-2023-25742: CVE-2023-25742 Mozilla: Web Crypto ImportKey crashes tab (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/20/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-25742 RHSA-2023:0805 RHSA-2023:0807 RHSA-2023:0808 RHSA-2023:0809 RHSA-2023:0810 RHSA-2023:0812 RHSA-2023:0817 RHSA-2023:0820 RHSA-2023:0821 RHSA-2023:0822 RHSA-2023:0823 RHSA-2023:0824 View more