ISHACK AI BOT

Debian: CVE-2023-25744: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25744 CVE - 2023-25744 DLA-3319-1 DSA-5350-1

Debian: CVE-2023-24329: Multiple Affected Packages Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 09/22/2023 Added 09/22/2023 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) debian-upgrade-pypy3 debian-upgrade-python2-7 debian-upgrade-python3-11 debian-upgrade-python3-9 References https://attackerkb.com/topics/cve-2023-24329 CVE - 2023-24329 DLA-3575-1

Red Hat: CVE-2021-32142: gets() in src/libraw_datastream.cpp (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. Solution(s) redhat-upgrade-libraw redhat-upgrade-libraw-debuginfo redhat-upgrade-libraw-debugsource redhat-upgrade-libraw-devel redhat-upgrade-libraw-samples-debuginfo redhat-upgrade-libraw-static References CVE-2021-32142 RHSA-2023:6343 RHSA-2024:0343 RHSA-2024:2994

CentOS Linux: CVE-2021-32142: Moderate: LibRaw security update (CESA-2024:0343) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. Solution(s) centos-upgrade-libraw centos-upgrade-libraw-debuginfo centos-upgrade-libraw-devel centos-upgrade-libraw-static References DSA-5412 CVE-2021-32142

Debian: CVE-2023-25728: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/17/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/30/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728 DLA-3319-1 DSA-5350-1

Red Hat JBoss EAP:(CVE-2023-0482) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/17/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description Deprecated Solution(s)

RPyC 4.1.0 through 4.1.1 Remote Command Execution Disclosed 02/19/2023 Created 06/15/2023 Description This module allows remote command execution on RPyC versions 4.1.0 and 4.1.1. You will be able to execute a specified command on the target machine as the user running the RPyC service and view the output. Author(s) Aaron Meese <@ajmeese7> Jamie Hill-Daniel <@clubby789> Development Source Code History

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-23921) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/17/2023 Created 03/03/2023 Added 03/02/2023 Modified 01/28/2025 Description The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. Solution(s) moodle-upgrade-3_11_12 moodle-upgrade-3_9_19 moodle-upgrade-4_0_6 References https://attackerkb.com/topics/cve-2023-23921 CVE - 2023-23921 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-76810 https://bugzilla.redhat.com/show_bug.cgi?id=2162526 https://moodle.org/mod/forum/discuss.php?d=443272#p1782021

IBM AIX: python_advisory5 (CVE-2023-24329): Vulnerability in python affects AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) ibm-aix-python_advisory5 References https://attackerkb.com/topics/cve-2023-24329 CVE - 2023-24329 https://aix.software.ibm.com/aix/efixes/security/python_advisory5.asc

Amazon Linux AMI 2: CVE-2021-32142: Security patch for LibRaw (ALAS-2023-2256) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. Solution(s) amazon-linux-ami-2-upgrade-libraw amazon-linux-ami-2-upgrade-libraw-debuginfo amazon-linux-ami-2-upgrade-libraw-devel amazon-linux-ami-2-upgrade-libraw-static References https://attackerkb.com/topics/cve-2021-32142 AL2/ALAS-2023-2256 CVE - 2021-32142

Alma Linux: CVE-2023-24329: Important: python3.11 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 06/23/2023 Added 06/23/2023 Modified 02/13/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) alma-upgrade-babel alma-upgrade-platform-python alma-upgrade-platform-python-debug alma-upgrade-platform-python-devel alma-upgrade-python-nose-docs alma-upgrade-python-psycopg2-doc alma-upgrade-python-sqlalchemy-doc alma-upgrade-python-unversioned-command alma-upgrade-python2 alma-upgrade-python2-attrs alma-upgrade-python2-babel alma-upgrade-python2-backports alma-upgrade-python2-backports-ssl_match_hostname alma-upgrade-python2-bson alma-upgrade-python2-chardet alma-upgrade-python2-coverage alma-upgrade-python2-cython alma-upgrade-python2-debug alma-upgrade-python2-devel alma-upgrade-python2-dns alma-upgrade-python2-docs alma-upgrade-python2-docs-info alma-upgrade-python2-docutils alma-upgrade-python2-funcsigs alma-upgrade-python2-idna alma-upgrade-python2-ipaddress alma-upgrade-python2-jinja2 alma-upgrade-python2-libs alma-upgrade-python2-lxml alma-upgrade-python2-markupsafe alma-upgrade-python2-mock alma-upgrade-python2-nose alma-upgrade-python2-numpy alma-upgrade-python2-numpy-doc alma-upgrade-python2-numpy-f2py alma-upgrade-python2-pip alma-upgrade-python2-pip-wheel alma-upgrade-python2-pluggy alma-upgrade-python2-psycopg2 alma-upgrade-python2-psycopg2-debug alma-upgrade-python2-psycopg2-tests alma-upgrade-python2-py alma-upgrade-python2-pygments alma-upgrade-python2-pymongo alma-upgrade-python2-pymongo-gridfs alma-upgrade-python2-pymysql alma-upgrade-python2-pysocks alma-upgrade-python2-pytest alma-upgrade-python2-pytest-mock alma-upgrade-python2-pytz alma-upgrade-python2-pyyaml alma-upgrade-python2-requests alma-upgrade-python2-rpm-macros alma-upgrade-python2-scipy alma-upgrade-python2-setuptools alma-upgrade-python2-setuptools-wheel alma-upgrade-python2-setuptools_scm alma-upgrade-python2-six alma-upgrade-python2-sqlalchemy alma-upgrade-python2-test alma-upgrade-python2-tkinter alma-upgrade-python2-tools alma-upgrade-python2-urllib3 alma-upgrade-python2-virtualenv alma-upgrade-python2-wheel alma-upgrade-python2-wheel-wheel alma-upgrade-python3 alma-upgrade-python3-debug alma-upgrade-python3-devel alma-upgrade-python3-idle alma-upgrade-python3-libs alma-upgrade-python3-test alma-upgrade-python3-tkinter alma-upgrade-python3.11 alma-upgrade-python3.11-debug alma-upgrade-python3.11-devel alma-upgrade-python3.11-idle alma-upgrade-python3.11-libs alma-upgrade-python3.11-rpm-macros alma-upgrade-python3.11-test alma-upgrade-python3.11-tkinter alma-upgrade-python38 alma-upgrade-python38-asn1crypto alma-upgrade-python38-atomicwrites alma-upgrade-python38-attrs alma-upgrade-python38-babel alma-upgrade-python38-cffi alma-upgrade-python38-chardet alma-upgrade-python38-cryptography alma-upgrade-python38-cython alma-upgrade-python38-debug alma-upgrade-python38-devel alma-upgrade-python38-idle alma-upgrade-python38-idna alma-upgrade-python38-jinja2 alma-upgrade-python38-libs alma-upgrade-python38-lxml alma-upgrade-python38-markupsafe alma-upgrade-python38-mod_wsgi alma-upgrade-python38-more-itertools alma-upgrade-python38-numpy alma-upgrade-python38-numpy-doc alma-upgrade-python38-numpy-f2py alma-upgrade-python38-packaging alma-upgrade-python38-pip alma-upgrade-python38-pip-wheel alma-upgrade-python38-pluggy alma-upgrade-python38-ply alma-upgrade-python38-psutil alma-upgrade-python38-psycopg2 alma-upgrade-python38-psycopg2-doc alma-upgrade-python38-psycopg2-tests alma-upgrade-python38-py alma-upgrade-python38-pycparser alma-upgrade-python38-pymysql alma-upgrade-python38-pyparsing alma-upgrade-python38-pysocks alma-upgrade-python38-pytest alma-upgrade-python38-pytz alma-upgrade-python38-pyyaml alma-upgrade-python38-requests alma-upgrade-python38-rpm-macros alma-upgrade-python38-scipy alma-upgrade-python38-setuptools alma-upgrade-python38-setuptools-wheel alma-upgrade-python38-six alma-upgrade-python38-test alma-upgrade-python38-tkinter alma-upgrade-python38-urllib3 alma-upgrade-python38-wcwidth alma-upgrade-python38-wheel alma-upgrade-python38-wheel-wheel alma-upgrade-python39 alma-upgrade-python39-attrs alma-upgrade-python39-cffi alma-upgrade-python39-chardet alma-upgrade-python39-cryptography alma-upgrade-python39-cython alma-upgrade-python39-debug alma-upgrade-python39-devel alma-upgrade-python39-idle alma-upgrade-python39-idna alma-upgrade-python39-iniconfig alma-upgrade-python39-libs alma-upgrade-python39-lxml alma-upgrade-python39-mod_wsgi alma-upgrade-python39-more-itertools alma-upgrade-python39-numpy alma-upgrade-python39-numpy-doc alma-upgrade-python39-numpy-f2py alma-upgrade-python39-packaging alma-upgrade-python39-pip alma-upgrade-python39-pip-wheel alma-upgrade-python39-pluggy alma-upgrade-python39-ply alma-upgrade-python39-psutil alma-upgrade-python39-psycopg2 alma-upgrade-python39-psycopg2-doc alma-upgrade-python39-psycopg2-tests alma-upgrade-python39-py alma-upgrade-python39-pybind11 alma-upgrade-python39-pybind11-devel alma-upgrade-python39-pycparser alma-upgrade-python39-pymysql alma-upgrade-python39-pyparsing alma-upgrade-python39-pysocks alma-upgrade-python39-pytest alma-upgrade-python39-pyyaml alma-upgrade-python39-requests alma-upgrade-python39-rpm-macros alma-upgrade-python39-scipy alma-upgrade-python39-setuptools alma-upgrade-python39-setuptools-wheel alma-upgrade-python39-six alma-upgrade-python39-test alma-upgrade-python39-tkinter alma-upgrade-python39-toml alma-upgrade-python39-urllib3 alma-upgrade-python39-wcwidth alma-upgrade-python39-wheel alma-upgrade-python39-wheel-wheel References https://attackerkb.com/topics/cve-2023-24329 CVE - 2023-24329 https://errata.almalinux.org/8/ALSA-2023-3591.html https://errata.almalinux.org/8/ALSA-2023-3594.html https://errata.almalinux.org/8/ALSA-2023-3780.html https://errata.almalinux.org/8/ALSA-2023-3781.html https://errata.almalinux.org/8/ALSA-2023-3811.html https://errata.almalinux.org/9/ALSA-2023-3585.html https://errata.almalinux.org/9/ALSA-2023-3595.html View more

Red Hat: CVE-2023-24329: urllib.parse url blocklisting bypass (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) redhat-upgrade-babel redhat-upgrade-cython-debugsource redhat-upgrade-numpy-debugsource redhat-upgrade-platform-python redhat-upgrade-platform-python-debug redhat-upgrade-platform-python-devel redhat-upgrade-python redhat-upgrade-python-cffi-debugsource redhat-upgrade-python-coverage-debugsource redhat-upgrade-python-cryptography-debugsource redhat-upgrade-python-debug redhat-upgrade-python-debuginfo redhat-upgrade-python-devel redhat-upgrade-python-libs redhat-upgrade-python-lxml-debugsource redhat-upgrade-python-markupsafe-debugsource redhat-upgrade-python-nose-docs redhat-upgrade-python-psutil-debugsource redhat-upgrade-python-psycopg2-debuginfo redhat-upgrade-python-psycopg2-debugsource redhat-upgrade-python-psycopg2-doc redhat-upgrade-python-pymongo-debuginfo redhat-upgrade-python-pymongo-debugsource redhat-upgrade-python-sqlalchemy-doc redhat-upgrade-python-test redhat-upgrade-python-tools redhat-upgrade-python-unversioned-command redhat-upgrade-python2 redhat-upgrade-python2-attrs redhat-upgrade-python2-babel redhat-upgrade-python2-backports redhat-upgrade-python2-backports-ssl_match_hostname redhat-upgrade-python2-bson redhat-upgrade-python2-bson-debuginfo redhat-upgrade-python2-chardet redhat-upgrade-python2-coverage redhat-upgrade-python2-coverage-debuginfo redhat-upgrade-python2-cython redhat-upgrade-python2-cython-debuginfo redhat-upgrade-python2-debug redhat-upgrade-python2-debuginfo redhat-upgrade-python2-debugsource redhat-upgrade-python2-devel redhat-upgrade-python2-dns redhat-upgrade-python2-docs redhat-upgrade-python2-docs-info redhat-upgrade-python2-docutils redhat-upgrade-python2-funcsigs redhat-upgrade-python2-idna redhat-upgrade-python2-ipaddress redhat-upgrade-python2-jinja2 redhat-upgrade-python2-libs redhat-upgrade-python2-lxml redhat-upgrade-python2-lxml-debuginfo redhat-upgrade-python2-markupsafe redhat-upgrade-python2-mock redhat-upgrade-python2-nose redhat-upgrade-python2-numpy redhat-upgrade-python2-numpy-debuginfo redhat-upgrade-python2-numpy-doc redhat-upgrade-python2-numpy-f2py redhat-upgrade-python2-pip redhat-upgrade-python2-pip-wheel redhat-upgrade-python2-pluggy redhat-upgrade-python2-psycopg2 redhat-upgrade-python2-psycopg2-debug redhat-upgrade-python2-psycopg2-debug-debuginfo redhat-upgrade-python2-psycopg2-debuginfo redhat-upgrade-python2-psycopg2-tests redhat-upgrade-python2-py redhat-upgrade-python2-pygments redhat-upgrade-python2-pymongo redhat-upgrade-python2-pymongo-debuginfo redhat-upgrade-python2-pymongo-gridfs redhat-upgrade-python2-pymysql redhat-upgrade-python2-pysocks redhat-upgrade-python2-pytest redhat-upgrade-python2-pytest-mock redhat-upgrade-python2-pytz redhat-upgrade-python2-pyyaml redhat-upgrade-python2-pyyaml-debuginfo redhat-upgrade-python2-requests redhat-upgrade-python2-rpm-macros redhat-upgrade-python2-scipy redhat-upgrade-python2-scipy-debuginfo redhat-upgrade-python2-setuptools redhat-upgrade-python2-setuptools-wheel redhat-upgrade-python2-setuptools_scm redhat-upgrade-python2-six redhat-upgrade-python2-sqlalchemy redhat-upgrade-python2-test redhat-upgrade-python2-tkinter redhat-upgrade-python2-tools redhat-upgrade-python2-urllib3 redhat-upgrade-python2-virtualenv redhat-upgrade-python2-wheel redhat-upgrade-python2-wheel-wheel redhat-upgrade-python3 redhat-upgrade-python3-11 redhat-upgrade-python3-11-debug redhat-upgrade-python3-11-debuginfo redhat-upgrade-python3-11-debugsource redhat-upgrade-python3-11-devel redhat-upgrade-python3-11-idle redhat-upgrade-python3-11-libs redhat-upgrade-python3-11-rpm-macros redhat-upgrade-python3-11-test redhat-upgrade-python3-11-tkinter redhat-upgrade-python3-9-debuginfo redhat-upgrade-python3-9-debugsource redhat-upgrade-python3-debug redhat-upgrade-python3-debuginfo redhat-upgrade-python3-debugsource redhat-upgrade-python3-devel redhat-upgrade-python3-idle redhat-upgrade-python3-libs redhat-upgrade-python3-test redhat-upgrade-python3-tkinter redhat-upgrade-python38 redhat-upgrade-python38-asn1crypto redhat-upgrade-python38-atomicwrites redhat-upgrade-python38-attrs redhat-upgrade-python38-babel redhat-upgrade-python38-cffi redhat-upgrade-python38-cffi-debuginfo redhat-upgrade-python38-chardet redhat-upgrade-python38-cryptography redhat-upgrade-python38-cryptography-debuginfo redhat-upgrade-python38-cython redhat-upgrade-python38-cython-debuginfo redhat-upgrade-python38-debug redhat-upgrade-python38-debuginfo redhat-upgrade-python38-debugsource redhat-upgrade-python38-devel redhat-upgrade-python38-idle redhat-upgrade-python38-idna redhat-upgrade-python38-jinja2 redhat-upgrade-python38-libs redhat-upgrade-python38-lxml redhat-upgrade-python38-lxml-debuginfo redhat-upgrade-python38-markupsafe redhat-upgrade-python38-markupsafe-debuginfo redhat-upgrade-python38-mod_wsgi redhat-upgrade-python38-more-itertools redhat-upgrade-python38-numpy redhat-upgrade-python38-numpy-debuginfo redhat-upgrade-python38-numpy-doc redhat-upgrade-python38-numpy-f2py redhat-upgrade-python38-packaging redhat-upgrade-python38-pip redhat-upgrade-python38-pip-wheel redhat-upgrade-python38-pluggy redhat-upgrade-python38-ply redhat-upgrade-python38-psutil redhat-upgrade-python38-psutil-debuginfo redhat-upgrade-python38-psycopg2 redhat-upgrade-python38-psycopg2-debuginfo redhat-upgrade-python38-psycopg2-doc redhat-upgrade-python38-psycopg2-tests redhat-upgrade-python38-py redhat-upgrade-python38-pycparser redhat-upgrade-python38-pymysql redhat-upgrade-python38-pyparsing redhat-upgrade-python38-pysocks redhat-upgrade-python38-pytest redhat-upgrade-python38-pytz redhat-upgrade-python38-pyyaml redhat-upgrade-python38-pyyaml-debuginfo redhat-upgrade-python38-requests redhat-upgrade-python38-rpm-macros redhat-upgrade-python38-scipy redhat-upgrade-python38-scipy-debuginfo redhat-upgrade-python38-setuptools redhat-upgrade-python38-setuptools-wheel redhat-upgrade-python38-six redhat-upgrade-python38-test redhat-upgrade-python38-tkinter redhat-upgrade-python38-urllib3 redhat-upgrade-python38-wcwidth redhat-upgrade-python38-wheel redhat-upgrade-python38-wheel-wheel redhat-upgrade-python39 redhat-upgrade-python39-attrs redhat-upgrade-python39-cffi redhat-upgrade-python39-cffi-debuginfo redhat-upgrade-python39-chardet redhat-upgrade-python39-cryptography redhat-upgrade-python39-cryptography-debuginfo redhat-upgrade-python39-cython redhat-upgrade-python39-cython-debuginfo redhat-upgrade-python39-debug redhat-upgrade-python39-debuginfo redhat-upgrade-python39-debugsource redhat-upgrade-python39-devel redhat-upgrade-python39-idle redhat-upgrade-python39-idna redhat-upgrade-python39-iniconfig redhat-upgrade-python39-libs redhat-upgrade-python39-lxml redhat-upgrade-python39-lxml-debuginfo redhat-upgrade-python39-mod_wsgi redhat-upgrade-python39-more-itertools redhat-upgrade-python39-numpy redhat-upgrade-python39-numpy-debuginfo redhat-upgrade-python39-numpy-doc redhat-upgrade-python39-numpy-f2py redhat-upgrade-python39-packaging redhat-upgrade-python39-pip redhat-upgrade-python39-pip-wheel redhat-upgrade-python39-pluggy redhat-upgrade-python39-ply redhat-upgrade-python39-psutil redhat-upgrade-python39-psutil-debuginfo redhat-upgrade-python39-psycopg2 redhat-upgrade-python39-psycopg2-debuginfo redhat-upgrade-python39-psycopg2-doc redhat-upgrade-python39-psycopg2-tests redhat-upgrade-python39-py redhat-upgrade-python39-pybind11 redhat-upgrade-python39-pybind11-devel redhat-upgrade-python39-pycparser redhat-upgrade-python39-pymysql redhat-upgrade-python39-pyparsing redhat-upgrade-python39-pysocks redhat-upgrade-python39-pytest redhat-upgrade-python39-pyyaml redhat-upgrade-python39-pyyaml-debuginfo redhat-upgrade-python39-requests redhat-upgrade-python39-rpm-macros redhat-upgrade-python39-scipy redhat-upgrade-python39-scipy-debuginfo redhat-upgrade-python39-setuptools redhat-upgrade-python39-setuptools-wheel redhat-upgrade-python39-six redhat-upgrade-python39-test redhat-upgrade-python39-tkinter redhat-upgrade-python39-toml redhat-upgrade-python39-urllib3 redhat-upgrade-python39-wcwidth redhat-upgrade-python39-wheel redhat-upgrade-python39-wheel-wheel redhat-upgrade-pyyaml-debugsource redhat-upgrade-scipy-debugsource redhat-upgrade-tkinter References CVE-2023-24329 RHSA-2023:3555 RHSA-2023:3556 RHSA-2023:3585 RHSA-2023:3591 RHSA-2023:3594 RHSA-2023:3595 RHSA-2023:3776 RHSA-2023:3780 RHSA-2023:3781 RHSA-2023:3796 RHSA-2023:3810 RHSA-2023:3811 RHSA-2023:4032 RHSA-2023:4203 View more

Amazon Linux AMI: CVE-2021-3923: Security patch for kernel (ALAS-2023-1688) Severity 1 CVSS (AV:L/AC:L/Au:M/C:P/I:N/A:N) Published 02/17/2023 Created 10/18/2023 Added 10/17/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1688 CVE-2021-3923

Gentoo Linux: CVE-2023-24329: Python, PyPy3: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) gentoo-linux-upgrade-dev-lang-python gentoo-linux-upgrade-dev-python-pypy3 gentoo-linux-upgrade-dev-python-pypy3_10 gentoo-linux-upgrade-dev-python-pypy3_9 References https://attackerkb.com/topics/cve-2023-24329 CVE - 2023-24329 202405-01

Huawei EulerOS: CVE-2023-24329: python3 security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) huawei-euleros-2_0_sp10-upgrade-python3 huawei-euleros-2_0_sp10-upgrade-python3-fgo huawei-euleros-2_0_sp10-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2023-24329 CVE - 2023-24329 EulerOS-SA-2023-1826

IBM WebSphere Application Server: CVE-2023-0482: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/17/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. Solution(s) ibm-was-install-8-5-ph53883-liberty ibm-was-upgrade-8-5-23-0-0-4-liberty References https://attackerkb.com/topics/cve-2023-0482 CVE - 2023-0482

Ubuntu: USN-6483-1 (CVE-2021-33391): HTML Tidy vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. Solution(s) ubuntu-upgrade-libtidy5deb1 ubuntu-upgrade-tidy References https://attackerkb.com/topics/cve-2021-33391 CVE - 2021-33391 USN-6483-1

CentOS Linux: CVE-2023-24329: Important: python security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) centos-upgrade-python centos-upgrade-python-debug centos-upgrade-python-debuginfo centos-upgrade-python-devel centos-upgrade-python-libs centos-upgrade-python-test centos-upgrade-python-tools centos-upgrade-python3 centos-upgrade-python3-debug centos-upgrade-python3-debuginfo centos-upgrade-python3-devel centos-upgrade-python3-idle centos-upgrade-python3-libs centos-upgrade-python3-test centos-upgrade-python3-tkinter centos-upgrade-tkinter References 127587 CVE-2023-24329

Huawei EulerOS: CVE-2023-24329: python3 security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) huawei-euleros-2_0_sp9-upgrade-python3 huawei-euleros-2_0_sp9-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2023-24329 CVE - 2023-24329 EulerOS-SA-2023-2339

Debian: CVE-2021-32419: schism -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 02/17/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c. Solution(s) debian-upgrade-schism References https://attackerkb.com/topics/cve-2021-32419 CVE - 2021-32419

Debian: CVE-2021-32142: libraw -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. Solution(s) debian-upgrade-libraw References https://attackerkb.com/topics/cve-2021-32142 CVE - 2021-32142 DLA-3433-1 DSA-5412 DSA-5412-1

Rocky Linux: CVE-2023-24329: python39-3.9-and-python39-devel-3.9 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/17/2023 Created 03/07/2024 Added 04/18/2024 Modified 01/28/2025 Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Solution(s) rocky-upgrade-cython-debugsource rocky-upgrade-numpy-debugsource rocky-upgrade-platform-python rocky-upgrade-platform-python-debug rocky-upgrade-platform-python-devel rocky-upgrade-python-cffi-debugsource rocky-upgrade-python-coverage-debugsource rocky-upgrade-python-cryptography-debugsource rocky-upgrade-python-lxml-debugsource rocky-upgrade-python-markupsafe-debugsource rocky-upgrade-python-psutil-debugsource rocky-upgrade-python-psycopg2-debuginfo rocky-upgrade-python-psycopg2-debugsource rocky-upgrade-python-psycopg2-doc rocky-upgrade-python-pymongo-debuginfo rocky-upgrade-python-pymongo-debugsource rocky-upgrade-python2 rocky-upgrade-python2-backports rocky-upgrade-python2-bson rocky-upgrade-python2-bson-debuginfo rocky-upgrade-python2-coverage rocky-upgrade-python2-coverage-debuginfo rocky-upgrade-python2-cython rocky-upgrade-python2-cython-debuginfo rocky-upgrade-python2-debug rocky-upgrade-python2-debuginfo rocky-upgrade-python2-debugsource rocky-upgrade-python2-devel rocky-upgrade-python2-libs rocky-upgrade-python2-lxml rocky-upgrade-python2-lxml-debuginfo rocky-upgrade-python2-markupsafe rocky-upgrade-python2-numpy rocky-upgrade-python2-numpy-debuginfo rocky-upgrade-python2-numpy-f2py rocky-upgrade-python2-psycopg2 rocky-upgrade-python2-psycopg2-debug rocky-upgrade-python2-psycopg2-debug-debuginfo rocky-upgrade-python2-psycopg2-debuginfo rocky-upgrade-python2-psycopg2-tests rocky-upgrade-python2-pymongo rocky-upgrade-python2-pymongo-debuginfo rocky-upgrade-python2-pymongo-gridfs rocky-upgrade-python2-pyyaml rocky-upgrade-python2-pyyaml-debuginfo rocky-upgrade-python2-scipy rocky-upgrade-python2-scipy-debuginfo rocky-upgrade-python2-sqlalchemy rocky-upgrade-python2-test rocky-upgrade-python2-tkinter rocky-upgrade-python2-tools rocky-upgrade-python3 rocky-upgrade-python3-debug rocky-upgrade-python3-debuginfo rocky-upgrade-python3-debugsource rocky-upgrade-python3-devel rocky-upgrade-python3-idle rocky-upgrade-python3-libs rocky-upgrade-python3-test rocky-upgrade-python3-tkinter rocky-upgrade-python3.11 rocky-upgrade-python3.11-debug rocky-upgrade-python3.11-debuginfo rocky-upgrade-python3.11-debugsource rocky-upgrade-python3.11-devel rocky-upgrade-python3.11-idle rocky-upgrade-python3.11-libs rocky-upgrade-python3.11-test rocky-upgrade-python3.11-tkinter rocky-upgrade-python38 rocky-upgrade-python38-cffi rocky-upgrade-python38-cffi-debuginfo rocky-upgrade-python38-cryptography rocky-upgrade-python38-cryptography-debuginfo rocky-upgrade-python38-cython rocky-upgrade-python38-cython-debuginfo rocky-upgrade-python38-debug rocky-upgrade-python38-debuginfo rocky-upgrade-python38-debugsource rocky-upgrade-python38-devel rocky-upgrade-python38-idle rocky-upgrade-python38-libs rocky-upgrade-python38-lxml rocky-upgrade-python38-lxml-debuginfo rocky-upgrade-python38-markupsafe rocky-upgrade-python38-markupsafe-debuginfo rocky-upgrade-python38-mod_wsgi rocky-upgrade-python38-numpy rocky-upgrade-python38-numpy-debuginfo rocky-upgrade-python38-numpy-f2py rocky-upgrade-python38-psutil rocky-upgrade-python38-psutil-debuginfo rocky-upgrade-python38-psycopg2 rocky-upgrade-python38-psycopg2-debuginfo rocky-upgrade-python38-psycopg2-doc rocky-upgrade-python38-psycopg2-tests rocky-upgrade-python38-pyyaml rocky-upgrade-python38-pyyaml-debuginfo rocky-upgrade-python38-scipy rocky-upgrade-python38-scipy-debuginfo rocky-upgrade-python38-test rocky-upgrade-python38-tkinter rocky-upgrade-python39 rocky-upgrade-python39-cffi rocky-upgrade-python39-cffi-debuginfo rocky-upgrade-python39-cryptography rocky-upgrade-python39-cryptography-debuginfo rocky-upgrade-python39-cython rocky-upgrade-python39-cython-debuginfo rocky-upgrade-python39-debug rocky-upgrade-python39-debuginfo rocky-upgrade-python39-debugsource rocky-upgrade-python39-devel rocky-upgrade-python39-idle rocky-upgrade-python39-libs rocky-upgrade-python39-lxml rocky-upgrade-python39-lxml-debuginfo rocky-upgrade-python39-mod_wsgi rocky-upgrade-python39-numpy rocky-upgrade-python39-numpy-debuginfo rocky-upgrade-python39-numpy-f2py rocky-upgrade-python39-psutil rocky-upgrade-python39-psutil-debuginfo rocky-upgrade-python39-psycopg2 rocky-upgrade-python39-psycopg2-debuginfo rocky-upgrade-python39-psycopg2-doc rocky-upgrade-python39-psycopg2-tests rocky-upgrade-python39-pybind11 rocky-upgrade-python39-pybind11-devel rocky-upgrade-python39-pyyaml rocky-upgrade-python39-pyyaml-debuginfo rocky-upgrade-python39-scipy rocky-upgrade-python39-scipy-debuginfo rocky-upgrade-python39-test rocky-upgrade-python39-tkinter rocky-upgrade-pyyaml-debugsource rocky-upgrade-scipy-debugsource References https://attackerkb.com/topics/cve-2023-24329 CVE - 2023-24329 https://errata.rockylinux.org/RLSA-2023:3585 https://errata.rockylinux.org/RLSA-2023:3591 https://errata.rockylinux.org/RLSA-2023:3594 https://errata.rockylinux.org/RLSA-2023:3595 https://errata.rockylinux.org/RLSA-2023:3780 https://errata.rockylinux.org/RLSA-2023:3781 https://errata.rockylinux.org/RLSA-2023:3811 View more

Debian: CVE-2020-19824: mpv -- security update Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. Solution(s) debian-upgrade-mpv References https://attackerkb.com/topics/cve-2020-19824 CVE - 2020-19824 DLA-3358-1

SUSE: CVE-2021-32142: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/17/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. Solution(s) suse-upgrade-libraw-devel suse-upgrade-libraw-devel-static suse-upgrade-libraw-tools suse-upgrade-libraw16 suse-upgrade-libraw20 suse-upgrade-libraw20-32bit suse-upgrade-libraw9 References https://attackerkb.com/topics/cve-2021-32142 CVE - 2021-32142

Moodle: Unspecified Security Vulnerability (CVE-2023-23923) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 02/17/2023 Created 03/03/2023 Added 03/02/2023 Modified 01/28/2025 Description The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. Solution(s) moodle-upgrade-3_11_12 moodle-upgrade-3_9_19 moodle-upgrade-4_0_6 References https://attackerkb.com/topics/cve-2023-23923 CVE - 2023-23923 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-76862 https://bugzilla.redhat.com/show_bug.cgi?id=2162549 https://moodle.org/mod/forum/discuss.php?d=443274#p1782023