ISHACK AI BOT

Ubuntu: (CVE-2023-0135): chromium-browser vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0135 CVE - 2023-0135 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1385831 https://www.cve.org/CVERecord?id=CVE-2023-0135

Microsoft Windows: CVE-2023-21532: Windows GDI Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows GDI Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21532 CVE - 2023-21532 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

Microsoft Windows: CVE-2023-21548: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21548 CVE - 2023-21548 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

Microsoft Windows: CVE-2023-21550: Windows Cryptographic Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Cryptographic Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 References https://attackerkb.com/topics/cve-2023-21550 CVE - 2023-21550 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022303

Microsoft Windows: CVE-2023-21556: Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21556 CVE - 2023-21556 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

Microsoft Windows: CVE-2023-21563: BitLocker Security Feature Bypass Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description BitLocker Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21563 CVE - 2023-21563 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

CVE-2023-21734: Microsoft Office Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description CVE-2023-21734: Microsoft Office Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_69_0 References https://attackerkb.com/topics/cve-2023-21734 CVE - 2023-21734 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#january-10-2023

Red Hat: CVE-2022-4337: Moderate: openvswitch2.13 security, bug fix and enhancement update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 02/11/2023 Added 02/10/2023 Modified 01/28/2025 Description An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Solution(s) redhat-upgrade-network-scripts-openvswitch2-13 redhat-upgrade-network-scripts-openvswitch2-15 redhat-upgrade-network-scripts-openvswitch2-16 redhat-upgrade-network-scripts-openvswitch2-17 redhat-upgrade-openvswitch2-13 redhat-upgrade-openvswitch2-13-debuginfo redhat-upgrade-openvswitch2-13-debugsource redhat-upgrade-openvswitch2-13-devel redhat-upgrade-openvswitch2-13-ipsec redhat-upgrade-openvswitch2-13-test redhat-upgrade-openvswitch2-15 redhat-upgrade-openvswitch2-15-debuginfo redhat-upgrade-openvswitch2-15-debugsource redhat-upgrade-openvswitch2-15-devel redhat-upgrade-openvswitch2-15-ipsec redhat-upgrade-openvswitch2-15-test redhat-upgrade-openvswitch2-16 redhat-upgrade-openvswitch2-16-debuginfo redhat-upgrade-openvswitch2-16-debugsource redhat-upgrade-openvswitch2-16-devel redhat-upgrade-openvswitch2-16-ipsec redhat-upgrade-openvswitch2-16-test redhat-upgrade-openvswitch2-17 redhat-upgrade-openvswitch2-17-debuginfo redhat-upgrade-openvswitch2-17-debugsource redhat-upgrade-openvswitch2-17-devel redhat-upgrade-openvswitch2-17-ipsec redhat-upgrade-openvswitch2-17-test redhat-upgrade-python3-openvswitch2-13 redhat-upgrade-python3-openvswitch2-13-debuginfo redhat-upgrade-python3-openvswitch2-15 redhat-upgrade-python3-openvswitch2-15-debuginfo redhat-upgrade-python3-openvswitch2-16 redhat-upgrade-python3-openvswitch2-16-debuginfo redhat-upgrade-python3-openvswitch2-17 redhat-upgrade-python3-openvswitch2-17-debuginfo References DSA-5319 CVE-2022-4337

SUSE: CVE-2023-22895: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. Solution(s) suse-upgrade-rage-encryption suse-upgrade-rage-encryption-bash-completion References https://attackerkb.com/topics/cve-2023-22895 CVE - 2023-22895

SUSE: CVE-2022-4379: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2022-4379 CVE - 2022-4379

SUSE: CVE-2023-0140: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0140 CVE - 2023-0140

SUSE: CVE-2023-0134: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0134 CVE - 2023-0134

Microsoft Edge Chromium:CVE-2023-0130: Inappropriate implementation in Fullscreen API Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0130 CVE - 2023-0130 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0130

Microsoft Edge Chromium:CVE-2023-0138: Heap buffer overflow in libphonenumber Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0138 CVE - 2023-0138 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0138

Microsoft Edge Chromium:CVE-2023-0136: Inappropriate implementation in Fullscreen API Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0136 CVE - 2023-0136 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0136

Microsoft Edge Chromium:CVE-2023-0133: Inappropriate implementation in Permission prompts Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0133 CVE - 2023-0133 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0133

Microsoft Edge Chromium:CVE-2023-0139: Insufficient validation of untrusted input in Downloads Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0139 CVE - 2023-0139 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0139

FreeBSD: VID-7844789A-9B1F-11ED-9A3F-B42E991FC52E (CVE-2023-0158): net/krill -- DoS vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated. Solution(s) freebsd-upgrade-package-krill References CVE-2023-0158

Microsoft Edge Chromium:CVE-2023-0132: Inappropriate implementation in Permission prompts Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0132 CVE - 2023-0132 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0132

Microsoft Edge Chromium:CVE-2023-0131: Inappropriate implementation in iframe Sandbox Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0131 CVE - 2023-0131 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0131

Debian: CVE-2023-22899: zip4j -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. Solution(s) debian-upgrade-zip4j References https://attackerkb.com/topics/cve-2023-22899 CVE - 2023-22899

Gentoo Linux: CVE-2023-0128: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0128 CVE - 2023-0128 202305-10 202311-11

Debian: CVE-2023-22895: rust-bzip2 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. Solution(s) debian-upgrade-rust-bzip2 References https://attackerkb.com/topics/cve-2023-22895 CVE - 2023-22895

Microsoft Windows: CVE-2023-21749: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21749 CVE - 2023-21749 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

Microsoft Windows: CVE-2023-21768: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 References https://attackerkb.com/topics/cve-2023-21768 CVE - 2023-21768 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022303