ISHACK AI BOT

Alma Linux: CVE-2024-2199: Important: 389-ds security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 06/17/2024 Added 06/17/2024 Modified 09/18/2024 Description A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. Solution(s) alma-upgrade-389-ds-base alma-upgrade-389-ds-base-devel alma-upgrade-389-ds-base-legacy-tools alma-upgrade-389-ds-base-libs alma-upgrade-389-ds-base-snmp alma-upgrade-python3-lib389 References https://attackerkb.com/topics/cve-2024-2199 CVE - 2024-2199 https://errata.almalinux.org/8/ALSA-2024-4235.html https://errata.almalinux.org/9/ALSA-2024-3837.html

Red Hat: CVE-2024-2199: 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 06/06/2024 Added 06/05/2024 Modified 09/13/2024 Description A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. Solution(s) redhat-upgrade-389-ds-base redhat-upgrade-389-ds-base-debuginfo redhat-upgrade-389-ds-base-debugsource redhat-upgrade-389-ds-base-devel redhat-upgrade-389-ds-base-legacy-tools redhat-upgrade-389-ds-base-legacy-tools-debuginfo redhat-upgrade-389-ds-base-libs redhat-upgrade-389-ds-base-libs-debuginfo redhat-upgrade-389-ds-base-snmp redhat-upgrade-389-ds-base-snmp-debuginfo redhat-upgrade-python3-lib389 References CVE-2024-2199 RHSA-2024:3591 RHSA-2024:3837 RHSA-2024:4235 RHSA-2024:4633 RHSA-2024:5690

FreeBSD: VID-80FBE184-2358-11EF-996E-40B034455553 (CVE-2024-36107): minio -- unintentional information disclosure Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 09/11/2024 Added 09/09/2024 Modified 09/09/2024 Description MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a specific bucket and also gain access to some amount of information such as`Last-Modified (of the latest version)`, `Etag (of the latest version)`, `x-amz-version-id (of the latest version)`, `Expires (metadata value of the latest version)`, `Cache-Control (metadata value of the latest version)`. This conditional check was being honored before validating if the anonymous access is indeed allowed on the metadata of an object. This issue has been addressed in commit `e0fe7cc3917`. Users must upgrade to RELEASE.2024-05-27T19-17-46Z for the fix. There are no known workarounds for this issue. Solution(s) freebsd-upgrade-package-minio References CVE-2024-36107

Amazon Linux 2023: CVE-2024-4741: Medium priority package update for openssl Severity 5 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations. Solution(s) amazon-linux-2023-upgrade-openssl amazon-linux-2023-upgrade-openssl-debuginfo amazon-linux-2023-upgrade-openssl-debugsource amazon-linux-2023-upgrade-openssl-devel amazon-linux-2023-upgrade-openssl-libs amazon-linux-2023-upgrade-openssl-libs-debuginfo amazon-linux-2023-upgrade-openssl-perl amazon-linux-2023-upgrade-openssl-snapsafe-libs amazon-linux-2023-upgrade-openssl-snapsafe-libs-debuginfo References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741 https://alas.aws.amazon.com/AL2023/ALAS-2024-677.html

Microsoft Edge Chromium: CVE-2024-5274 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/28/2024 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-5274 CVE - 2024-5274 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5274

Debian: CVE-2024-35226: smarty3, smarty4 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 11/26/2024 Added 11/25/2024 Modified 11/25/2024 Description Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-smarty3 debian-upgrade-smarty4 References https://attackerkb.com/topics/cve-2024-35226 CVE - 2024-35226 DLA-3956-1

SUSE: CVE-2024-36472: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 07/23/2024 Added 07/23/2024 Modified 07/23/2024 Description In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. Solution(s) suse-upgrade-gnome-extensions suse-upgrade-gnome-shell suse-upgrade-gnome-shell-browser-plugin suse-upgrade-gnome-shell-calendar suse-upgrade-gnome-shell-devel suse-upgrade-gnome-shell-lang References https://attackerkb.com/topics/cve-2024-36472 CVE - 2024-36472

Oracle Linux: CVE-2024-3657: ELSA-2024-3591:389-ds-base security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/28/2024 Created 06/06/2024 Added 06/04/2024 Modified 12/07/2024 Description A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Solution(s) oracle-linux-upgrade-389-ds-base oracle-linux-upgrade-389-ds-base-devel oracle-linux-upgrade-389-ds-base-legacy-tools oracle-linux-upgrade-389-ds-base-libs oracle-linux-upgrade-389-ds-base-snmp oracle-linux-upgrade-python3-lib389 References https://attackerkb.com/topics/cve-2024-3657 CVE - 2024-3657 ELSA-2024-3591 ELSA-2024-3837 ELSA-2024-4235

SUSE: CVE-2024-3657: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 08/16/2024 Added 08/15/2024 Modified 11/04/2024 Description A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Solution(s) suse-upgrade-389-ds suse-upgrade-389-ds-devel suse-upgrade-389-ds-snmp suse-upgrade-lib389 suse-upgrade-libsvrcore0 References https://attackerkb.com/topics/cve-2024-3657 CVE - 2024-3657

Oracle Linux: CVE-2024-2199: ELSA-2024-3591:389-ds-base security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:A/AC:L/Au:S/C:N/I:N/A:C) Published 05/28/2024 Created 06/06/2024 Added 06/04/2024 Modified 12/07/2024 Description A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. Solution(s) oracle-linux-upgrade-389-ds-base oracle-linux-upgrade-389-ds-base-devel oracle-linux-upgrade-389-ds-base-legacy-tools oracle-linux-upgrade-389-ds-base-libs oracle-linux-upgrade-389-ds-base-snmp oracle-linux-upgrade-python3-lib389 References https://attackerkb.com/topics/cve-2024-2199 CVE - 2024-2199 ELSA-2024-3591 ELSA-2024-3837 ELSA-2024-4235

Ubuntu: USN-6791-1 (CVE-2024-33655): Unbound vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 06/07/2024 Added 06/06/2024 Modified 10/23/2024 Description The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue. Solution(s) ubuntu-upgrade-libunbound8 ubuntu-upgrade-unbound References https://attackerkb.com/topics/cve-2024-33655 CVE - 2024-33655 USN-6791-1

Ubuntu: USN-6963-1 (CVE-2024-36472): GNOME Shell vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 08/20/2024 Added 08/19/2024 Modified 10/23/2024 Description In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. Solution(s) ubuntu-upgrade-gnome-shell References https://attackerkb.com/topics/cve-2024-36472 CVE - 2024-36472 USN-6963-1

Rocky Linux: CVE-2024-2199: 389-ds (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. Solution(s) rocky-upgrade-389-ds-base rocky-upgrade-389-ds-base-debuginfo rocky-upgrade-389-ds-base-debugsource rocky-upgrade-389-ds-base-devel rocky-upgrade-389-ds-base-legacy-tools rocky-upgrade-389-ds-base-legacy-tools-debuginfo rocky-upgrade-389-ds-base-libs rocky-upgrade-389-ds-base-libs-debuginfo rocky-upgrade-389-ds-base-snmp rocky-upgrade-389-ds-base-snmp-debuginfo References https://attackerkb.com/topics/cve-2024-2199 CVE - 2024-2199 https://errata.rockylinux.org/RLSA-2024:3837 https://errata.rockylinux.org/RLSA-2024:4235

Oracle Linux: CVE-2024-4741: ELSA-2024-9333:openssl and openssl-fips-provider security update (LOW) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/27/2024 Description A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations. Solution(s) oracle-linux-upgrade-openssl oracle-linux-upgrade-openssl-devel oracle-linux-upgrade-openssl-fips-provider oracle-linux-upgrade-openssl-fips-provider-so oracle-linux-upgrade-openssl-libs oracle-linux-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741 ELSA-2024-9333

Alpine Linux: CVE-2024-5274: Type Confusion Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/28/2024 Created 08/23/2024 Added 08/22/2024 Modified 11/29/2024 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt6-qtwebengine References https://attackerkb.com/topics/cve-2024-5274 CVE - 2024-5274 https://security.alpinelinux.org/vuln/CVE-2024-5274

Red Hat: CVE-2024-3657: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 06/06/2024 Added 06/05/2024 Modified 09/13/2024 Description A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Solution(s) redhat-upgrade-389-ds-base redhat-upgrade-389-ds-base-debuginfo redhat-upgrade-389-ds-base-debugsource redhat-upgrade-389-ds-base-devel redhat-upgrade-389-ds-base-legacy-tools redhat-upgrade-389-ds-base-legacy-tools-debuginfo redhat-upgrade-389-ds-base-libs redhat-upgrade-389-ds-base-libs-debuginfo redhat-upgrade-389-ds-base-snmp redhat-upgrade-389-ds-base-snmp-debuginfo redhat-upgrade-python3-lib389 References CVE-2024-3657 RHSA-2024:3591 RHSA-2024:3837 RHSA-2024:4235 RHSA-2024:4633 RHSA-2024:5690

Red Hat: CVE-2024-36472: gnome-shell: code execution in portal helper (Multiple Advisories) Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 05/28/2024 Created 09/14/2024 Added 09/13/2024 Modified 11/27/2024 Description In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. Solution(s) redhat-upgrade-gnome-classic-session redhat-upgrade-gnome-shell redhat-upgrade-gnome-shell-debuginfo redhat-upgrade-gnome-shell-debugsource redhat-upgrade-gnome-shell-extension-apps-menu redhat-upgrade-gnome-shell-extension-auto-move-windows redhat-upgrade-gnome-shell-extension-classification-banner redhat-upgrade-gnome-shell-extension-common redhat-upgrade-gnome-shell-extension-custom-menu redhat-upgrade-gnome-shell-extension-dash-to-dock redhat-upgrade-gnome-shell-extension-dash-to-panel redhat-upgrade-gnome-shell-extension-desktop-icons redhat-upgrade-gnome-shell-extension-drive-menu redhat-upgrade-gnome-shell-extension-gesture-inhibitor redhat-upgrade-gnome-shell-extension-heads-up-display redhat-upgrade-gnome-shell-extension-launch-new-instance redhat-upgrade-gnome-shell-extension-native-window-placement redhat-upgrade-gnome-shell-extension-panel-favorites redhat-upgrade-gnome-shell-extension-places-menu redhat-upgrade-gnome-shell-extension-screenshot-window-sizer redhat-upgrade-gnome-shell-extension-systemmonitor redhat-upgrade-gnome-shell-extension-top-icons redhat-upgrade-gnome-shell-extension-updates-dialog redhat-upgrade-gnome-shell-extension-user-theme redhat-upgrade-gnome-shell-extension-window-list redhat-upgrade-gnome-shell-extension-windowsnavigator redhat-upgrade-gnome-shell-extension-workspace-indicator References CVE-2024-36472 RHSA-2024:5298 RHSA-2024:9114 RHSA-2024:9915

Rocky Linux: CVE-2024-3657: 389-ds (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Solution(s) rocky-upgrade-389-ds-base rocky-upgrade-389-ds-base-debuginfo rocky-upgrade-389-ds-base-debugsource rocky-upgrade-389-ds-base-devel rocky-upgrade-389-ds-base-legacy-tools rocky-upgrade-389-ds-base-legacy-tools-debuginfo rocky-upgrade-389-ds-base-libs rocky-upgrade-389-ds-base-libs-debuginfo rocky-upgrade-389-ds-base-snmp rocky-upgrade-389-ds-base-snmp-debuginfo References https://attackerkb.com/topics/cve-2024-3657 CVE - 2024-3657 https://errata.rockylinux.org/RLSA-2024:3837 https://errata.rockylinux.org/RLSA-2024:4235

Debian: CVE-2024-5274: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/28/2024 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5274 CVE - 2024-5274 DSA-5697-1

FreeBSD: (Multiple Advisories) (CVE-2024-5274): qt6-webengine -- Multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/28/2024 Created 06/01/2024 Added 05/30/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-5274

Check Point: Quantum Gateway Information Disclosure: CVE-2024-24919 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/28/2024 Created 05/31/2024 Added 05/29/2024 Modified 06/03/2024 Description A vulnerability in Check Point Security Gateways with IPSec VPN, Remote Access VPN and the Mobile Access software blade allows disclosure of information. The vendor advisory does not specify what information may be disclosed, but does recommend rotating passwords and certificates stored on the device. Check Point discovered this vulnerability while investigating attempts to gain unauthorized access to VPN products used by their customers. Solution(s) checkpoint-cve-2024-24919 References https://attackerkb.com/topics/cve-2024-24919 CVE - 2024-24919 https://support.checkpoint.com/results/sk/sk182336 https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/

Ubuntu: USN-7158-1 (CVE-2024-35226): Smarty vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 12/14/2024 Added 12/13/2024 Modified 12/13/2024 Description Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-smarty3 References https://attackerkb.com/topics/cve-2024-35226 CVE - 2024-35226 USN-7158-1

Oracle Linux: CVE-2024-36472: ELSA-2024-5298:gnome-shell security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 05/28/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/07/2025 Description In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary. Solution(s) oracle-linux-upgrade-gnome-classic-session oracle-linux-upgrade-gnome-shell oracle-linux-upgrade-gnome-shell-extension-apps-menu oracle-linux-upgrade-gnome-shell-extension-auto-move-windows oracle-linux-upgrade-gnome-shell-extension-classification-banner oracle-linux-upgrade-gnome-shell-extension-common oracle-linux-upgrade-gnome-shell-extension-custom-menu oracle-linux-upgrade-gnome-shell-extension-dash-to-dock oracle-linux-upgrade-gnome-shell-extension-dash-to-panel oracle-linux-upgrade-gnome-shell-extension-desktop-icons oracle-linux-upgrade-gnome-shell-extension-drive-menu oracle-linux-upgrade-gnome-shell-extension-gesture-inhibitor oracle-linux-upgrade-gnome-shell-extension-heads-up-display oracle-linux-upgrade-gnome-shell-extension-launch-new-instance oracle-linux-upgrade-gnome-shell-extension-native-window-placement oracle-linux-upgrade-gnome-shell-extension-panel-favorites oracle-linux-upgrade-gnome-shell-extension-places-menu oracle-linux-upgrade-gnome-shell-extension-screenshot-window-sizer oracle-linux-upgrade-gnome-shell-extension-systemmonitor oracle-linux-upgrade-gnome-shell-extension-top-icons oracle-linux-upgrade-gnome-shell-extension-updates-dialog oracle-linux-upgrade-gnome-shell-extension-user-theme oracle-linux-upgrade-gnome-shell-extension-window-list oracle-linux-upgrade-gnome-shell-extension-windowsnavigator oracle-linux-upgrade-gnome-shell-extension-workspace-indicator References https://attackerkb.com/topics/cve-2024-36472 CVE - 2024-36472 ELSA-2024-5298 ELSA-2024-9114

CentOS Linux: CVE-2024-3657: Important: 389-ds-base security update (CESA-2024:3591) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2024 Created 06/06/2024 Added 06/05/2024 Modified 06/05/2024 Description A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Solution(s) centos-upgrade-389-ds-base centos-upgrade-389-ds-base-debuginfo centos-upgrade-389-ds-base-devel centos-upgrade-389-ds-base-libs centos-upgrade-389-ds-base-snmp References CVE-2024-3657

Amazon Linux AMI 2: CVE-2023-6349: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/27/2024 Created 08/14/2024 Added 08/14/2024 Modified 08/14/2024 Description A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-6349 AL2/ALAS-2024-2617 AL2/ALASFIREFOX-2024-027 CVE - 2023-6349