ISHACK AI BOT

FreeBSD: VID-3B14B2B4-9014-11EE-98B3-001B217B3468 (CVE-2023-4658): Gitlab -- Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:S/C:N/I:P/A:N) Published 11/30/2023 Created 12/05/2023 Added 12/02/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-4658

Microsoft Edge Chromium: CVE-2023-6345 Integer overflow in Skia Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-6345 CVE - 2023-6345 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6345

CentOS Linux: CVE-2023-42917: Important: webkit2gtk3 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/28/2025 Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-42917

CentOS Linux: CVE-2023-5870: Important: postgresql:13 security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 11/30/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Solution(s) centos-upgrade-pg_repack centos-upgrade-pg_repack-debuginfo centos-upgrade-pg_repack-debugsource centos-upgrade-pgaudit centos-upgrade-pgaudit-debuginfo centos-upgrade-pgaudit-debugsource centos-upgrade-postgres-decoderbufs centos-upgrade-postgres-decoderbufs-debuginfo centos-upgrade-postgres-decoderbufs-debugsource centos-upgrade-postgresql centos-upgrade-postgresql-contrib centos-upgrade-postgresql-contrib-debuginfo centos-upgrade-postgresql-debuginfo centos-upgrade-postgresql-debugsource centos-upgrade-postgresql-docs centos-upgrade-postgresql-docs-debuginfo centos-upgrade-postgresql-plperl centos-upgrade-postgresql-plperl-debuginfo centos-upgrade-postgresql-plpython3 centos-upgrade-postgresql-plpython3-debuginfo centos-upgrade-postgresql-pltcl centos-upgrade-postgresql-pltcl-debuginfo centos-upgrade-postgresql-private-devel centos-upgrade-postgresql-private-libs centos-upgrade-postgresql-private-libs-debuginfo centos-upgrade-postgresql-server centos-upgrade-postgresql-server-debuginfo centos-upgrade-postgresql-server-devel centos-upgrade-postgresql-server-devel-debuginfo centos-upgrade-postgresql-static centos-upgrade-postgresql-test centos-upgrade-postgresql-test-debuginfo centos-upgrade-postgresql-test-rpm-macros centos-upgrade-postgresql-upgrade centos-upgrade-postgresql-upgrade-debuginfo centos-upgrade-postgresql-upgrade-devel centos-upgrade-postgresql-upgrade-devel-debuginfo References CVE-2023-5870

NotepadPlusPlus: Unspecified Security Vulnerability (CVE-2023-6401) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/30/2023 Created 12/15/2023 Added 12/14/2023 Modified 01/28/2025 Description A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Solution(s) notepadplusplus-upgrade-latest References https://attackerkb.com/topics/cve-2023-6401 CVE - 2023-6401 https://vuldb.com/?ctiid.246421 https://vuldb.com/?id.246421

Amazon Linux 2023: CVE-2023-47100: Medium priority package update for perl Severity 1 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:N) Published 12/03/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. A flaw was found in Perl due to improper handling of the property name by the S_parse_uniprop_string function in regcomp.c. This issue could allow an attacker to to bypass security restrictions and use a specially crafted regular expression input to write to unallocated space. Solution(s) amazon-linux-2023-upgrade-perl amazon-linux-2023-upgrade-perl-attribute-handlers amazon-linux-2023-upgrade-perl-autoloader amazon-linux-2023-upgrade-perl-autosplit amazon-linux-2023-upgrade-perl-autouse amazon-linux-2023-upgrade-perl-b amazon-linux-2023-upgrade-perl-base amazon-linux-2023-upgrade-perl-b-debuginfo amazon-linux-2023-upgrade-perl-benchmark amazon-linux-2023-upgrade-perl-blib amazon-linux-2023-upgrade-perl-class-struct amazon-linux-2023-upgrade-perl-config-extensions amazon-linux-2023-upgrade-perl-dbm-filter amazon-linux-2023-upgrade-perl-debugger amazon-linux-2023-upgrade-perl-debuginfo amazon-linux-2023-upgrade-perl-debugsource amazon-linux-2023-upgrade-perl-deprecate amazon-linux-2023-upgrade-perl-devel amazon-linux-2023-upgrade-perl-devel-peek amazon-linux-2023-upgrade-perl-devel-peek-debuginfo amazon-linux-2023-upgrade-perl-devel-selfstubber amazon-linux-2023-upgrade-perl-diagnostics amazon-linux-2023-upgrade-perl-dirhandle amazon-linux-2023-upgrade-perl-doc amazon-linux-2023-upgrade-perl-dumpvalue amazon-linux-2023-upgrade-perl-dynaloader amazon-linux-2023-upgrade-perl-encoding-warnings amazon-linux-2023-upgrade-perl-english amazon-linux-2023-upgrade-perl-errno amazon-linux-2023-upgrade-perl-extutils-constant amazon-linux-2023-upgrade-perl-extutils-embed amazon-linux-2023-upgrade-perl-extutils-miniperl amazon-linux-2023-upgrade-perl-fcntl amazon-linux-2023-upgrade-perl-fcntl-debuginfo amazon-linux-2023-upgrade-perl-fields amazon-linux-2023-upgrade-perl-file-basename amazon-linux-2023-upgrade-perl-filecache amazon-linux-2023-upgrade-perl-file-compare amazon-linux-2023-upgrade-perl-file-copy amazon-linux-2023-upgrade-perl-file-dosglob amazon-linux-2023-upgrade-perl-file-dosglob-debuginfo amazon-linux-2023-upgrade-perl-file-find amazon-linux-2023-upgrade-perl-filehandle amazon-linux-2023-upgrade-perl-file-stat amazon-linux-2023-upgrade-perl-filetest amazon-linux-2023-upgrade-perl-findbin amazon-linux-2023-upgrade-perl-gdbm-file amazon-linux-2023-upgrade-perl-gdbm-file-debuginfo amazon-linux-2023-upgrade-perl-getopt-std amazon-linux-2023-upgrade-perl-hash-util amazon-linux-2023-upgrade-perl-hash-util-debuginfo amazon-linux-2023-upgrade-perl-hash-util-fieldhash amazon-linux-2023-upgrade-perl-hash-util-fieldhash-debuginfo amazon-linux-2023-upgrade-perl-i18n-collate amazon-linux-2023-upgrade-perl-i18n-langinfo amazon-linux-2023-upgrade-perl-i18n-langinfo-debuginfo amazon-linux-2023-upgrade-perl-i18n-langtags amazon-linux-2023-upgrade-perl-if amazon-linux-2023-upgrade-perl-interpreter amazon-linux-2023-upgrade-perl-interpreter-debuginfo amazon-linux-2023-upgrade-perl-io amazon-linux-2023-upgrade-perl-io-debuginfo amazon-linux-2023-upgrade-perl-ipc-open3 amazon-linux-2023-upgrade-perl-less amazon-linux-2023-upgrade-perl-lib amazon-linux-2023-upgrade-perl-libnetcfg amazon-linux-2023-upgrade-perl-libs amazon-linux-2023-upgrade-perl-libs-debuginfo amazon-linux-2023-upgrade-perl-locale amazon-linux-2023-upgrade-perl-locale-maketext-simple amazon-linux-2023-upgrade-perl-macros amazon-linux-2023-upgrade-perl-math-complex amazon-linux-2023-upgrade-perl-memoize amazon-linux-2023-upgrade-perl-meta-notation amazon-linux-2023-upgrade-perl-module-loaded amazon-linux-2023-upgrade-perl-mro amazon-linux-2023-upgrade-perl-mro-debuginfo amazon-linux-2023-upgrade-perl-ndbm-file amazon-linux-2023-upgrade-perl-ndbm-file-debuginfo amazon-linux-2023-upgrade-perl-net amazon-linux-2023-upgrade-perl-next amazon-linux-2023-upgrade-perl-odbm-file amazon-linux-2023-upgrade-perl-odbm-file-debuginfo amazon-linux-2023-upgrade-perl-opcode amazon-linux-2023-upgrade-perl-opcode-debuginfo amazon-linux-2023-upgrade-perl-open amazon-linux-2023-upgrade-perl-overload amazon-linux-2023-upgrade-perl-overloading amazon-linux-2023-upgrade-perl-ph amazon-linux-2023-upgrade-perl-pod-functions amazon-linux-2023-upgrade-perl-pod-html amazon-linux-2023-upgrade-perl-posix amazon-linux-2023-upgrade-perl-posix-debuginfo amazon-linux-2023-upgrade-perl-safe amazon-linux-2023-upgrade-perl-search-dict amazon-linux-2023-upgrade-perl-selectsaver amazon-linux-2023-upgrade-perl-selfloader amazon-linux-2023-upgrade-perl-sigtrap amazon-linux-2023-upgrade-perl-sort amazon-linux-2023-upgrade-perl-subs amazon-linux-2023-upgrade-perl-symbol amazon-linux-2023-upgrade-perl-sys-hostname amazon-linux-2023-upgrade-perl-sys-hostname-debuginfo amazon-linux-2023-upgrade-perl-term-complete amazon-linux-2023-upgrade-perl-term-readline amazon-linux-2023-upgrade-perl-test amazon-linux-2023-upgrade-perl-tests amazon-linux-2023-upgrade-perl-text-abbrev amazon-linux-2023-upgrade-perl-thread amazon-linux-2023-upgrade-perl-thread-semaphore amazon-linux-2023-upgrade-perl-tie amazon-linux-2023-upgrade-perl-tie-file amazon-linux-2023-upgrade-perl-tie-memoize amazon-linux-2023-upgrade-perl-time amazon-linux-2023-upgrade-perl-time-piece amazon-linux-2023-upgrade-perl-time-piece-debuginfo amazon-linux-2023-upgrade-perl-unicode-ucd amazon-linux-2023-upgrade-perl-user-pwent amazon-linux-2023-upgrade-perl-utils amazon-linux-2023-upgrade-perl-vars amazon-linux-2023-upgrade-perl-vmsish References https://attackerkb.com/topics/cve-2023-47100 CVE - 2023-47100 https://alas.aws.amazon.com/AL2023/ALAS-2023-448.html

NotepadPlusPlus: Uncontrolled Search Path Element (CVE-2023-47452) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/30/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. Solution(s) notepadplusplus-upgrade-latest References https://attackerkb.com/topics/cve-2023-47452 CVE - 2023-47452 https://github.com/xieqiang11/poc-1/tree/main

Alma Linux: CVE-2023-42917: Important: webkit2gtk3 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-42917 CVE - 2023-42917 https://errata.almalinux.org/8/ALSA-2023-7716.html https://errata.almalinux.org/9/ALSA-2023-7715.html

IBM AIX: perl_advisory8 (CVE-2023-47100): Vulnerability in perl affects AIX Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/02/2023 Created 02/23/2024 Added 02/22/2024 Modified 01/28/2025 Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. Solution(s) ibm-aix-perl_advisory8 References https://attackerkb.com/topics/cve-2023-47100 CVE - 2023-47100 https://aix.software.ibm.com/aix/efixes/security/perl_advisory8.asc

Huawei EulerOS: CVE-2023-47100: perl security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/02/2023 Created 01/30/2024 Added 01/29/2024 Modified 01/28/2025 Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. Solution(s) huawei-euleros-2_0_sp11-upgrade-perl huawei-euleros-2_0_sp11-upgrade-perl-libs References https://attackerkb.com/topics/cve-2023-47100 CVE - 2023-47100 EulerOS-SA-2024-1126

VMware Photon OS: CVE-2023-47100 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-47100 CVE - 2023-47100

Oracle Linux: CVE-2023-24023: ELSA-2024-2394:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:N) Published 12/02/2023 Created 05/21/2024 Added 05/14/2024 Modified 01/07/2025 Description Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-24023 CVE - 2023-24023 ELSA-2024-2394 ELSA-2024-3138

Alpine Linux: CVE-2023-47100: Improper Handling of Exceptional Conditions Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/02/2023 Created 03/22/2024 Added 03/21/2024 Modified 01/28/2025 Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. Solution(s) alpine-linux-upgrade-perl References https://attackerkb.com/topics/cve-2023-47100 CVE - 2023-47100 https://security.alpinelinux.org/vuln/CVE-2023-47100

Apple Safari security update for CVE-2023-42917 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/01/2023 Created 12/02/2023 Added 12/01/2023 Modified 01/28/2025 Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) apple-safari-upgrade-17_1_2 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-42917 CVE - 2023-42917 http://support.apple.com/kb/HT214033

Apple Safari security update for CVE-2023-42916 Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/01/2023 Created 12/02/2023 Added 12/01/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) apple-safari-upgrade-17_1_2 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-42916 CVE - 2023-42916 http://support.apple.com/kb/HT214033

OS X update for WebKit (CVE-2023-42916) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/01/2023 Created 12/02/2023 Added 12/01/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) apple-osx-upgrade-14_1_2 References https://attackerkb.com/topics/cve-2023-42916 CVE - 2023-42916 https://support.apple.com/kb/HT214032

OS X update for WebKit (CVE-2023-42917) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/01/2023 Created 12/02/2023 Added 12/01/2023 Modified 01/28/2025 Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) apple-osx-upgrade-14_1_2 References https://attackerkb.com/topics/cve-2023-42917 CVE - 2023-42917 https://support.apple.com/kb/HT214032

Microsoft Edge Chromium: CVE-2023-6350 Out of bounds memory access in libavif Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-6350 CVE - 2023-6350 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6350

ownCloud: CVE-2023-49103: Disclosure of sensitive credentials and configuration in containerized deployments Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 12/02/2023 Added 12/01/2023 Modified 12/04/2023 Description An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. Solution(s) owncloud-graphapi-upgrade-latest References https://attackerkb.com/topics/cve-2023-49103 CVE - 2023-49103 https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/

IBM AIX: invscout_advisory5 (CVE-2023-45168): Vulnerability in invscout affects AIX Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/30/2023 Created 12/02/2023 Added 12/01/2023 Modified 01/28/2025 Description IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands.IBM X-Force ID:267966. Solution(s) ibm-aix-invscout_advisory5 References https://attackerkb.com/topics/cve-2023-45168 CVE - 2023-45168 https://aix.software.ibm.com/aix/efixes/security/invscout_advisory5.asc

Microsoft Edge Chromium: CVE-2023-6346 Use after free in WebAudio Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-6346 CVE - 2023-6346 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6346

CentOS Linux: CVE-2023-5868: Important: postgresql:13 security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/30/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. Solution(s) centos-upgrade-pg_repack centos-upgrade-pg_repack-debuginfo centos-upgrade-pg_repack-debugsource centos-upgrade-pgaudit centos-upgrade-pgaudit-debuginfo centos-upgrade-pgaudit-debugsource centos-upgrade-postgres-decoderbufs centos-upgrade-postgres-decoderbufs-debuginfo centos-upgrade-postgres-decoderbufs-debugsource centos-upgrade-postgresql centos-upgrade-postgresql-contrib centos-upgrade-postgresql-contrib-debuginfo centos-upgrade-postgresql-debuginfo centos-upgrade-postgresql-debugsource centos-upgrade-postgresql-docs centos-upgrade-postgresql-docs-debuginfo centos-upgrade-postgresql-plperl centos-upgrade-postgresql-plperl-debuginfo centos-upgrade-postgresql-plpython3 centos-upgrade-postgresql-plpython3-debuginfo centos-upgrade-postgresql-pltcl centos-upgrade-postgresql-pltcl-debuginfo centos-upgrade-postgresql-private-devel centos-upgrade-postgresql-private-libs centos-upgrade-postgresql-private-libs-debuginfo centos-upgrade-postgresql-server centos-upgrade-postgresql-server-debuginfo centos-upgrade-postgresql-server-devel centos-upgrade-postgresql-server-devel-debuginfo centos-upgrade-postgresql-static centos-upgrade-postgresql-test centos-upgrade-postgresql-test-debuginfo centos-upgrade-postgresql-test-rpm-macros centos-upgrade-postgresql-upgrade centos-upgrade-postgresql-upgrade-debuginfo centos-upgrade-postgresql-upgrade-devel centos-upgrade-postgresql-upgrade-devel-debuginfo References CVE-2023-5868

Amazon Linux AMI 2: CVE-2023-42917: Security patch for webkitgtk4 (ALAS-2024-2427) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/28/2025 Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2023-42917 AL2/ALAS-2024-2427 CVE - 2023-42917

Amazon Linux AMI 2: CVE-2023-42916: Security patch for webkitgtk4 (ALAS-2024-2427) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/30/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2023-42916 AL2/ALAS-2024-2427 CVE - 2023-42916

Red Hat: CVE-2023-42917: webkitgtk: Arbitrary Remote Code Execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/30/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/28/2025 Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-42917 RHSA-2023:7715 RHSA-2023:7716 RHSA-2024:8492 RHSA-2024:9646