ISHACK AI BOT

Huawei EulerOS: CVE-2023-48706: vim security update Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:C) Published 11/22/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. Solution(s) huawei-euleros-2_0_sp9-upgrade-vim-common huawei-euleros-2_0_sp9-upgrade-vim-enhanced huawei-euleros-2_0_sp9-upgrade-vim-filesystem huawei-euleros-2_0_sp9-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-48706 CVE - 2023-48706 EulerOS-SA-2024-1209

Amazon Linux 2023: CVE-2023-48706: Low priority package update for vim (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:C) Published 11/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo amazon-linux-2023-upgrade-xxd amazon-linux-2023-upgrade-xxd-debuginfo References https://attackerkb.com/topics/cve-2023-48706 CVE - 2023-48706 https://alas.aws.amazon.com/AL2023/ALAS-2024-469.html https://alas.aws.amazon.com/AL2023/ALAS-2024-518.html

VMware Photon OS: CVE-2023-30581 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-30581 CVE - 2023-30581

Alpine Linux: CVE-2023-48706: Use After Free Severity 3 CVSS (AV:L/AC:H/Au:N/C:N/I:P/A:P) Published 11/22/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/14/2024 Description Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-48706 CVE - 2023-48706 https://security.alpinelinux.org/vuln/CVE-2023-48706

Alma Linux: CVE-2023-6212: Important: thunderbird security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6212 CVE - 2023-6212 https://errata.almalinux.org/8/ALSA-2023-7500.html https://errata.almalinux.org/8/ALSA-2023-7508.html https://errata.almalinux.org/9/ALSA-2023-7501.html https://errata.almalinux.org/9/ALSA-2023-7507.html

Atlassian Bitbucket (CVE-2021-40690): Third-Party Dependency in Bitbucket Data Center and Server Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/21/2024 Added 11/14/2024 Modified 12/13/2024 Description This High severity Third-Party Dependency vulnerability was introduced in version 7.21.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Bitbucket Data Center and Server 7.21: Upgrade to a release greater than or equal to 7.21.18 See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). The National Vulnerability Database provides the following description for this vulnerability: All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. Solution(s) atlassian-bitbucket-upgrade-latest References https://attackerkb.com/topics/cve-2021-40690 CVE - 2021-40690 https://jira.atlassian.com/browse/BSERV-18986

Ubuntu: (Multiple Advisories) (CVE-2023-5981): GnuTLS vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) ubuntu-pro-upgrade-libgnutls30 References https://attackerkb.com/topics/cve-2023-5981 CVE - 2023-5981 USN-6499-1 USN-6499-2

Ubuntu: (Multiple Advisories) (CVE-2023-6210): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 11/21/2023 Created 11/25/2023 Added 11/24/2023 Modified 01/30/2025 Description When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-6210 CVE - 2023-6210 USN-6509-1 USN-6509-2

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6209) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/30/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6209 CVE - 2023-6209 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6206) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6206 CVE - 2023-6206 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

MFSA2023-50 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.5.0 (CVE-2023-6204) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-esr-upgrade-115_5 References https://attackerkb.com/topics/cve-2023-6204 CVE - 2023-6204 http://www.mozilla.org/security/announce/2023/mfsa2023-50.html

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6204) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6204 CVE - 2023-6204 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

MFSA2023-50 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.5.0 (CVE-2023-6208) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-esr-upgrade-115_5 References https://attackerkb.com/topics/cve-2023-6208 CVE - 2023-6208 http://www.mozilla.org/security/announce/2023/mfsa2023-50.html

Debian: CVE-2023-6208: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6208 CVE - 2023-6208 DLA-3661-1 DSA-5561-1

Debian: CVE-2023-6207: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6207 CVE - 2023-6207 DLA-3661-1 DSA-5561-1

Debian: CVE-2023-6204: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6204 CVE - 2023-6204 DLA-3661-1 DSA-5561-1

Debian: CVE-2023-49316: php-phpseclib3 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/27/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service. Solution(s) debian-upgrade-php-phpseclib3 References https://attackerkb.com/topics/cve-2023-49316 CVE - 2023-49316

Debian: CVE-2023-6209: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/30/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6209 CVE - 2023-6209 DLA-3661-1 DSA-5561-1

Control iD iDSecure Authentication Bypass (CVE-2023-6329) Disclosed 11/27/2023 Created 08/27/2024 Description This module exploits an improper access control vulnerability (CVE-2023-6329) in Control iD iDSecure <= v4.7.43.0. It allows an unauthenticated remote attacker to compute valid credentials and to add a new administrative user to the web interface of the product. Author(s) Michael Heinzl Tenable Development Source Code History

Amazon Linux 2023: CVE-2023-47038: Medium priority package update for perl Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 11/25/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. Solution(s) amazon-linux-2023-upgrade-perl amazon-linux-2023-upgrade-perl-attribute-handlers amazon-linux-2023-upgrade-perl-autoloader amazon-linux-2023-upgrade-perl-autosplit amazon-linux-2023-upgrade-perl-autouse amazon-linux-2023-upgrade-perl-b amazon-linux-2023-upgrade-perl-base amazon-linux-2023-upgrade-perl-b-debuginfo amazon-linux-2023-upgrade-perl-benchmark amazon-linux-2023-upgrade-perl-blib amazon-linux-2023-upgrade-perl-class-struct amazon-linux-2023-upgrade-perl-config-extensions amazon-linux-2023-upgrade-perl-dbm-filter amazon-linux-2023-upgrade-perl-debugger amazon-linux-2023-upgrade-perl-debuginfo amazon-linux-2023-upgrade-perl-debugsource amazon-linux-2023-upgrade-perl-deprecate amazon-linux-2023-upgrade-perl-devel amazon-linux-2023-upgrade-perl-devel-peek amazon-linux-2023-upgrade-perl-devel-peek-debuginfo amazon-linux-2023-upgrade-perl-devel-selfstubber amazon-linux-2023-upgrade-perl-diagnostics amazon-linux-2023-upgrade-perl-dirhandle amazon-linux-2023-upgrade-perl-doc amazon-linux-2023-upgrade-perl-dumpvalue amazon-linux-2023-upgrade-perl-dynaloader amazon-linux-2023-upgrade-perl-encoding-warnings amazon-linux-2023-upgrade-perl-english amazon-linux-2023-upgrade-perl-errno amazon-linux-2023-upgrade-perl-extutils-constant amazon-linux-2023-upgrade-perl-extutils-embed amazon-linux-2023-upgrade-perl-extutils-miniperl amazon-linux-2023-upgrade-perl-fcntl amazon-linux-2023-upgrade-perl-fcntl-debuginfo amazon-linux-2023-upgrade-perl-fields amazon-linux-2023-upgrade-perl-file-basename amazon-linux-2023-upgrade-perl-filecache amazon-linux-2023-upgrade-perl-file-compare amazon-linux-2023-upgrade-perl-file-copy amazon-linux-2023-upgrade-perl-file-dosglob amazon-linux-2023-upgrade-perl-file-dosglob-debuginfo amazon-linux-2023-upgrade-perl-file-find amazon-linux-2023-upgrade-perl-filehandle amazon-linux-2023-upgrade-perl-file-stat amazon-linux-2023-upgrade-perl-filetest amazon-linux-2023-upgrade-perl-findbin amazon-linux-2023-upgrade-perl-gdbm-file amazon-linux-2023-upgrade-perl-gdbm-file-debuginfo amazon-linux-2023-upgrade-perl-getopt-std amazon-linux-2023-upgrade-perl-hash-util amazon-linux-2023-upgrade-perl-hash-util-debuginfo amazon-linux-2023-upgrade-perl-hash-util-fieldhash amazon-linux-2023-upgrade-perl-hash-util-fieldhash-debuginfo amazon-linux-2023-upgrade-perl-i18n-collate amazon-linux-2023-upgrade-perl-i18n-langinfo amazon-linux-2023-upgrade-perl-i18n-langinfo-debuginfo amazon-linux-2023-upgrade-perl-i18n-langtags amazon-linux-2023-upgrade-perl-if amazon-linux-2023-upgrade-perl-interpreter amazon-linux-2023-upgrade-perl-interpreter-debuginfo amazon-linux-2023-upgrade-perl-io amazon-linux-2023-upgrade-perl-io-debuginfo amazon-linux-2023-upgrade-perl-ipc-open3 amazon-linux-2023-upgrade-perl-less amazon-linux-2023-upgrade-perl-lib amazon-linux-2023-upgrade-perl-libnetcfg amazon-linux-2023-upgrade-perl-libs amazon-linux-2023-upgrade-perl-libs-debuginfo amazon-linux-2023-upgrade-perl-locale amazon-linux-2023-upgrade-perl-locale-maketext-simple amazon-linux-2023-upgrade-perl-macros amazon-linux-2023-upgrade-perl-math-complex amazon-linux-2023-upgrade-perl-memoize amazon-linux-2023-upgrade-perl-meta-notation amazon-linux-2023-upgrade-perl-module-loaded amazon-linux-2023-upgrade-perl-mro amazon-linux-2023-upgrade-perl-mro-debuginfo amazon-linux-2023-upgrade-perl-ndbm-file amazon-linux-2023-upgrade-perl-ndbm-file-debuginfo amazon-linux-2023-upgrade-perl-net amazon-linux-2023-upgrade-perl-next amazon-linux-2023-upgrade-perl-odbm-file amazon-linux-2023-upgrade-perl-odbm-file-debuginfo amazon-linux-2023-upgrade-perl-opcode amazon-linux-2023-upgrade-perl-opcode-debuginfo amazon-linux-2023-upgrade-perl-open amazon-linux-2023-upgrade-perl-overload amazon-linux-2023-upgrade-perl-overloading amazon-linux-2023-upgrade-perl-ph amazon-linux-2023-upgrade-perl-pod-functions amazon-linux-2023-upgrade-perl-pod-html amazon-linux-2023-upgrade-perl-posix amazon-linux-2023-upgrade-perl-posix-debuginfo amazon-linux-2023-upgrade-perl-safe amazon-linux-2023-upgrade-perl-search-dict amazon-linux-2023-upgrade-perl-selectsaver amazon-linux-2023-upgrade-perl-selfloader amazon-linux-2023-upgrade-perl-sigtrap amazon-linux-2023-upgrade-perl-sort amazon-linux-2023-upgrade-perl-subs amazon-linux-2023-upgrade-perl-symbol amazon-linux-2023-upgrade-perl-sys-hostname amazon-linux-2023-upgrade-perl-sys-hostname-debuginfo amazon-linux-2023-upgrade-perl-term-complete amazon-linux-2023-upgrade-perl-term-readline amazon-linux-2023-upgrade-perl-test amazon-linux-2023-upgrade-perl-tests amazon-linux-2023-upgrade-perl-text-abbrev amazon-linux-2023-upgrade-perl-thread amazon-linux-2023-upgrade-perl-thread-semaphore amazon-linux-2023-upgrade-perl-tie amazon-linux-2023-upgrade-perl-tie-file amazon-linux-2023-upgrade-perl-tie-memoize amazon-linux-2023-upgrade-perl-time amazon-linux-2023-upgrade-perl-time-piece amazon-linux-2023-upgrade-perl-time-piece-debuginfo amazon-linux-2023-upgrade-perl-unicode-ucd amazon-linux-2023-upgrade-perl-user-pwent amazon-linux-2023-upgrade-perl-utils amazon-linux-2023-upgrade-perl-vars amazon-linux-2023-upgrade-perl-vmsish References https://attackerkb.com/topics/cve-2023-47038 CVE - 2023-47038 https://alas.aws.amazon.com/AL2023/ALAS-2023-448.html

Oracle Linux: CVE-2023-47038: ELSA-2024-3128:perl:5.32 security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 11/25/2023 Created 05/22/2024 Added 05/08/2024 Modified 12/01/2024 Description A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. Solution(s) oracle-linux-upgrade-perl oracle-linux-upgrade-perl-attribute-handlers oracle-linux-upgrade-perl-autoloader oracle-linux-upgrade-perl-autosplit oracle-linux-upgrade-perl-autouse oracle-linux-upgrade-perl-b oracle-linux-upgrade-perl-base oracle-linux-upgrade-perl-benchmark oracle-linux-upgrade-perl-blib oracle-linux-upgrade-perl-class-struct oracle-linux-upgrade-perl-config-extensions oracle-linux-upgrade-perl-dbm-filter oracle-linux-upgrade-perl-debugger oracle-linux-upgrade-perl-deprecate oracle-linux-upgrade-perl-devel oracle-linux-upgrade-perl-devel-peek oracle-linux-upgrade-perl-devel-selfstubber oracle-linux-upgrade-perl-diagnostics oracle-linux-upgrade-perl-dirhandle oracle-linux-upgrade-perl-doc oracle-linux-upgrade-perl-dumpvalue oracle-linux-upgrade-perl-dynaloader oracle-linux-upgrade-perl-encoding-warnings oracle-linux-upgrade-perl-english oracle-linux-upgrade-perl-errno oracle-linux-upgrade-perl-extutils-constant oracle-linux-upgrade-perl-extutils-embed oracle-linux-upgrade-perl-extutils-miniperl oracle-linux-upgrade-perl-fcntl oracle-linux-upgrade-perl-fields oracle-linux-upgrade-perl-file-basename oracle-linux-upgrade-perl-filecache oracle-linux-upgrade-perl-file-compare oracle-linux-upgrade-perl-file-copy oracle-linux-upgrade-perl-file-dosglob oracle-linux-upgrade-perl-file-find oracle-linux-upgrade-perl-filehandle oracle-linux-upgrade-perl-file-stat oracle-linux-upgrade-perl-filetest oracle-linux-upgrade-perl-findbin oracle-linux-upgrade-perl-gdbm-file oracle-linux-upgrade-perl-getopt-std oracle-linux-upgrade-perl-hash-util oracle-linux-upgrade-perl-hash-util-fieldhash oracle-linux-upgrade-perl-i18n-collate oracle-linux-upgrade-perl-i18n-langinfo oracle-linux-upgrade-perl-i18n-langtags oracle-linux-upgrade-perl-if oracle-linux-upgrade-perl-interpreter oracle-linux-upgrade-perl-io oracle-linux-upgrade-perl-ipc-open3 oracle-linux-upgrade-perl-less oracle-linux-upgrade-perl-lib oracle-linux-upgrade-perl-libnetcfg oracle-linux-upgrade-perl-libs oracle-linux-upgrade-perl-locale oracle-linux-upgrade-perl-locale-maketext-simple oracle-linux-upgrade-perl-macros oracle-linux-upgrade-perl-math-complex oracle-linux-upgrade-perl-memoize oracle-linux-upgrade-perl-meta-notation oracle-linux-upgrade-perl-module-loaded oracle-linux-upgrade-perl-mro oracle-linux-upgrade-perl-ndbm-file oracle-linux-upgrade-perl-net oracle-linux-upgrade-perl-next oracle-linux-upgrade-perl-odbm-file oracle-linux-upgrade-perl-opcode oracle-linux-upgrade-perl-open oracle-linux-upgrade-perl-overload oracle-linux-upgrade-perl-overloading oracle-linux-upgrade-perl-ph oracle-linux-upgrade-perl-pod-functions oracle-linux-upgrade-perl-pod-html oracle-linux-upgrade-perl-posix oracle-linux-upgrade-perl-safe oracle-linux-upgrade-perl-search-dict oracle-linux-upgrade-perl-selectsaver oracle-linux-upgrade-perl-selfloader oracle-linux-upgrade-perl-sigtrap oracle-linux-upgrade-perl-sort oracle-linux-upgrade-perl-subs oracle-linux-upgrade-perl-symbol oracle-linux-upgrade-perl-sys-hostname oracle-linux-upgrade-perl-term-complete oracle-linux-upgrade-perl-term-readline oracle-linux-upgrade-perl-test oracle-linux-upgrade-perl-text-abbrev oracle-linux-upgrade-perl-thread oracle-linux-upgrade-perl-thread-semaphore oracle-linux-upgrade-perl-tie oracle-linux-upgrade-perl-tie-file oracle-linux-upgrade-perl-tie-memoize oracle-linux-upgrade-perl-time oracle-linux-upgrade-perl-time-piece oracle-linux-upgrade-perl-unicode-ucd oracle-linux-upgrade-perl-user-pwent oracle-linux-upgrade-perl-utils oracle-linux-upgrade-perl-vars oracle-linux-upgrade-perl-vmsish References https://attackerkb.com/topics/cve-2023-47038 CVE - 2023-47038 ELSA-2024-3128 ELSA-2024-2228

Alpine Linux: CVE-2023-49298: Authorization Bypass Through User-Controlled Key Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/24/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. Solution(s) alpine-linux-upgrade-zfs-lts alpine-linux-upgrade-zfs-rpi alpine-linux-upgrade-zfs References https://attackerkb.com/topics/cve-2023-49298 CVE - 2023-49298 https://security.alpinelinux.org/vuln/CVE-2023-49298

SUSE: CVE-2022-32919: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/24/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libjavascriptcoregtk-4_0-18-32bit suse-upgrade-libjavascriptcoregtk-4_0-18-64bit suse-upgrade-libjavascriptcoregtk-4_1-0 suse-upgrade-libjavascriptcoregtk-4_1-0-32bit suse-upgrade-libjavascriptcoregtk-4_1-0-64bit suse-upgrade-libjavascriptcoregtk-6_0-1 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk-4_0-37-32bit suse-upgrade-libwebkit2gtk-4_0-37-64bit suse-upgrade-libwebkit2gtk-4_1-0 suse-upgrade-libwebkit2gtk-4_1-0-32bit suse-upgrade-libwebkit2gtk-4_1-0-64bit suse-upgrade-libwebkit2gtk3-lang suse-upgrade-libwebkitgtk-6_0-4 suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-javascriptcore-4_1 suse-upgrade-typelib-1_0-javascriptcore-6_0 suse-upgrade-typelib-1_0-webkit-6_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2-4_1 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_1 suse-upgrade-typelib-1_0-webkitwebprocessextension-6_0 suse-upgrade-webkit-jsc-4 suse-upgrade-webkit-jsc-4-1 suse-upgrade-webkit-jsc-6-0 suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk-4_1-injected-bundles suse-upgrade-webkit2gtk3-devel suse-upgrade-webkit2gtk3-minibrowser suse-upgrade-webkit2gtk3-soup2-devel suse-upgrade-webkit2gtk3-soup2-minibrowser suse-upgrade-webkit2gtk4-devel suse-upgrade-webkit2gtk4-minibrowser suse-upgrade-webkitgtk-4-0-lang suse-upgrade-webkitgtk-4-1-lang suse-upgrade-webkitgtk-6-0-lang suse-upgrade-webkitgtk-6_0-injected-bundles References https://attackerkb.com/topics/cve-2022-32919 CVE - 2022-32919

Amazon Linux AMI 2: CVE-2023-6277: Security patch for compat-libtiff3, libtiff (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/24/2023 Created 12/06/2023 Added 12/05/2023 Modified 01/28/2025 Description An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. Solution(s) amazon-linux-ami-2-upgrade-compat-libtiff3 amazon-linux-ami-2-upgrade-compat-libtiff3-debuginfo amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-6277 AL2/ALAS-2023-2346 AL2/ALAS-2023-2347 CVE - 2023-6277

Debian: CVE-2023-49298: zfs-linux -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/24/2023 Created 03/20/2024 Added 03/20/2024 Modified 01/28/2025 Description OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. Solution(s) debian-upgrade-zfs-linux References https://attackerkb.com/topics/cve-2023-49298 CVE - 2023-49298 DLA-3766-1