ISHACK AI BOT

Adobe Acrobat: CVE-2023-44372: Security updates available for Adobe Acrobat and Reader (APSB23-54) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-44372 https://helpx.adobe.com/security/products/acrobat/apsb23-54.html CVE - 2023-44372

Adobe Acrobat: CVE-2023-44367: Security updates available for Adobe Acrobat and Reader (APSB23-54) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-44367 https://helpx.adobe.com/security/products/acrobat/apsb23-54.html CVE - 2023-44367

Adobe Acrobat: CVE-2023-44366: Security updates available for Adobe Acrobat and Reader (APSB23-54) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-44366 https://helpx.adobe.com/security/products/acrobat/apsb23-54.html CVE - 2023-44366

SUSE: CVE-2023-20592: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 11/14/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. Solution(s) suse-upgrade-kernel-firmware suse-upgrade-kernel-firmware-all suse-upgrade-kernel-firmware-amdgpu suse-upgrade-kernel-firmware-ath10k suse-upgrade-kernel-firmware-ath11k suse-upgrade-kernel-firmware-atheros suse-upgrade-kernel-firmware-bluetooth suse-upgrade-kernel-firmware-bnx2 suse-upgrade-kernel-firmware-brcm suse-upgrade-kernel-firmware-chelsio suse-upgrade-kernel-firmware-dpaa2 suse-upgrade-kernel-firmware-i915 suse-upgrade-kernel-firmware-intel suse-upgrade-kernel-firmware-iwlwifi suse-upgrade-kernel-firmware-liquidio suse-upgrade-kernel-firmware-marvell suse-upgrade-kernel-firmware-media suse-upgrade-kernel-firmware-mediatek suse-upgrade-kernel-firmware-mellanox suse-upgrade-kernel-firmware-mwifiex suse-upgrade-kernel-firmware-network suse-upgrade-kernel-firmware-nfp suse-upgrade-kernel-firmware-nvidia suse-upgrade-kernel-firmware-platform suse-upgrade-kernel-firmware-prestera suse-upgrade-kernel-firmware-qcom suse-upgrade-kernel-firmware-qlogic suse-upgrade-kernel-firmware-radeon suse-upgrade-kernel-firmware-realtek suse-upgrade-kernel-firmware-serial suse-upgrade-kernel-firmware-sound suse-upgrade-kernel-firmware-ti suse-upgrade-kernel-firmware-ueagle suse-upgrade-kernel-firmware-usb-network suse-upgrade-ucode-amd References https://attackerkb.com/topics/cve-2023-20592 CVE - 2023-20592

SUSE: CVE-2023-20526: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. Solution(s) suse-upgrade-kernel-firmware suse-upgrade-kernel-firmware-all suse-upgrade-kernel-firmware-amdgpu suse-upgrade-kernel-firmware-ath10k suse-upgrade-kernel-firmware-ath11k suse-upgrade-kernel-firmware-atheros suse-upgrade-kernel-firmware-bluetooth suse-upgrade-kernel-firmware-bnx2 suse-upgrade-kernel-firmware-brcm suse-upgrade-kernel-firmware-chelsio suse-upgrade-kernel-firmware-dpaa2 suse-upgrade-kernel-firmware-i915 suse-upgrade-kernel-firmware-intel suse-upgrade-kernel-firmware-iwlwifi suse-upgrade-kernel-firmware-liquidio suse-upgrade-kernel-firmware-marvell suse-upgrade-kernel-firmware-media suse-upgrade-kernel-firmware-mediatek suse-upgrade-kernel-firmware-mellanox suse-upgrade-kernel-firmware-mwifiex suse-upgrade-kernel-firmware-network suse-upgrade-kernel-firmware-nfp suse-upgrade-kernel-firmware-nvidia suse-upgrade-kernel-firmware-platform suse-upgrade-kernel-firmware-prestera suse-upgrade-kernel-firmware-qcom suse-upgrade-kernel-firmware-qlogic suse-upgrade-kernel-firmware-radeon suse-upgrade-kernel-firmware-realtek suse-upgrade-kernel-firmware-serial suse-upgrade-kernel-firmware-sound suse-upgrade-kernel-firmware-ti suse-upgrade-kernel-firmware-ueagle suse-upgrade-kernel-firmware-usb-network suse-upgrade-ucode-amd References https://attackerkb.com/topics/cve-2023-20526 CVE - 2023-20526

APSB23-54:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-44357) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-44357 CVE - 2023-44357 https://helpx.adobe.com/security/products/reader/apsb23-54.html

Ubuntu: USN-6485-1 (CVE-2023-23583): Intel Microcode vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/14/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. Solution(s) ubuntu-pro-upgrade-intel-microcode References https://attackerkb.com/topics/cve-2023-23583 CVE - 2023-23583 USN-6485-1

Aruba AOS-10: CVE-2023-45624: Unauthenticated Denial-of-Service (DoS) Vulnerability in the Soft AP Daemon Service Accessed via the PAPI Protocol Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/14/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. Solution(s) aruba-aos-10-cve-2023-45624 References https://attackerkb.com/topics/cve-2023-45624 CVE - 2023-45624 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-017.json

Aruba AOS-10: CVE-2023-45617: Unauthenticated Arbitrary File Deletion in CLI Service Accessed by the PAPI Protocol Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 11/14/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. Solution(s) aruba-aos-10-cve-2023-45617 References https://attackerkb.com/topics/cve-2023-45617 CVE - 2023-45617 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-017.json

APSB23-54:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-44365) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-44365 CVE - 2023-44365 https://helpx.adobe.com/security/products/reader/apsb23-54.html

Red Hat: CVE-2023-44444: gimp: psp off-by-one RCE (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 02/08/2024 Added 02/07/2024 Modified 01/30/2025 Description GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22097. Solution(s) redhat-upgrade-gimp redhat-upgrade-gimp-debuginfo redhat-upgrade-gimp-debugsource redhat-upgrade-gimp-devel redhat-upgrade-gimp-devel-tools redhat-upgrade-gimp-devel-tools-debuginfo redhat-upgrade-gimp-libs redhat-upgrade-gimp-libs-debuginfo redhat-upgrade-pygobject2 redhat-upgrade-pygobject2-codegen redhat-upgrade-pygobject2-debuginfo redhat-upgrade-pygobject2-debugsource redhat-upgrade-pygobject2-devel redhat-upgrade-pygobject2-doc redhat-upgrade-pygtk2 redhat-upgrade-pygtk2-codegen redhat-upgrade-pygtk2-debuginfo redhat-upgrade-pygtk2-debugsource redhat-upgrade-pygtk2-devel redhat-upgrade-pygtk2-doc redhat-upgrade-python2-cairo redhat-upgrade-python2-cairo-debuginfo redhat-upgrade-python2-cairo-devel redhat-upgrade-python2-pycairo-debugsource References CVE-2023-44444 RHSA-2024:0675 RHSA-2024:0702 RHSA-2024:0716 RHSA-2024:0861 RHSA-2024:0862 RHSA-2024:0863 RHSA-2025:0746 View more

Red Hat: CVE-2023-36049: dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-6-0 redhat-upgrade-aspnetcore-runtime-7-0 redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-targeting-pack-6-0 redhat-upgrade-aspnetcore-targeting-pack-7-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-6-0 redhat-upgrade-dotnet-apphost-pack-6-0-debuginfo redhat-upgrade-dotnet-apphost-pack-7-0 redhat-upgrade-dotnet-apphost-pack-7-0-debuginfo redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-6-0 redhat-upgrade-dotnet-hostfxr-6-0-debuginfo redhat-upgrade-dotnet-hostfxr-7-0 redhat-upgrade-dotnet-hostfxr-7-0-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-runtime-6-0 redhat-upgrade-dotnet-runtime-6-0-debuginfo redhat-upgrade-dotnet-runtime-7-0 redhat-upgrade-dotnet-runtime-7-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-sdk-6-0 redhat-upgrade-dotnet-sdk-6-0-debuginfo redhat-upgrade-dotnet-sdk-6-0-source-built-artifacts redhat-upgrade-dotnet-sdk-7-0 redhat-upgrade-dotnet-sdk-7-0-debuginfo redhat-upgrade-dotnet-sdk-7-0-source-built-artifacts redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-targeting-pack-6-0 redhat-upgrade-dotnet-targeting-pack-7-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-templates-6-0 redhat-upgrade-dotnet-templates-7-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet6-0-debuginfo redhat-upgrade-dotnet6-0-debugsource redhat-upgrade-dotnet7-0-debuginfo redhat-upgrade-dotnet7-0-debugsource redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-36049 RHSA-2023:7253 RHSA-2023:7254 RHSA-2023:7255 RHSA-2023:7256 RHSA-2023:7257 RHSA-2023:7258 View more

Red Hat: CVE-2023-36558: dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 11/14/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description ASP.NET Core Security Feature Bypass Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-6-0 redhat-upgrade-aspnetcore-runtime-7-0 redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-targeting-pack-6-0 redhat-upgrade-aspnetcore-targeting-pack-7-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-6-0 redhat-upgrade-dotnet-apphost-pack-6-0-debuginfo redhat-upgrade-dotnet-apphost-pack-7-0 redhat-upgrade-dotnet-apphost-pack-7-0-debuginfo redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-6-0 redhat-upgrade-dotnet-hostfxr-6-0-debuginfo redhat-upgrade-dotnet-hostfxr-7-0 redhat-upgrade-dotnet-hostfxr-7-0-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-runtime-6-0 redhat-upgrade-dotnet-runtime-6-0-debuginfo redhat-upgrade-dotnet-runtime-7-0 redhat-upgrade-dotnet-runtime-7-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-sdk-6-0 redhat-upgrade-dotnet-sdk-6-0-debuginfo redhat-upgrade-dotnet-sdk-6-0-source-built-artifacts redhat-upgrade-dotnet-sdk-7-0 redhat-upgrade-dotnet-sdk-7-0-debuginfo redhat-upgrade-dotnet-sdk-7-0-source-built-artifacts redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-targeting-pack-6-0 redhat-upgrade-dotnet-targeting-pack-7-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-templates-6-0 redhat-upgrade-dotnet-templates-7-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet6-0-debuginfo redhat-upgrade-dotnet6-0-debugsource redhat-upgrade-dotnet7-0-debuginfo redhat-upgrade-dotnet7-0-debugsource redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-36558 RHSA-2023:7253 RHSA-2023:7254 RHSA-2023:7255 RHSA-2023:7256 RHSA-2023:7257 RHSA-2023:7258 View more

Alma Linux: CVE-2023-36558: Moderate: dotnet8.0 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 11/14/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description ASP.NET Core Security Feature Bypass Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-6.0 alma-upgrade-aspnetcore-runtime-7.0 alma-upgrade-aspnetcore-runtime-8.0 alma-upgrade-aspnetcore-targeting-pack-6.0 alma-upgrade-aspnetcore-targeting-pack-7.0 alma-upgrade-aspnetcore-targeting-pack-8.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-6.0 alma-upgrade-dotnet-apphost-pack-7.0 alma-upgrade-dotnet-apphost-pack-8.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-6.0 alma-upgrade-dotnet-hostfxr-7.0 alma-upgrade-dotnet-hostfxr-8.0 alma-upgrade-dotnet-runtime-6.0 alma-upgrade-dotnet-runtime-7.0 alma-upgrade-dotnet-runtime-8.0 alma-upgrade-dotnet-sdk-6.0 alma-upgrade-dotnet-sdk-6.0-source-built-artifacts alma-upgrade-dotnet-sdk-7.0 alma-upgrade-dotnet-sdk-7.0-source-built-artifacts alma-upgrade-dotnet-sdk-8.0 alma-upgrade-dotnet-sdk-8.0-source-built-artifacts alma-upgrade-dotnet-targeting-pack-6.0 alma-upgrade-dotnet-targeting-pack-7.0 alma-upgrade-dotnet-targeting-pack-8.0 alma-upgrade-dotnet-templates-6.0 alma-upgrade-dotnet-templates-7.0 alma-upgrade-dotnet-templates-8.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-36558 CVE - 2023-36558 https://errata.almalinux.org/8/ALSA-2023-7254.html https://errata.almalinux.org/8/ALSA-2023-7256.html https://errata.almalinux.org/8/ALSA-2023-7258.html https://errata.almalinux.org/9/ALSA-2023-7253.html https://errata.almalinux.org/9/ALSA-2023-7255.html https://errata.almalinux.org/9/ALSA-2023-7257.html View more

Red Hat: CVE-2023-20592: hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 11/14/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. Solution(s) redhat-upgrade-iwl100-firmware redhat-upgrade-iwl1000-firmware redhat-upgrade-iwl105-firmware redhat-upgrade-iwl135-firmware redhat-upgrade-iwl2000-firmware redhat-upgrade-iwl2030-firmware redhat-upgrade-iwl3160-firmware redhat-upgrade-iwl3945-firmware redhat-upgrade-iwl4965-firmware redhat-upgrade-iwl5000-firmware redhat-upgrade-iwl5150-firmware redhat-upgrade-iwl6000-firmware redhat-upgrade-iwl6000g2a-firmware redhat-upgrade-iwl6000g2b-firmware redhat-upgrade-iwl6050-firmware redhat-upgrade-iwl7260-firmware redhat-upgrade-libertas-sd8686-firmware redhat-upgrade-libertas-sd8787-firmware redhat-upgrade-libertas-usb8388-firmware redhat-upgrade-libertas-usb8388-olpc-firmware redhat-upgrade-linux-firmware References CVE-2023-20592 RHSA-2024:0753 RHSA-2024:1112 RHSA-2024:3178

Adobe Photoshop: CVE-2023-44333: Security updates available for Adobe Photoshop (APSB23-56) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 04/29/2024 Added 03/04/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2023-44333 CVE - 2023-44333 https://helpx.adobe.com/security/products/photoshop/apsb23-56.html

Adobe Photoshop: CVE-2023-44330: Security updates available for Adobe Photoshop (APSB23-56) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 04/29/2024 Added 03/04/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2023-44330 CVE - 2023-44330 https://helpx.adobe.com/security/products/photoshop/apsb23-56.html

Kubernetes: CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/14/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. Solution(s) kubernetes-upgrade-1_25_16 kubernetes-upgrade-1_26_11 kubernetes-upgrade-1_27_8 kubernetes-upgrade-1_28_4 References https://attackerkb.com/topics/cve-2023-5528 CVE - 2023-5528 https://github.com/kubernetes/kubernetes/issues/121879

APSB23-54:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-44340) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-44340 CVE - 2023-44340 https://helpx.adobe.com/security/products/reader/apsb23-54.html

CentOS Linux: CVE-2023-36558: Moderate: dotnet8.0 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 11/14/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description ASP.NET Core - Security Feature Bypass Vulnerability Solution(s) centos-upgrade-aspnetcore-runtime-6-0 centos-upgrade-aspnetcore-runtime-7-0 centos-upgrade-aspnetcore-runtime-8-0 centos-upgrade-aspnetcore-targeting-pack-6-0 centos-upgrade-aspnetcore-targeting-pack-7-0 centos-upgrade-aspnetcore-targeting-pack-8-0 centos-upgrade-dotnet centos-upgrade-dotnet-apphost-pack-6-0 centos-upgrade-dotnet-apphost-pack-6-0-debuginfo centos-upgrade-dotnet-apphost-pack-7-0 centos-upgrade-dotnet-apphost-pack-7-0-debuginfo centos-upgrade-dotnet-apphost-pack-8-0 centos-upgrade-dotnet-apphost-pack-8-0-debuginfo centos-upgrade-dotnet-host centos-upgrade-dotnet-host-debuginfo centos-upgrade-dotnet-hostfxr-6-0 centos-upgrade-dotnet-hostfxr-6-0-debuginfo centos-upgrade-dotnet-hostfxr-7-0 centos-upgrade-dotnet-hostfxr-7-0-debuginfo centos-upgrade-dotnet-hostfxr-8-0 centos-upgrade-dotnet-hostfxr-8-0-debuginfo centos-upgrade-dotnet-runtime-6-0 centos-upgrade-dotnet-runtime-6-0-debuginfo centos-upgrade-dotnet-runtime-7-0 centos-upgrade-dotnet-runtime-7-0-debuginfo centos-upgrade-dotnet-runtime-8-0 centos-upgrade-dotnet-runtime-8-0-debuginfo centos-upgrade-dotnet-sdk-6-0 centos-upgrade-dotnet-sdk-6-0-debuginfo centos-upgrade-dotnet-sdk-7-0 centos-upgrade-dotnet-sdk-7-0-debuginfo centos-upgrade-dotnet-sdk-8-0 centos-upgrade-dotnet-sdk-8-0-debuginfo centos-upgrade-dotnet-targeting-pack-6-0 centos-upgrade-dotnet-targeting-pack-7-0 centos-upgrade-dotnet-targeting-pack-8-0 centos-upgrade-dotnet-templates-6-0 centos-upgrade-dotnet-templates-7-0 centos-upgrade-dotnet-templates-8-0 centos-upgrade-dotnet6-0-debuginfo centos-upgrade-dotnet6-0-debugsource centos-upgrade-dotnet7-0-debuginfo centos-upgrade-dotnet7-0-debugsource centos-upgrade-dotnet8-0-debuginfo centos-upgrade-dotnet8-0-debugsource centos-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-36558

Alpine Linux: CVE-2023-46121: HTTP Request/Response Smuggling Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 11/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`. Solution(s) alpine-linux-upgrade-yt-dlp References https://attackerkb.com/topics/cve-2023-46121 CVE - 2023-46121 https://security.alpinelinux.org/vuln/CVE-2023-46121

SUSE: CVE-2023-20566: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/14/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. Solution(s) suse-upgrade-kernel-firmware suse-upgrade-kernel-firmware-all suse-upgrade-kernel-firmware-amdgpu suse-upgrade-kernel-firmware-ath10k suse-upgrade-kernel-firmware-ath11k suse-upgrade-kernel-firmware-atheros suse-upgrade-kernel-firmware-bluetooth suse-upgrade-kernel-firmware-bnx2 suse-upgrade-kernel-firmware-brcm suse-upgrade-kernel-firmware-chelsio suse-upgrade-kernel-firmware-dpaa2 suse-upgrade-kernel-firmware-i915 suse-upgrade-kernel-firmware-intel suse-upgrade-kernel-firmware-iwlwifi suse-upgrade-kernel-firmware-liquidio suse-upgrade-kernel-firmware-marvell suse-upgrade-kernel-firmware-media suse-upgrade-kernel-firmware-mediatek suse-upgrade-kernel-firmware-mellanox suse-upgrade-kernel-firmware-mwifiex suse-upgrade-kernel-firmware-network suse-upgrade-kernel-firmware-nfp suse-upgrade-kernel-firmware-nvidia suse-upgrade-kernel-firmware-platform suse-upgrade-kernel-firmware-prestera suse-upgrade-kernel-firmware-qcom suse-upgrade-kernel-firmware-qlogic suse-upgrade-kernel-firmware-radeon suse-upgrade-kernel-firmware-realtek suse-upgrade-kernel-firmware-serial suse-upgrade-kernel-firmware-sound suse-upgrade-kernel-firmware-ti suse-upgrade-kernel-firmware-ueagle suse-upgrade-kernel-firmware-usb-network suse-upgrade-ucode-amd References https://attackerkb.com/topics/cve-2023-20566 CVE - 2023-20566

Zoom: CVE-2023-39199: ZoomClients - Cryptographic Issues Severity 6 CVSS (AV:N/AC:L/Au:M/C:C/I:N/A:N) Published 11/14/2023 Created 11/16/2023 Added 11/14/2023 Modified 01/08/2025 Description Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-39199 CVE - 2023-39199 https://explore.zoom.us/en/trust/security/security-bulletin

Zoom: CVE-2023-39204: Zoom Clients - Buffer Overflow Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/14/2023 Created 11/16/2023 Added 11/14/2023 Modified 01/08/2025 Description Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-39204 CVE - 2023-39204 https://explore.zoom.us/en/trust/security/security-bulletin

Microsoft Windows: CVE-2023-36403: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 11/14/2023 Created 11/15/2023 Added 11/14/2023 Modified 09/06/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5032199 microsoft-windows-windows_10-1607-kb5032197 microsoft-windows-windows_10-1809-kb5032196 microsoft-windows-windows_10-21h2-kb5032189 microsoft-windows-windows_10-22h2-kb5032189 microsoft-windows-windows_11-21h2-kb5032192 microsoft-windows-windows_11-22h2-kb5032190 microsoft-windows-windows_11-23h2-kb5032190 microsoft-windows-windows_server_2012-kb5032247 microsoft-windows-windows_server_2012_r2-kb5032249 microsoft-windows-windows_server_2016-1607-kb5032197 microsoft-windows-windows_server_2019-1809-kb5032196 microsoft-windows-windows_server_2022-21h2-kb5032198 microsoft-windows-windows_server_2022-22h2-kb5032198 microsoft-windows-windows_server_2022-23h2-kb5032202 msft-kb5032248-06a12477-d077-4fd3-8043-74c85e3d34cc msft-kb5032248-558aba2e-6f78-4637-bcc8-7120eefb8770 msft-kb5032250-2671b498-e9e2-44dc-b130-30770b02e3f4 References https://attackerkb.com/topics/cve-2023-36403 CVE - 2023-36403 https://support.microsoft.com/help/5032189 https://support.microsoft.com/help/5032190 https://support.microsoft.com/help/5032192 https://support.microsoft.com/help/5032196 https://support.microsoft.com/help/5032197 https://support.microsoft.com/help/5032198 https://support.microsoft.com/help/5032199 https://support.microsoft.com/help/5032202 https://support.microsoft.com/help/5032247 https://support.microsoft.com/help/5032249 View more