ISHACK AI BOT

7-Zip: CVE-2023-31102: CWE-191 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/03/2023 Created 07/27/2024 Added 07/26/2024 Modified 12/19/2024 Description Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. Solution(s) 7-zip-7-zip-upgrade-latest References https://attackerkb.com/topics/cve-2023-31102 CVE - 2023-31102 https://www.7-zip.org/download.html https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ https://security.netapp.com/advisory/ntap-20231110-0007/ https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/

Rocky Linux: CVE-2023-47235: frr (RLSA-2024-0130) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. Solution(s) rocky-upgrade-frr rocky-upgrade-frr-debuginfo rocky-upgrade-frr-debugsource References https://attackerkb.com/topics/cve-2023-47235 CVE - 2023-47235 https://errata.rockylinux.org/RLSA-2024:0130

Rocky Linux: CVE-2023-44271: python-pillow (RLSA-2024-3005) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Solution(s) rocky-upgrade-python-pillow-debuginfo rocky-upgrade-python-pillow-debugsource rocky-upgrade-python3-pillow rocky-upgrade-python3-pillow-debuginfo rocky-upgrade-python3-pillow-devel rocky-upgrade-python3-pillow-tk rocky-upgrade-python3-pillow-tk-debuginfo References https://attackerkb.com/topics/cve-2023-44271 CVE - 2023-44271 https://errata.rockylinux.org/RLSA-2024:3005

Rocky Linux: CVE-2023-46847: squid-4 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Squid is vulnerable to a Denial of Service,where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Solution(s) rocky-upgrade-libecap rocky-upgrade-libecap-debuginfo rocky-upgrade-libecap-debugsource rocky-upgrade-libecap-devel rocky-upgrade-squid rocky-upgrade-squid-debuginfo rocky-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-46847 CVE - 2023-46847 https://errata.rockylinux.org/RLSA-2023:6266 https://errata.rockylinux.org/RLSA-2023:6267 https://errata.rockylinux.org/RLSA-2023:7213

Rocky Linux: CVE-2023-46846: squid-4 (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/03/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Solution(s) rocky-upgrade-libecap rocky-upgrade-libecap-debuginfo rocky-upgrade-libecap-debugsource rocky-upgrade-libecap-devel rocky-upgrade-squid rocky-upgrade-squid-debuginfo rocky-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-46846 CVE - 2023-46846 https://errata.rockylinux.org/RLSA-2023:6266 https://errata.rockylinux.org/RLSA-2023:6267 https://errata.rockylinux.org/RLSA-2023:7213

Debian: CVE-2023-46846: squid -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/03/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Solution(s) debian-upgrade-squid References https://attackerkb.com/topics/cve-2023-46846 CVE - 2023-46846 DLA-3709-1

Amazon Linux AMI 2: CVE-2023-5088: Security patch for qemu (ALAS-2023-2336) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 11/03/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. Solution(s) amazon-linux-ami-2-upgrade-ivshmem-tools amazon-linux-ami-2-upgrade-qemu amazon-linux-ami-2-upgrade-qemu-audio-alsa amazon-linux-ami-2-upgrade-qemu-audio-oss amazon-linux-ami-2-upgrade-qemu-audio-pa amazon-linux-ami-2-upgrade-qemu-audio-sdl amazon-linux-ami-2-upgrade-qemu-block-curl amazon-linux-ami-2-upgrade-qemu-block-dmg amazon-linux-ami-2-upgrade-qemu-block-iscsi amazon-linux-ami-2-upgrade-qemu-block-nfs amazon-linux-ami-2-upgrade-qemu-block-rbd amazon-linux-ami-2-upgrade-qemu-block-ssh amazon-linux-ami-2-upgrade-qemu-common amazon-linux-ami-2-upgrade-qemu-debuginfo amazon-linux-ami-2-upgrade-qemu-guest-agent amazon-linux-ami-2-upgrade-qemu-img amazon-linux-ami-2-upgrade-qemu-kvm amazon-linux-ami-2-upgrade-qemu-kvm-core amazon-linux-ami-2-upgrade-qemu-system-aarch64 amazon-linux-ami-2-upgrade-qemu-system-aarch64-core amazon-linux-ami-2-upgrade-qemu-system-x86 amazon-linux-ami-2-upgrade-qemu-system-x86-core amazon-linux-ami-2-upgrade-qemu-ui-curses amazon-linux-ami-2-upgrade-qemu-ui-gtk amazon-linux-ami-2-upgrade-qemu-ui-sdl amazon-linux-ami-2-upgrade-qemu-user amazon-linux-ami-2-upgrade-qemu-user-binfmt amazon-linux-ami-2-upgrade-qemu-user-static References https://attackerkb.com/topics/cve-2023-5088 AL2/ALAS-2023-2336 CVE - 2023-5088

Amazon Linux AMI 2: CVE-2023-46847: Security patch for squid (ALAS-2023-2318) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Squid is vulnerable to a Denial of Service,where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Solution(s) amazon-linux-ami-2-upgrade-squid amazon-linux-ami-2-upgrade-squid-debuginfo amazon-linux-ami-2-upgrade-squid-migration-script amazon-linux-ami-2-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-46847 AL2/ALAS-2023-2318 CVE - 2023-46847

Oracle Linux: CVE-2023-47234: ELSA-2024-0130:frr security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 01/16/2024 Added 01/12/2024 Modified 01/07/2025 Description An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes. Solution(s) oracle-linux-upgrade-frr oracle-linux-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-47234 CVE - 2023-47234 ELSA-2024-0130 ELSA-2024-0477

Huawei EulerOS: CVE-2023-4091: samba security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 11/03/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. Solution(s) huawei-euleros-2_0_sp5-upgrade-libsmbclient huawei-euleros-2_0_sp5-upgrade-libwbclient huawei-euleros-2_0_sp5-upgrade-samba huawei-euleros-2_0_sp5-upgrade-samba-client huawei-euleros-2_0_sp5-upgrade-samba-client-libs huawei-euleros-2_0_sp5-upgrade-samba-common huawei-euleros-2_0_sp5-upgrade-samba-common-libs huawei-euleros-2_0_sp5-upgrade-samba-common-tools huawei-euleros-2_0_sp5-upgrade-samba-libs huawei-euleros-2_0_sp5-upgrade-samba-python huawei-euleros-2_0_sp5-upgrade-samba-winbind huawei-euleros-2_0_sp5-upgrade-samba-winbind-clients huawei-euleros-2_0_sp5-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2023-4091 CVE - 2023-4091 EulerOS-SA-2024-1163

Oracle Linux: CVE-2023-47235: ELSA-2024-0130:frr security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 01/16/2024 Added 01/12/2024 Modified 01/07/2025 Description An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. Solution(s) oracle-linux-upgrade-frr oracle-linux-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-47235 CVE - 2023-47235 ELSA-2024-0130 ELSA-2024-0477

Gentoo Linux: CVE-2023-44271: Pillow: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Solution(s) gentoo-linux-upgrade-dev-python-pillow References https://attackerkb.com/topics/cve-2023-44271 CVE - 2023-44271 202405-12

Amazon Linux AMI 2: CVE-2023-40660: Security patch for opensc (ALAS-2023-2323) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/03/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/30/2025 Description A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. Solution(s) amazon-linux-ami-2-upgrade-opensc amazon-linux-ami-2-upgrade-opensc-debuginfo References https://attackerkb.com/topics/cve-2023-40660 AL2/ALAS-2023-2323 CVE - 2023-40660

Alpine Linux: CVE-2023-42670: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 11/03/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services. Solution(s) alpine-linux-upgrade-samba References https://attackerkb.com/topics/cve-2023-42670 CVE - 2023-42670 https://security.alpinelinux.org/vuln/CVE-2023-42670

SUSE: CVE-2023-46846: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/03/2023 Created 11/08/2023 Added 11/07/2023 Modified 01/28/2025 Description SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Solution(s) suse-upgrade-squid References https://attackerkb.com/topics/cve-2023-46846 CVE - 2023-46846

Alpine Linux: CVE-2023-3961: Path Traversal Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 11/03/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/14/2024 Description A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. Solution(s) alpine-linux-upgrade-samba References https://attackerkb.com/topics/cve-2023-3961 CVE - 2023-3961 https://security.alpinelinux.org/vuln/CVE-2023-3961

VMware Photon OS: CVE-2023-3961 Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 11/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3961 CVE - 2023-3961

Debian: CVE-2023-46847: squid -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description Squid is vulnerable to a Denial of Service,where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Solution(s) debian-upgrade-squid References https://attackerkb.com/topics/cve-2023-46847 CVE - 2023-46847 DLA-3709-1

SUSE: CVE-2023-47233: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/03/2023 Created 02/16/2024 Added 02/15/2024 Modified 01/28/2025 Description The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-47233 CVE - 2023-47233

SUSE: CVE-2023-47234: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). Solution(s) suse-upgrade-frr suse-upgrade-frr-devel suse-upgrade-libfrr0 suse-upgrade-libfrr_pb0 suse-upgrade-libfrrcares0 suse-upgrade-libfrrfpm_pb0 suse-upgrade-libfrrgrpc_pb0 suse-upgrade-libfrrospfapiclient0 suse-upgrade-libfrrsnmp0 suse-upgrade-libfrrzmq0 suse-upgrade-libmlag_pb0 References https://attackerkb.com/topics/cve-2023-47234 CVE - 2023-47234

Rocky Linux: CVE-2023-46848: squid (RLSA-2023-6266) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Squid is vulnerable to Denial of Service,where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Solution(s) rocky-upgrade-squid rocky-upgrade-squid-debuginfo rocky-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-46848 CVE - 2023-46848 https://errata.rockylinux.org/RLSA-2023:6266

Rocky Linux: CVE-2023-5824: squid-4 (RLSA-2023-7668) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Microsoft Edge Chromium: CVE-2023-36022 Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:P/A:P) Published 11/03/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36022 CVE - 2023-36022 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36022

Microsoft Edge Chromium: CVE-2023-36034 Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:P) Published 11/03/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36034 CVE - 2023-36034 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36034

Oracle Linux: CVE-2023-52356: ELSA-2024-5079:libtiff security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 08/20/2024 Added 08/16/2024 Modified 11/30/2024 Description A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-52356 CVE - 2023-52356 ELSA-2024-5079