ISHACK AI BOT

Cisco FTD: CVE-2023-20086: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ICMPv6 Message Processing Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20086 CVE - 2023-20086 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-icmpv6-t5TzqwNd cisco-sa-asa-icmpv6-t5TzqwNd

Cisco FTD: CVE-2023-20246: Multiple Cisco Products Snort 3 Access Control Policy Bypass Vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20246 CVE - 2023-20246 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh cisco-sa-ftd-snort3acp-bypass-3bdR2BEh

Cisco FTD: CVE-2023-20095: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20095 CVE - 2023-20095 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-dos-3GhZQBAS cisco-sa-asa-webvpn-dos-3GhZQBAS

Cisco FTD: CVE-2023-20267: Cisco Firepower Threat Defense Software Snort 3 Geolocation IP Filter Bypass Vulnerability Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20267 CVE - 2023-20267 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-bypass-LMz2ThKn cisco-sa-ftdsnort3sip-bypass-LMz2ThKn

Cisco FTD: CVE-2023-20264: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SAML Assertion Hijack Vulnerability Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20264 CVE - 2023-20264 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-hijack-ttuQfyz cisco-sa-asaftd-saml-hijack-ttuQfyz

Amazon Linux AMI 2: CVE-2023-38472: Security patch for avahi (ALAS-2024-2393) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Solution(s) amazon-linux-ami-2-upgrade-avahi amazon-linux-ami-2-upgrade-avahi-autoipd amazon-linux-ami-2-upgrade-avahi-compat-howl amazon-linux-ami-2-upgrade-avahi-compat-howl-devel amazon-linux-ami-2-upgrade-avahi-compat-libdns_sd amazon-linux-ami-2-upgrade-avahi-compat-libdns_sd-devel amazon-linux-ami-2-upgrade-avahi-debuginfo amazon-linux-ami-2-upgrade-avahi-devel amazon-linux-ami-2-upgrade-avahi-dnsconfd amazon-linux-ami-2-upgrade-avahi-glib amazon-linux-ami-2-upgrade-avahi-glib-devel amazon-linux-ami-2-upgrade-avahi-gobject amazon-linux-ami-2-upgrade-avahi-gobject-devel amazon-linux-ami-2-upgrade-avahi-libs amazon-linux-ami-2-upgrade-avahi-qt3 amazon-linux-ami-2-upgrade-avahi-qt3-devel amazon-linux-ami-2-upgrade-avahi-qt4 amazon-linux-ami-2-upgrade-avahi-qt4-devel amazon-linux-ami-2-upgrade-avahi-tools amazon-linux-ami-2-upgrade-avahi-ui amazon-linux-ami-2-upgrade-avahi-ui-devel amazon-linux-ami-2-upgrade-avahi-ui-gtk3 amazon-linux-ami-2-upgrade-avahi-ui-tools References https://attackerkb.com/topics/cve-2023-38472 AL2/ALAS-2024-2393 CVE - 2023-38472

Cisco FTD: CVE-2023-20071: Multiple Cisco Products Snort FTP Inspection Bypass Vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20071 CVE - 2023-20071 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM cisco-sa-snort-ftd-zXYtnjOM

Ubuntu: USN-6487-1 (CVE-2023-38471): Avahi vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/22/2023 Added 11/21/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. Solution(s) ubuntu-pro-upgrade-avahi-daemon ubuntu-pro-upgrade-libavahi-client3 ubuntu-pro-upgrade-libavahi-common3 ubuntu-pro-upgrade-libavahi-core7 References https://attackerkb.com/topics/cve-2023-38471 CVE - 2023-38471 USN-6487-1

Ubuntu: USN-6487-1 (CVE-2023-38469): Avahi vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/22/2023 Added 11/21/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Solution(s) ubuntu-pro-upgrade-avahi-daemon ubuntu-pro-upgrade-libavahi-client3 ubuntu-pro-upgrade-libavahi-common3 ubuntu-pro-upgrade-libavahi-core7 References https://attackerkb.com/topics/cve-2023-38469 CVE - 2023-38469 USN-6487-1

Huawei EulerOS: CVE-2023-38469: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Solution(s) huawei-euleros-2_0_sp10-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38469 CVE - 2023-38469 EulerOS-SA-2024-1077

Red Hat: CVE-2023-38471: avahi: Reachable assertion in dbus_set_host_name (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 12/19/2023 Added 12/15/2023 Modified 09/03/2024 Description A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. Solution(s) redhat-upgrade-avahi redhat-upgrade-avahi-autoipd redhat-upgrade-avahi-autoipd-debuginfo redhat-upgrade-avahi-compat-howl redhat-upgrade-avahi-compat-howl-debuginfo redhat-upgrade-avahi-compat-howl-devel redhat-upgrade-avahi-compat-libdns_sd redhat-upgrade-avahi-compat-libdns_sd-debuginfo redhat-upgrade-avahi-compat-libdns_sd-devel redhat-upgrade-avahi-debuginfo redhat-upgrade-avahi-debugsource redhat-upgrade-avahi-devel redhat-upgrade-avahi-dnsconfd-debuginfo redhat-upgrade-avahi-glib redhat-upgrade-avahi-glib-debuginfo redhat-upgrade-avahi-glib-devel redhat-upgrade-avahi-gobject redhat-upgrade-avahi-gobject-debuginfo redhat-upgrade-avahi-gobject-devel redhat-upgrade-avahi-libs redhat-upgrade-avahi-libs-debuginfo redhat-upgrade-avahi-tools redhat-upgrade-avahi-tools-debuginfo redhat-upgrade-avahi-ui redhat-upgrade-avahi-ui-debuginfo redhat-upgrade-avahi-ui-devel redhat-upgrade-avahi-ui-gtk3 redhat-upgrade-avahi-ui-gtk3-debuginfo redhat-upgrade-avahi-ui-tools-debuginfo redhat-upgrade-python3-avahi References CVE-2023-38471 RHSA-2023:7836 RHSA-2024:0418 RHSA-2024:0576 RHSA-2024:2433

Red Hat: CVE-2023-38469: avahi: Reachable assertion in avahi_dns_packet_append_record (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 12/19/2023 Added 12/15/2023 Modified 09/03/2024 Description A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Solution(s) redhat-upgrade-avahi redhat-upgrade-avahi-autoipd redhat-upgrade-avahi-autoipd-debuginfo redhat-upgrade-avahi-compat-howl redhat-upgrade-avahi-compat-howl-debuginfo redhat-upgrade-avahi-compat-howl-devel redhat-upgrade-avahi-compat-libdns_sd redhat-upgrade-avahi-compat-libdns_sd-debuginfo redhat-upgrade-avahi-compat-libdns_sd-devel redhat-upgrade-avahi-debuginfo redhat-upgrade-avahi-debugsource redhat-upgrade-avahi-devel redhat-upgrade-avahi-dnsconfd-debuginfo redhat-upgrade-avahi-glib redhat-upgrade-avahi-glib-debuginfo redhat-upgrade-avahi-glib-devel redhat-upgrade-avahi-gobject redhat-upgrade-avahi-gobject-debuginfo redhat-upgrade-avahi-gobject-devel redhat-upgrade-avahi-libs redhat-upgrade-avahi-libs-debuginfo redhat-upgrade-avahi-tools redhat-upgrade-avahi-tools-debuginfo redhat-upgrade-avahi-ui redhat-upgrade-avahi-ui-debuginfo redhat-upgrade-avahi-ui-devel redhat-upgrade-avahi-ui-gtk3 redhat-upgrade-avahi-ui-gtk3-debuginfo redhat-upgrade-avahi-ui-tools-debuginfo redhat-upgrade-python3-avahi References CVE-2023-38469 RHSA-2023:7836 RHSA-2024:0418 RHSA-2024:0576 RHSA-2024:2433

Rocky Linux: CVE-2023-38473: avahi (RLSA-2023-7836) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/02/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Solution(s) redhat-upgrade-libecap redhat-upgrade-libecap-debuginfo redhat-upgrade-libecap-debugsource redhat-upgrade-libecap-devel redhat-upgrade-squid redhat-upgrade-squid-debuginfo redhat-upgrade-squid-debugsource References CVE-2023-46846 RHSA-2023:6266 RHSA-2023:6267 RHSA-2023:6268 RHSA-2023:6748 RHSA-2023:6801 RHSA-2023:7213 View more

Cisco ASA: CVE-2023-20042: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software AnyConnect SSL/TLS VPN Denial of Service Vulnerability Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 11/10/2023 Added 11/08/2023 Modified 01/22/2025 Description A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition. Solution(s) cisco-asa-update-latest References https://attackerkb.com/topics/cve-2023-20042 CVE - 2023-20042 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-kxG8mpUA cisco-sa-asaftd-ssl-dos-kxG8mpUA

CentOS Linux: CVE-2023-46848: Critical: squid security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Squid is vulnerable to Denial of Service,where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Solution(s) centos-upgrade-squid centos-upgrade-squid-debuginfo centos-upgrade-squid-debugsource References CVE-2023-46848

Cisco ASA: CVE-2023-20256: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 11/01/2023 Created 12/15/2023 Added 12/14/2023 Modified 12/02/2024 Description Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. Solution(s) cisco-asa-update-latest References https://attackerkb.com/topics/cve-2023-20256 CVE - 2023-20256 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ac-acl-bypass-bwd7q6Gb cisco-sa-asaftd-ac-acl-bypass-bwd7q6Gb

OS X update for libc (CVE-2023-40383) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-40383 CVE - 2023-40383 https://support.apple.com/kb/HT213670

Debian: CVE-2023-5858: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/07/2023 Added 11/06/2023 Modified 01/28/2025 Description Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5858 CVE - 2023-5858 DSA-5546-1

Rocky Linux: CVE-2023-1192: kernel (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 11/01/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-1192 CVE - 2023-1192 https://errata.rockylinux.org/RLSA-2023:7548 https://errata.rockylinux.org/RLSA-2023:7549

Debian: CVE-2023-5850: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/07/2023 Added 11/06/2023 Modified 01/28/2025 Description Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5850 CVE - 2023-5850 DSA-5546-1

Red Hat: CVE-2023-1192: kernel: use-after-free in smb2_is_status_io_timeout() (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 11/01/2023 Created 11/30/2023 Added 11/29/2023 Modified 01/28/2025 Description A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-1192 RHSA-2023:7539 RHSA-2023:7548 RHSA-2023:7549 RHSA-2023:7749 RHSA-2024:0412 RHSA-2024:0439 RHSA-2024:0448 RHSA-2024:1250 RHSA-2024:1306 View more

Gentoo Linux: CVE-2023-5849: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5849 CVE - 2023-5849 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-5482: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5482 CVE - 2023-5482 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-5850: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5850 CVE - 2023-5850 202311-11 202312-07 202401-34