ISHACK AI BOT

IBM AIX: openssl_advisory40 (CVE-2023-5363): Vulnerabilities in OpenSSL affect AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 01/27/2024 Added 01/26/2024 Modified 01/30/2025 Description Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established.Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values.The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality.For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception.However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. Solution(s) ibm-aix-openssl_advisory40 References https://attackerkb.com/topics/cve-2023-5363 CVE - 2023-5363 https://aix.software.ibm.com/aix/efixes/security/openssl_advisory40.asc

MFSA2023-46 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.4 (CVE-2023-5727) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/30/2025 Description The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-esr-upgrade-115_4 References https://attackerkb.com/topics/cve-2023-5727 CVE - 2023-5727 http://www.mozilla.org/security/announce/2023/mfsa2023-46.html

VMware Photon OS: CVE-2023-5363 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/24/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established.Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values.The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality.For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception.However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5363 CVE - 2023-5363

MFSA2023-45 Firefox: Security Vulnerabilities fixed in Firefox 119 (CVE-2023-5729) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. Solution(s) mozilla-firefox-upgrade-119_0 References https://attackerkb.com/topics/cve-2023-5729 CVE - 2023-5729 http://www.mozilla.org/security/announce/2023/mfsa2023-45.html

Oracle Linux: CVE-2023-5728: ELSA-2023-6194:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/24/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/07/2025 Description During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox &lt; 119, Firefox ESR &lt; 115.4, and Thunderbird &lt; 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5728 CVE - 2023-5728 ELSA-2023-6194 ELSA-2023-6191 ELSA-2023-6188 ELSA-2023-6193 ELSA-2023-6187 ELSA-2023-6162 View more

Oracle Linux: CVE-2023-5730: ELSA-2023-6194:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/24/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/07/2025 Description Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 119, Firefox ESR &lt; 115.4, and Thunderbird &lt; 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5730 CVE - 2023-5730 ELSA-2023-6194 ELSA-2023-6191 ELSA-2023-6188 ELSA-2023-6193 ELSA-2023-6187 ELSA-2023-6162 View more

Oracle Linux: CVE-2023-5732: ELSA-2023-6194:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 10/24/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/07/2025 Description An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox &lt; 117, Firefox ESR &lt; 115.4, and Thunderbird &lt; 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5732 CVE - 2023-5732 ELSA-2023-6194 ELSA-2023-6191 ELSA-2023-6188 ELSA-2023-6193 ELSA-2023-6187 ELSA-2023-6162 View more

Oracle Linux: CVE-2023-5725: ELSA-2023-6194:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 10/24/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/07/2025 Description A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox &lt; 119, Firefox ESR &lt; 115.4, and Thunderbird &lt; 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5725 CVE - 2023-5725 ELSA-2023-6194 ELSA-2023-6191 ELSA-2023-6188 ELSA-2023-6193 ELSA-2023-6187 ELSA-2023-6162 View more

Oracle Linux: CVE-2023-5678: ELSA-2024-12056: openssl security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/24/2023 Created 12/21/2023 Added 12/19/2023 Modified 12/01/2024 Description Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays.Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn&apos;t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn&apos;t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the &quot;-pubcheck&quot; option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service. Solution(s) oracle-linux-upgrade-openssl oracle-linux-upgrade-openssl-devel oracle-linux-upgrade-openssl-fips-provider oracle-linux-upgrade-openssl-libs oracle-linux-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-5678 CVE - 2023-5678 ELSA-2024-12056 ELSA-2023-7877 ELSA-2024-2447

Oracle Linux: CVE-2023-5724: ELSA-2023-6194:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/24/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/07/2025 Description Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox &lt; 119, Firefox ESR &lt; 115.4, and Thunderbird &lt; 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5724 CVE - 2023-5724 ELSA-2023-6194 ELSA-2023-6191 ELSA-2023-6188 ELSA-2023-6193 ELSA-2023-6187 ELSA-2023-6162 View more

Oracle Linux: CVE-2023-5721: ELSA-2023-6194:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/24/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/07/2025 Description It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox &lt; 119, Firefox ESR &lt; 115.4, and Thunderbird &lt; 115.4.1. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: Certain browser prompts and dialogs could be activated or dismissed unintentionally by the user due to an insufficient activation delay. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5721 CVE - 2023-5721 ELSA-2023-6194 ELSA-2023-6191 ELSA-2023-6188 ELSA-2023-6193 ELSA-2023-6187 ELSA-2023-6162 View more

Debian: CVE-2023-5349: ruby-rmagick -- security update Severity 2 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:P) Published 10/24/2023 Created 10/24/2023 Added 10/24/2023 Modified 01/28/2025 Description A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. Solution(s) debian-upgrade-ruby-rmagick References https://attackerkb.com/topics/cve-2023-5349 CVE - 2023-5349 DLA-3625-1

MFSA2023-45 Firefox: Security Vulnerabilities fixed in Firefox 119 (CVE-2023-5728) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-upgrade-119_0 References https://attackerkb.com/topics/cve-2023-5728 CVE - 2023-5728 http://www.mozilla.org/security/announce/2023/mfsa2023-45.html

MFSA2023-46 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.4 (CVE-2023-5724) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-esr-upgrade-115_4 References https://attackerkb.com/topics/cve-2023-5724 CVE - 2023-5724 http://www.mozilla.org/security/announce/2023/mfsa2023-46.html

MFSA2023-45 Firefox: Security Vulnerabilities fixed in Firefox 119 (CVE-2023-5727) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/30/2025 Description The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-upgrade-119_0 References https://attackerkb.com/topics/cve-2023-5727 CVE - 2023-5727 http://www.mozilla.org/security/announce/2023/mfsa2023-45.html

MFSA2023-46 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.4 (CVE-2023-5726) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-esr-upgrade-115_4 References https://attackerkb.com/topics/cve-2023-5726 CVE - 2023-5726 http://www.mozilla.org/security/announce/2023/mfsa2023-46.html

MFSA2023-46 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.4 (CVE-2023-5732) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-esr-upgrade-115_4 References https://attackerkb.com/topics/cve-2023-5732 CVE - 2023-5732 http://www.mozilla.org/security/announce/2023/mfsa2023-46.html

MFSA2023-46 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.4 (CVE-2023-5721) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/24/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-esr-upgrade-115_4 References https://attackerkb.com/topics/cve-2023-5721 CVE - 2023-5721 http://www.mozilla.org/security/announce/2023/mfsa2023-46.html

Amazon Linux 2023: CVE-2023-5678: Medium priority package update for openssl Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/24/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays.Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn&apos;t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn&apos;t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the &quot;-pubcheck&quot; option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service. Solution(s) amazon-linux-2023-upgrade-openssl amazon-linux-2023-upgrade-openssl-debuginfo amazon-linux-2023-upgrade-openssl-debugsource amazon-linux-2023-upgrade-openssl-devel amazon-linux-2023-upgrade-openssl-libs amazon-linux-2023-upgrade-openssl-libs-debuginfo amazon-linux-2023-upgrade-openssl-perl amazon-linux-2023-upgrade-openssl-snapsafe-libs amazon-linux-2023-upgrade-openssl-snapsafe-libs-debuginfo References https://attackerkb.com/topics/cve-2023-5678 CVE - 2023-5678 https://alas.aws.amazon.com/AL2023/ALAS-2023-443.html

OS X update for TCC (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Gentoo Linux: CVE-2023-5726: Mozilla Thunderbird: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/25/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-5726 CVE - 2023-5726 202402-25

Alma Linux: CVE-2023-5721: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/25/2023 Created 11/07/2023 Added 11/06/2023 Modified 01/28/2025 Description It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5721 CVE - 2023-5721 https://errata.almalinux.org/8/ALSA-2023-6187.html https://errata.almalinux.org/8/ALSA-2023-6194.html https://errata.almalinux.org/9/ALSA-2023-6188.html https://errata.almalinux.org/9/ALSA-2023-6191.html

Mirth Connect Deserialization RCE Disclosed 10/25/2023 Created 01/30/2024 Description A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was patched in Mirth Connect version 4.4.1. This module has been tested on versions 4.1.1, 4.3.0 and 4.4.0. Author(s) r00t Naveen Sunkavally Spencer McIntyre Platform Linux,Unix,Windows Architectures cmd Development Source Code History

Alma Linux: CVE-2023-5732: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/25/2023 Created 11/07/2023 Added 11/06/2023 Modified 01/28/2025 Description An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5732 CVE - 2023-5732 https://errata.almalinux.org/8/ALSA-2023-6187.html https://errata.almalinux.org/8/ALSA-2023-6194.html https://errata.almalinux.org/9/ALSA-2023-6188.html https://errata.almalinux.org/9/ALSA-2023-6191.html

OS X update for Kernel (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)