INFOSEC – Basic

OS: Arch

ArchLinux: 202210-4: linux-zen: multiple issues

The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.

ArchLinux: 202210-3: linux-lts: multiple issues

The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.

ArchLinux: 202210-2: linux: multiple issues

The package linux before version 6.0.1.arch2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.

ArchLinux: 202210-1: linux-hardened: multiple issues

The package linux-hardened before version 5.19.15.hardened2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.

OS: Scientific

SciLinux: SLSA-2023-1401-1 Important: thunderbird on SL7.x x86_64

This update upgrades Thunderbird to version 102.9.0. * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged fr [More...]

SciLinux: SLSA-2023-1335-1 Important: openssl on SL7.x x86_64

openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openssl-1.0.2k-26.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-26.el7_9.i686.rpm openssl-debuginfo-1.0.2k-26.el7_9.x86_64.rpm openssl-libs-1.0.2k- [More...]

SciLinux: SLSA-2023-1332-1 Important: nss on SL7.x x86_64

nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 nss-3.79.0-5.el7_9.i686.rpm nss-3.79.0-5.el7_9.x86_64.rpm nss-debuginfo-3.79.0-5.el7_9.i686.rpm nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm nss-sysinit-3.79.0-5.e [More...]

SciLinux: SLSA-2023-1333-1 Important: firefox on SL7.x x86_64

This update upgrades Firefox to version 102.9.0 ESR. * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged fr [More...]

OS: Gentoo

Gentoo: GLSA-202301-09: protobuf-java: Denial of Service

A vulnerability has been discovered in protobuf-java which could result in denial of service.

Gentoo: GLSA-202301-07: Alpine: Multiple Vulnerabilities

Multiple vulnerabilities have been found in Alpine, the worst of which could result in denial of service.

Gentoo: GLSA-202301-06: liblouis: Multiple Vulnerabilities

Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service.

Gentoo: GLSA-202301-05: Apache Commons Text: Arbitrary Code Execution

A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution.

CVEMAP.ORG: Vulnerabilities & Exposures

Low CVE-2023-0687: GNU Glibc
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability.

Low CVE-2020-36660: Eve ship replacement program project Eve ship replacement program
A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.

Medium CVE-2022-36728: Library management system project Library management system
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.

Low CVE-2021-30071: Hestiacp Hestiacp
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

OS: Debian LTS

Debian LTS: DLA-3367-1: libdatetime-timezone-perl security update

This update includes the changes in tzdata 2023b for the Perl bindings. For the list of changes, see DLA-3366-1. For Debian 10 buster, this problem has been fixed in version

Debian LTS: DLA-3366-1: tzdata new timezone database

This update includes the changes in tzdata 2023b. Notable changes are: - - Egypt uses DST again, starting on April.

Debian LTS: DLA-3315-2: sox regression update

One of the security fixes released as DLA 3315 introduced a regression in the processing WAV files with variable bitrate encoding. Updated sox packages are available to correct this issue.

Debian LTS: DLA-3365-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.

NIST Vulnerability Database

CVE-2022-45597
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.

CVE-2023-23149
DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.

CVE-2023-27042
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.

CVE-2023-1583
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.

OS: Redhat

RedHat: RHSA-2023-1448:01 Moderate: Red Hat OpenShift Service Mesh

Red Hat OpenShift Service Mesh Containers for 2.3.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2023-1453:01 Moderate: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2023-1452:01 Moderate: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2023-1454:01 Moderate: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

OS: Slackware

Slackware: 2023-079-02: vim Security Update

New vim packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: 2023-079-01: curl Security Update

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues.

Slackware: 2023-075-02: openssh Security Update

New openssh packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: 2023-075-01: mozilla-thunderbird Security Update

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

NIST Vulnerability Database

CVE-2022-45597
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.

CVE-2023-23149
DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.

CVE-2023-27042
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.

OS: Mageia

Mageia 2023-0116: thunderbird security update

Incorrect code generation during JIT compilation. (CVE-2023-25751) Potential out-of-bounds when accessing throttled streams. (CVE-20223-25752) Invalid downcast in Worklets. (CVE-2023-28162) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. (CVE-2023-28164)

Mageia 2023-0115: flatpak security update

If a malicious Flatpak app is run on a Linux virtual console such as /dev/tty1, it can copy text from the virtual console and paste it back into the virtual console's input buffer, from which the command might be run by the user's shell after the Flatpak app has exited. This is similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead

Mageia 2023-0114: libmicrohttpd security update

In the MHD_PostProcessor, malformed inputs can be used to crash the server (for denial-of-service). References: - https://bugs.mageia.org/show_bug.cgi?id=31670

Mageia 2023-0113: libtiff security update

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-4645) References:

OS: Debian

Debian: DSA-5377-1: chromium security update

Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian: DSA-5376-1: apache2 security update

Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. For the stable distribution (bullseye), these problems have been fixed in

Debian: DSA-5356-2: sox regression update

One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct this issue.

Debian: DSA-5375-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.

OS: Suse

SUSE: 2023:779-1 suse/sle-micro/5.2/toolbox Security Update

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:

SUSE: 2023:777-1 suse/sle-micro/5.1/toolbox Security Update

The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:

SUSE: 2023:776-1 suse/sle15 Security Update

The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2023:775-1 suse/sle-micro/5.4/toolbox Security Update

The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: