what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 45 RSS Feed

CVE-2023-0767

Status Candidate

Overview

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Related Files

Red Hat Security Advisory 2023-3455-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3455-01 - OpenShift Serverless version 1.29.0 contains a moderate security impact. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939
SHA-256 | fb699e506aa118c17dbd87137af0d14f01a829ce5c8b64ec9846e9ca82990b0b
Gentoo Linux Security Advisory 202305-35
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-0767, CVE-2023-1945, CVE-2023-1999, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25731, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25742
SHA-256 | 80fb46eeb6bf6b4a190797c274bb247b815138162b8deea3f7a113e5d441ebc6
Gentoo Linux Security Advisory 202305-36
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-36 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-1945, CVE-2023-1999, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25740
SHA-256 | cf32af8db7f48a44b2fe2d1424fd1ad7ec5f57e5c79d44dd0561f7d2a05b5ea4
Red Hat Security Advisory 2023-2098-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-23916
SHA-256 | 5b409796351ae2191f3661c02dbe09dbe4a07067b31d38f4971846d655574798
Red Hat Security Advisory 2023-2061-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2061-01 - Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-25881, CVE-2022-40897, CVE-2022-4304, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-23916
SHA-256 | 7da47561e67a1270c55a788f2757706933c85cf0d1b623630d91a7ddea2d1a34
Red Hat Security Advisory 2023-1887-01
Posted Apr 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-23916, CVE-2023-29017, CVE-2023-29199, CVE-2023-30547
SHA-256 | c76abde01d9f10b906b82af70f526e5dde9beac6b1dfdb779fcbc3547e91a418
Red Hat Security Advisory 2023-1677-01
Posted Apr 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903, CVE-2023-0266, CVE-2023-0386, CVE-2023-0767
SHA-256 | d50fcde157b0d81293003398a54404e2ecee374586626ce00fc2dbcc0d6bdaa5
Red Hat Security Advisory 2023-1525-01
Posted Apr 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1525-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.59.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2022-42889, CVE-2023-0286, CVE-2023-0767
SHA-256 | c7fff0c27d61ac3bb7204fc93a47db5959206b2f34b2f34dc40a1a0403893667
Red Hat Security Advisory 2023-1310-01
Posted Mar 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41717, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0767, CVE-2023-23916
SHA-256 | e5eb8b0b47fd0a608cf22a5a3e3741ddc9a553166dedfea4bfc036bc9cdb5742
Red Hat Security Advisory 2023-1392-01
Posted Mar 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1392-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2022-3564, CVE-2022-4269, CVE-2022-4378, CVE-2023-0767
SHA-256 | f5863625956e26f29caf6b7dd89916bd8ec1fde05666507c74b9c9570b7f2065
Red Hat Security Advisory 2023-1409-01
Posted Mar 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2023-0767
SHA-256 | ccbdea74072f5f91ca8ea4c3158780053cb6f9d1362b1546944f6471f738d613
Red Hat Security Advisory 2023-1479-01
Posted Mar 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1479-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25751, CVE-2023-25752, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176
SHA-256 | f8d79d3bdce21e3df66b2991b5745ddf3b6bd31b8d8e621519f240fc125bfaaf
Red Hat Security Advisory 2023-1406-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1406-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 157f5fdab0d3940d30869b0e4ab41754986bcfc02f8a3cd972e99370f6bd9c52
Red Hat Security Advisory 2023-1366-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1366-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 3911811e6f0a780ab1a557e5060720d7c70a372f80e2d894d3c3e36142f48cc4
Red Hat Security Advisory 2023-1370-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1370-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 7ae2e964d5ef28fad0c2b8e699c4e5d36fe4a642cf6f30c1206488122c39d2d0
Red Hat Security Advisory 2023-1365-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1365-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 6095590cbc5d14299bc1a4809fb481a0eff9fd41ff0c1142f736213b58611ad0
Red Hat Security Advisory 2023-1436-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1436-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 139d41acbfe8e61e25d413292a5c7201984b454e4b75bd62b4ce602409d463da
Red Hat Security Advisory 2023-1369-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1369-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 70f29a1183c13202e1b2ed3d8756d8449384ab21c7a9d0b8b2b61236d6184cfa
Red Hat Security Advisory 2023-1368-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1368-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | c444d5c64575841866b6f4f0d33c9f9e8475ac120a23ec8cfd50d17de5c44f14
Red Hat Security Advisory 2023-1332-01
Posted Mar 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1332-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 389776e27aab442848dfbc6c1d3f0a64eb1abedeb09467048a5e0f49955dc09d
Red Hat Security Advisory 2023-1252-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1252-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 7548f82ad1f400310a720ee4ef5fe58596bafca33572d7237bb20bbb6ceab239
Ubuntu Security Notice USN-5943-1
Posted Mar 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5943-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Johan Carlsson discovered that Thunderbird did not properly implement CSP policy on a header when using iframes. An attacker could potentially exploits this to exfiltrate data.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25730, CVE-2023-25732, CVE-2023-25737, CVE-2023-25739, CVE-2023-25746
SHA-256 | 859da6042faf89a056033a58de2955c904821993b08e8e20d961d88955336897
Ubuntu Security Notice USN-5892-2
Posted Mar 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5892-2 - USN-5892-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-0767
SHA-256 | 31cccce14c13d752e3da2d4dae4af97860c9c7d2e50376f9e6b7d48629524e70
Ubuntu Security Notice USN-5880-2
Posted Mar 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25733, CVE-2023-25735, CVE-2023-25739, CVE-2023-25742
SHA-256 | d8134e53c73b5f2b98a54caf846a945da5e3e78dac7bf2d66525cf6b12579a76
Ubuntu Security Notice USN-5892-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5892-1 - It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-3479, CVE-2023-0767
SHA-256 | 08e1514e5eeec5f74d4365784fc07384f881ccfce7ae98e9d80175769c3a1622
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close