Hexrabbit

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 23.4.0 through 23.26.2 **Description** A flaw in the Net Service component allows an unauthenticated attacker with network access via TLS to compromise the service. Although difficult to exploit, a successful attack can result in a complete takeover of the Net Service and may significantly impact additional products due to a scope change. **Recommendations** Update Oracle Database Server versions 23.4.0 through 23.26.2 to the latest security updates provided by Oracle.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 11.6 visionOS versions prior to 2.6 iOS versions prior to 18.6 iPadOS versions prior to 18.6 macOS Sequoia versions prior to 15.6 tvOS versions prior to 18.6 **Description** An out-of-bounds read issue was addressed through enhanced input validation. Processing specially crafted web content could potentially reveal internal application states. **Recommendations** Update watchOS to version 11.6 or later. Update visionOS to version 2.6 or later. Update iOS to version 18.6 or later. Update iPadOS to version 18.6 or later. Update macOS Sequoia to version 15.6 or later. Update tvOS to version 18.6 or later.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 115.25 Firefox ESR versions prior to 128.12 Description: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. Recommendations: For Firefox versions prior to 140, update to version 140 or later. For Firefox ESR versions prior to 115.25, update to version 115.25 or later. For Firefox ESR versions prior to 128.12, update to version 128.12 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** The issue is related to the netfilter's ctnetlink, where the delete expectation path is missing a call to the `nf expect get id()` helper function to calculate the expectation ID. This results in the leakage of the LSB of the expectation object address to userspace. An attacker could potentially exploit this to gain elevated privileges. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider restricting access to the vulnerable `ctnetlink` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A flaw was found in the parsing of extended attributes in the kernel ksmbd module, resulting from the lack of proper validation of user-supplied data. This can cause a read past the end of an allocated buffer, allowing an attacker to disclose sensitive information on affected installations of Linux. The issue affects systems with ksmbd enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel ksmbd (affected versions not specified) **Description** A flaw was found in the handling of SMB2 READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this issue, but only systems with ksmbd enabled are vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.