Oracle Solaris Third Party Bulletin - October 2023
Description
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.
Patch Availability
Please see My Oracle Support Note 1448883.1
Third Party Bulletin Schedule
Third Party Bulletins are released on the third Tuesday of January, April, July, and October. The next four dates are:
- 16 January 2024
- 16 April 2024
- 16 July 2024
- 15 October 2024
References
- Oracle Critical Patch Updates, Security Alerts and Bulletins
- Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions
- Risk Matrix Definitions
- Use of Common Vulnerability Scoring System (CVSS) by Oracle
Modification History
| Date | Note |
|---|---|
| 2023-December-19 | Rev 3. Added CVEs fixed in Solaris 11.4 SRU 64 |
| 2023-November-21 | Rev 2. Added CVEs fixed in Solaris 11.4 SRU 63 |
| 2023-October-17 | Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 62 |
Oracle Solaris Executive Summary
This Oracle Solaris Bulletin contains 99 new security patches for the Oracle Solaris Operating System. 45 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Oracle Solaris Third Party Bulletin Risk Matrix
Revision 3: Published on 2023-12-19
| CVE# | Product | Third Party component |
Protocol | Remote Exploit without Auth.? |
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected |
Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score |
Attack Vector |
Attack Complexity |
Privs Req'd |
User Interact |
Scope | Confid- entiality |
Inte- grity |
Avail- ability |
|||||||
| CVE-2023-5168 | Oracle Solaris | Firefox | HTTP | Yes | 9.8 | Network | Low | None | None | Un changed |
High | High | High | 11.4 | See Note 1 |
| CVE-2023-5168 | Oracle Solaris | Thunderbird | HTTP | Yes | 9.8 | Network | Low | None | None | Un changed |
High | High | High | 11.4 | See Note 2 |
| CVE-2023-43804 | Oracle Solaris | Urllib3 | HTTP | No | 8.1 | Network | Low | Low | None | Un changed |
High | High | None | 11.4 | |
| CVE-2023-31122 | Oracle Solaris | Apache HTTP server | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4, 10 | See Note 3 |
| CVE-2023-38545 | Oracle Solaris | MySQL | Multiple | Yes | 7.5 | Network | High | None | Required | Un changed |
High | High | High | 11.4 | See Note 4 |
| CVE-2023-38545 | Oracle Solaris | MySQL | Multiple | Yes | 7.5 | Network | High | None | Required | Un changed |
High | High | High | 11.4 | See Note 5 |
| CVE-2023-44487 | Oracle Solaris | Apache Tomcat | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | See Note 6 |
| CVE-2023-5730 | Oracle Solaris | Firefox | HTTP | Yes | 7.5 | Network | High | None | Required | Un changed |
High | High | High | 11.4 | See Note 7 |
| CVE-2023-5730 | Oracle Solaris | Thunderbird | HTTP | Yes | 7.5 | Network | High | None | Required | Un changed |
High | High | High | 11.4 | See Note 8 |
| CVE-2023-5115 | Oracle Solaris | Ansible | Multiple | No | 6.3 | Network | Low | Low | Required | Un changed |
Low | High | None | 11.4 | |
| CVE-2023-44271 | Oracle Solaris | Python Imaging Library (PIL) | None | No | 5.5 | Local | Low | None | Required | Un changed |
None | None | High | 11.4 | |
| CVE-2023-5752 | Oracle Solaris | PIP | None | No | 5.5 | Local | Low | Low | None | Un changed |
None | High | None | 11.4 | |
| CVE-2023-30584 | Oracle Solaris | Node.js | HTTP | Yes | 5.3 | Network | Low | None | None | Un changed |
None | Low | None | 11.4 | See Note 9 |
| CVE-2023-46137 | Oracle Solaris | Twisted | HTTP | Yes | 5.3 | Network | Low | None | None | Un changed |
None | Low | None | 11.4 | |
| CVE-2023-45803 | Oracle Solaris | Urllib3 | HTTP | No | 4.2 | Adjacent Network |
High | High | None | Un changed |
High | None | None | 11.4 | |
Revision 2: Published on 2023-11-21
| CVE# | Product | Third Party component |
Protocol | Remote Exploit without Auth.? |
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected |
Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score |
Attack Vector |
Attack Complexity |
Privs Req'd |
User Interact |
Scope | Confid- entiality |
Inte- grity |
Avail- ability |
|||||||
| CVE-2021-33391 | Oracle Solaris | Tidy | HTTP | Yes | 9.8 | Network | Low | None | None | Un changed |
High | High | High | 11.4 | |
| CVE-2023-4057 | Oracle Solaris | Firefox | HTTP | Yes | 9.8 | Network | Low | None | None | Un changed |
High | High | High | 11.4 | See Note 10 |
| CVE-2023-4057 | Oracle Solaris | Thunderbird | HTTP | Yes | 9.8 | Network | Low | None | None | Un changed |
High | High | High | 11.4 | See Note 11 |
| CVE-2023-4863 | Oracle Solaris | libwebp | HTTP | Yes | 9.6 | Network | Low | None | Required | Changed | High | High | High | 11.4 | |
| CVE-2023-0184 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 8.8 | Local | Low | Low | None | Changed | High | High | High | 11.4 | |
| CVE-2023-0189 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 8.8 | Local | Low | Low | None | Changed | High | High | High | 11.4 | |
| CVE-2023-4585 | Oracle Solaris | Firefox | HTTP | Yes | 8.8 | Network | Low | None | Required | Un changed |
High | High | High | 11.4 | See Note 12 |
| CVE-2023-4585 | Oracle Solaris | Thunderbird | HTTP | Yes | 8.8 | Network | Low | None | Required | Un changed |
High | High | High | 11.4 | See Note 13 |
| CVE-2023-5217 | Oracle Solaris | Libvpx | HTTP | Yes | 8.8 | Network | Low | None | Required | Un changed |
High | High | High | 11.4 | See Note 14 |
| CVE-2023-40217 | Oracle Solaris | Python | TLS | Yes | 8.6 | Network | Low | None | None | Changed | None | High | None | 11.4 | |
| CVE-2022-34670 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.8 | Local | Low | Low | None | Un changed |
High | High | High | 11.4 | |
| CVE-2023-37327 | Oracle Solaris | GStreamer | None | No | 7.8 | Local | Low | None | Required | Un changed |
High | High | High | 11.4 | |
| CVE-2023-37328 | Oracle Solaris | GStreamer | None | No | 7.8 | Local | Low | None | Required | Un changed |
High | High | High | 11.4 | |
| CVE-2022-4899 | Oracle Solaris | MySQL | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | See Note 15 |
| CVE-2023-3341 | Oracle Solaris | Bind | TCP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4, 10 | |
| CVE-2023-38545 | Oracle Solaris | libcurl | HTTP | Yes | 7.5 | Network | High | None | Required | Un changed |
High | High | High | 11.4 | See Note 16 |
| CVE-2023-39322 | Oracle Solaris | Go Programming Language | TLS | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | See Note 17 |
| CVE-2023-39323 | Oracle Solaris | Go Programming Language | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | See Note 18 |
| CVE-2023-41105 | Oracle Solaris | Python | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | High | None | 11.4 | |
| CVE-2023-41164 | Oracle Solaris | Django | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | |
| CVE-2023-4236 | Oracle Solaris | Bind | TLS | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | |
| CVE-2023-43665 | Oracle Solaris | Django | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | |
| CVE-2022-34676 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.1 | Local | Low | Low | None | Un changed |
None | High | High | 11.4 | |
| CVE-2022-37032 | Oracle Solaris | Quagga | HTTP | No | 7.1 | Network | Low | Low | None | Un changed |
Low | None | High | 11.4 | |
| CVE-2022-42263 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.1 | Local | Low | Low | None | Un changed |
High | None | High | 11.4 | |
| CVE-2022-42264 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.1 | Local | Low | Low | None | Un changed |
High | High | None | 11.4 | |
| CVE-2023-0180 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.1 | Local | Low | Low | None | Un changed |
High | None | High | 11.4 | |
| CVE-2023-0181 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.1 | Local | Low | Low | None | Un changed |
None | High | High | 11.4 | |
| CVE-2023-0183 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.1 | Local | Low | Low | None | Un changed |
None | High | High | 11.4 | |
| CVE-2023-0191 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 7.1 | Local | Low | Low | None | Un changed |
None | High | High | 11.4 | |
| CVE-2023-2953 | Oracle Solaris | OpenLDAP Server | HTTP | Yes | 7.1 | Network | Low | None | Required | Un changed |
None | Low | High | 11.4 | |
| CVE-2022-34674 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 6.8 | Local | Low | None | None | Un changed |
High | Low | None | 11.4 | |
| CVE-2023-0185 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 6.7 | Local | High | High | None | Changed | Low | Low | High | 11.4 | |
| CVE-2023-0198 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 6.6 | Local | Low | Low | None | Un changed |
Low | Low | High | 11.4 | |
| CVE-2022-34678 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 6.5 | Local | Low | Low | None | Changed | None | None | High | 11.4 | |
| CVE-2023-4874 | Oracle Solaris | Mutt | SMTP | Yes | 6.5 | Network | Low | None | Required | Un changed |
None | None | High | 11.4 | See Note 19 |
| CVE-2023-26555 | Oracle Solaris | NTP | NTP | No | 6.4 | Physical | High | None | None | Un changed |
High | High | High | 11.4 | See Note 20 |
| CVE-2023-3428 | Oracle Solaris | ImageMagick | None | No | 6.2 | Local | Low | None | None | Un changed |
None | None | High | 11.4 | See Note 21 |
| CVE-2023-0187 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 6.1 | Local | Low | Low | None | Un changed |
Low | None | High | 11.4 | |
| CVE-2023-0199 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 6.1 | Local | Low | Low | None | Un changed |
None | Low | High | 11.4 | |
| CVE-2023-36054 | Oracle Solaris | Kerberos | HTTP | No | 5.7 | Adjacent Network |
Low | Low | None | Un changed |
None | None | High | 11.4 | |
| CVE-2022-23825 | Oracle Solaris | Kernel | None | No | 5.6 | Local | High | Low | None | Changed | High | None | None | 11.4 | |
| CVE-2022-34677 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.5 | Local | Low | Low | None | Un changed |
High | None | None | 11.4 | |
| CVE-2022-34679 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.5 | Local | Low | Low | None | Un changed |
None | None | High | 11.4 | |
| CVE-2022-34680 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.5 | Local | Low | Low | None | Un changed |
None | None | High | 11.4 | |
| CVE-2022-34682 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.5 | Local | Low | Low | None | Un changed |
None | None | High | 11.4 | |
| CVE-2023-0188 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.5 | Local | Low | Low | None | Un changed |
None | None | High | 11.4 | |
| CVE-2023-0190 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.5 | Local | Low | Low | None | Un changed |
None | None | High | 11.4 | |
| CVE-2023-3316 | Oracle Solaris | LibTIFF | None | No | 5.5 | Local | Low | None | Required | Un changed |
None | None | High | 11.4 | |
| CVE-2023-37369 | Oracle Solaris | Qt Toolkit | None | No | 5.5 | Local | Low | None | Required | Un changed |
None | None | High | 11.4 | See Note 22 |
| CVE-2023-38197 | Oracle Solaris | Qt Toolkit | None | No | 5.5 | Local | Low | None | Required | Un changed |
None | None | High | 11.4 | |
| CVE-2023-38633 | Oracle Solaris | LibRSVG | None | No | 5.5 | Local | Low | Low | None | Un changed |
High | None | None | 11.4 | See Note 23 |
| CVE-2022-34684 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.3 | Local | Low | Low | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2022-42254 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.3 | Local | Low | Low | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2022-42255 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.3 | Local | Low | Low | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2022-42256 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.3 | Local | Low | Low | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2022-42257 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.3 | Local | Low | Low | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2022-42258 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.3 | Local | Low | Low | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2022-42265 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 5.3 | Local | Low | Low | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2023-22067 | Oracle Solaris | JDK 8 | CORBA | Yes | 5.3 | Network | Low | None | None | Un changed |
None | Low | None | 11.4 | |
| CVE-2023-2975 | Oracle Solaris | OpenSSL | HTTPS | Yes | 5.3 | Network | Low | None | None | Un changed |
None | Low | None | 11.4 | |
| CVE-2023-3446 | Oracle Solaris | OpenSSL | HTTPS | Yes | 5.3 | Network | Low | None | None | Un changed |
None | None | Low | 11.4, 10 | |
| CVE-2023-3817 | Oracle Solaris | OpenSSL | HTTPS | Yes | 5.3 | Network | Low | None | None | Un changed |
None | None | Low | 11.4, 10 | |
| CVE-2023-4511 | Oracle Solaris | Wireshark | None | No | 5.3 | Local | Low | None | Required | Un changed |
Low | Low | Low | 11.4 | See Note 24 |
| CVE-2022-34673 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 4.4 | Local | Low | Low | None | Un changed |
None | Low | Low | 11.4 | |
| CVE-2022-42259 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 4.4 | Local | Low | Low | None | Un changed |
None | Low | Low | 11.4 | |
| CVE-2023-4156 | Oracle Solaris | Gnu Awk | None | No | 4.4 | Local | Low | None | Required | Un changed |
Low | None | Low | 11.4 | |
| CVE-2023-40359 | Oracle Solaris | XTerm | None | No | 3.3 | Local | Low | Low | None | Un changed |
None | None | Low | 11.4 | |
| CVE-2023-0194 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 2 | Physical | High | None | None | Un changed |
None | None | Low | 11.4 | |
| CVE-2023-0195 | Oracle Solaris | NVIDIA-GFX Kernel driver | None | No | 2 | Physical | High | None | None | Un changed |
None | None | Low | 11.4 | |
Revision 1: Published on 2023-10-17
| CVE# | Product | Third Party component |
Protocol | Remote Exploit without Auth.? |
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected |
Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score |
Attack Vector |
Attack Complexity |
Privs Req'd |
User Interact |
Scope | Confid- entiality |
Inte- grity |
Avail- ability |
|||||||
| CVE-2023-3824 | Oracle Solaris | PHP | HTTP | Yes | 9.8 | Network | Low | None | None | Un changed |
High | High | High | 11.4 | See Note 25 |
| CVE-2023-24805 | Oracle Solaris | Common Unix Printing System (CUPS) | HTTPS | No | 8.8 | Network | Low | Low | None | Un changed |
High | High | High | 11.4 | |
| CVE-2023-4584 | Oracle Solaris | Firefox | HTTP | Yes | 8.8 | Network | Low | None | Required | Un changed |
High | High | High | 11.4 | See Note 26 |
| CVE-2023-4584 | Oracle Solaris | Thunderbird | HTTP | Yes | 8.8 | Network | Low | None | Required | Un changed |
High | High | High | 11.4 | See Note 27 |
| CVE-2023-31484 | Oracle Solaris | Perl | HTTPS | Yes | 8.1 | Network | High | None | None | Un changed |
High | High | High | 11.4 | |
| CVE-2023-31486 | Oracle Solaris | Perl | HTTP | Yes | 8.1 | Network | High | None | None | Un changed |
High | High | High | 11.4 | |
| CVE-2022-31008 | Oracle Solaris | RabbitMQ | Multiple | Yes | 7.5 | Network | Low | None | None | Un changed |
High | None | None | 11.4 | |
| CVE-2023-24329 | Oracle Solaris | Python | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | High | None | 11.4 | |
| CVE-2022-41409 | Oracle Solaris | PCRE | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
None | None | High | 11.4 | |
| CVE-2023-41081 | Oracle Solaris | Apache HTTP Server | HTTP | Yes | 7.5 | Network | Low | None | None | Un changed |
High | None | None | 11.4 | |
| CVE-2023-4504 | Oracle Solaris | Common Unix Printing System (CUPS) | HTTP | Yes | 7.3 | Network | Low | None | None | Un changed |
Low | Low | Low | 11.4 | |
| CVE-2023-41080 | Oracle Solaris | Apache Tomcat | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 11.4 | |
| CVE-2023-40477 | Oracle Solaris | UnRAR | HTTP | Yes | 5.9 | Network | High | None | None | Un changed |
None | None | High | 11.4 | |
| CVE-2023-3247 | Oracle Solaris | PHP | HTTP | No | 4.3 | Network | Low | Low | None | Un changed |
Low | None | None | 11.4 | |
Notes:
1. This patch also addresses CVE-2023-5169 CVE-2023-5171 CVE-2023-5174 CVE-2023-5176.2. This patch also addresses CVE-2023-5169 CVE-2023-5171 CVE-2023-5174 CVE-2023-5176.
3. This patch also addresses CVE-2023-43622 CVE-2023-44487 CVE-2023-45802.
4. This patch also addresses CVE-2023-22032 CVE-2023-22059 CVE-2023-22064 CVE-2023-22070 CVE-2023-22078 CVE-2023-22079 CVE-2023-22084 CVE-2023-22092 CVE-2023-22103 CVE-2023-22112.
5. This patch also addresses CVE-2023-22028 CVE-2023-22084.
6. This patch also addresses CVE-2023-42794 CVE-2023-42795 CVE-2023-45648.
7. This patch also addresses CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5726 CVE-2023-5727 CVE-2023-5728 CVE-2023-5732.
8. This patch also addresses CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5726 CVE-2023-5727 CVE-2023-5728 CVE-2023-5732.
9. This patch also addresses CVE-2023-32004 CVE-2023-38552 CVE-2023-39331 CVE-2023-39332 CVE-2023-39333 CVE-2023-44487 CVE-2023-45143.
10. This patch also addresses CVE-2023-4052.
11. This patch also addresses CVE-2023-4052.
12. This patch also addresses CVE-2023-4051 CVE-2023-4053 CVE-2023-4577 CVE-2023-4578 CVE-2023-4580 CVE-2023-4583 CVE-2023-4585.
13. This patch also addresses CVE-2023-4051 CVE-2023-4053 CVE-2023-4577 CVE-2023-4578 CVE-2023-4580 CVE-2023-4583 CVE-2023-4585.
14. This patch also addresses CVE-2023-44488.
15. This patch also addresses CVE-2023-22005 CVE-2023-22008 CVE-2023-22033 CVE-2023-22038 CVE-2023-22046 CVE-2023-22048 CVE-2023-22053 CVE-2023-22054 CVE-2023-22056 CVE-2023-22057 CVE-2023-22058.
16. This patch also addresses CVE-2023-38039 CVE-2023-38546.
17. This patch also addresses CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322.
18. This patch also addresses CVE-2023-39325 CVE-2023-44487.
19. This patch also addresses CVE-2023-4875.
20. This patch also addresses CVE-2023-26551 CVE-2023-26552 CVE-2023-26553 CVE-2023-26554.
21. This patch also addresses CVE-2023-39978.
22. This patch also addresses CVE-2023-34410.
23. This patch also addresses CVE-2023-3863.
24. This patch also addresses CVE-2023-2906 CVE-2023-3648 CVE-2023-3649 CVE-2023-4512 CVE-2023-4513.
25. This patch also addresses CVE-2023-3823.
26. This patch also addresses CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4576 CVE-2023-4581.
27. This patch also addresses CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4576 CVE-2023-4581.