ISHACK AI BOT

Huawei EulerOS: CVE-2022-48065: binutils security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. Solution(s) huawei-euleros-2_0_sp10-upgrade-binutils References https://attackerkb.com/topics/cve-2022-48065 CVE - 2022-48065 EulerOS-SA-2023-3200

VMware Photon OS: CVE-2023-4427 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4427 CVE - 2023-4427

VMware Photon OS: CVE-2023-4428 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4428 CVE - 2023-4428

Huawei EulerOS: CVE-2022-40090: libtiff security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. Solution(s) huawei-euleros-2_0_sp10-upgrade-libtiff References https://attackerkb.com/topics/cve-2022-40090 CVE - 2022-40090 EulerOS-SA-2023-3219

OS X update for Accounts (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2020-35357: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. Solution(s) suse-upgrade-gsl suse-upgrade-gsl-devel suse-upgrade-gsl-doc suse-upgrade-gsl-examples suse-upgrade-gsl-gnu-hpc suse-upgrade-gsl-gnu-hpc-devel suse-upgrade-gsl-gnu-hpc-doc suse-upgrade-gsl_2_4-gnu-hpc suse-upgrade-gsl_2_4-gnu-hpc-devel suse-upgrade-gsl_2_4-gnu-hpc-doc suse-upgrade-gsl_2_4-gnu-hpc-examples suse-upgrade-gsl_2_4-gnu-hpc-module suse-upgrade-gsl_2_6-gnu-hpc suse-upgrade-gsl_2_6-gnu-hpc-devel suse-upgrade-gsl_2_6-gnu-hpc-doc suse-upgrade-gsl_2_6-gnu-hpc-examples suse-upgrade-gsl_2_6-gnu-hpc-module suse-upgrade-libgsl-gnu-hpc suse-upgrade-libgsl23 suse-upgrade-libgsl25 suse-upgrade-libgsl_2_4-gnu-hpc suse-upgrade-libgsl_2_6-gnu-hpc suse-upgrade-libgslcblas-gnu-hpc suse-upgrade-libgslcblas0 suse-upgrade-libgslcblas_2_4-gnu-hpc suse-upgrade-libgslcblas_2_6-gnu-hpc References https://attackerkb.com/topics/cve-2020-35357 CVE - 2020-35357

OS X update for Accounts (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2022-48566: Security patch for python, python38 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. Solution(s) amazon-linux-ami-2-upgrade-python amazon-linux-ami-2-upgrade-python-debug amazon-linux-ami-2-upgrade-python-debuginfo amazon-linux-ami-2-upgrade-python-devel amazon-linux-ami-2-upgrade-python-libs amazon-linux-ami-2-upgrade-python-test amazon-linux-ami-2-upgrade-python-tools amazon-linux-ami-2-upgrade-python38 amazon-linux-ami-2-upgrade-python38-debug amazon-linux-ami-2-upgrade-python38-debuginfo amazon-linux-ami-2-upgrade-python38-devel amazon-linux-ami-2-upgrade-python38-libs amazon-linux-ami-2-upgrade-python38-test amazon-linux-ami-2-upgrade-python38-tkinter amazon-linux-ami-2-upgrade-python38-tools amazon-linux-ami-2-upgrade-tkinter References https://attackerkb.com/topics/cve-2022-48566 AL2/ALAS-2024-2400 AL2/ALASPYTHON3.8-2023-007 CVE - 2022-48566

SUSE: CVE-2022-47695: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2022-47695 CVE - 2022-47695

OS X update for ImageIO (CVE-2020-19187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2022-48063: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2022-48063 CVE - 2022-48063

Debian: CVE-2020-19909: curl -- security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2020-19909 CVE - 2020-19909

Alpine Linux: CVE-2021-46174: Out-of-bounds Write Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2021-46174 CVE - 2021-46174 https://security.alpinelinux.org/vuln/CVE-2021-46174

Red Hat: CVE-2021-29390: libjpeg-turbo: heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:C) Published 08/22/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. Solution(s) redhat-upgrade-libjpeg-turbo redhat-upgrade-libjpeg-turbo-debuginfo redhat-upgrade-libjpeg-turbo-debugsource redhat-upgrade-libjpeg-turbo-devel redhat-upgrade-libjpeg-turbo-utils redhat-upgrade-libjpeg-turbo-utils-debuginfo redhat-upgrade-turbojpeg redhat-upgrade-turbojpeg-debuginfo redhat-upgrade-turbojpeg-devel References CVE-2021-29390 RHSA-2024:2295

OS X update for ImageIO (CVE-2020-19190) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUSBDeviceFamily (CVE-2020-19190) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: USN-6322-1 (CVE-2020-21047): elfutils vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. Solution(s) ubuntu-pro-upgrade-elfutils ubuntu-pro-upgrade-libasm1 ubuntu-pro-upgrade-libdw1 ubuntu-pro-upgrade-libelf1 References https://attackerkb.com/topics/cve-2020-21047 CVE - 2020-21047 USN-6322-1

OS X update for Model I/O (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: (CVE-2020-21469): postgresql-12 vulnerability Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 08/22/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account). Solution(s) ubuntu-upgrade-postgresql-12 References https://attackerkb.com/topics/cve-2020-21469 CVE - 2020-21469 https://www.cve.org/CVERecord?id=CVE-2020-21469 https://www.postgresql.org/about/news/cve-2020-21469-is-not-a-security-vulnerability-2701/ https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com

OS X update for CoreServices (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: USN-6586-1 (CVE-2020-21427): FreeImage vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/18/2024 Added 01/17/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. Solution(s) ubuntu-pro-upgrade-libfreeimage3 ubuntu-pro-upgrade-libfreeimageplus3 References https://attackerkb.com/topics/cve-2020-21427 CVE - 2020-21427 USN-6586-1

Alpine Linux: CVE-2022-48063: Uncontrolled Resource Consumption Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2022-48063 CVE - 2022-48063 https://security.alpinelinux.org/vuln/CVE-2022-48063

CentOS Linux: CVE-2023-30079: Moderate: libeconf security update (CESA-2023:4347) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. Solution(s) centos-upgrade-libeconf centos-upgrade-libeconf-debuginfo centos-upgrade-libeconf-debugsource centos-upgrade-libeconf-utils-debuginfo References CVE-2023-30079

CentOS Linux: CVE-2022-48174: Important: busybox security update (CESA-2023:5178) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/20/2023 Added 09/19/2023 Modified 01/28/2025 Description There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. Solution(s) centos-upgrade-busybox centos-upgrade-busybox-petitboot References CVE-2022-48174

Rocky Linux: CVE-2022-48554: file (RLSA-2024-2512) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/30/2025 Description File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. Solution(s) rocky-upgrade-file rocky-upgrade-file-debuginfo rocky-upgrade-file-debugsource rocky-upgrade-file-devel rocky-upgrade-file-libs rocky-upgrade-file-libs-debuginfo References https://attackerkb.com/topics/cve-2022-48554 CVE - 2022-48554 https://errata.rockylinux.org/RLSA-2024:2512