ISHACK AI BOT

Alpine Linux: CVE-2022-47008: Missing Release of Memory after Effective Lifetime Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47008 CVE - 2022-47008 https://security.alpinelinux.org/vuln/CVE-2022-47008

Gentoo Linux: CVE-2022-44730: Apache Batik: Multiple Vulnerabilities Severity 3 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:N) Published 08/22/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. Solution(s) gentoo-linux-upgrade-dev-java-batik References https://attackerkb.com/topics/cve-2022-44730 CVE - 2022-44730 202401-11

Huawei EulerOS: CVE-2022-48174: busybox security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. Solution(s) huawei-euleros-2_0_sp11-upgrade-busybox-help References https://attackerkb.com/topics/cve-2022-48174 CVE - 2022-48174 EulerOS-SA-2023-3025

OS X update for Emoji (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for DiskArbitration (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for ncurses (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Solution(s) apple-osx-upgrade-12_7_2 apple-osx-upgrade-13_6_3 apple-osx-upgrade-14_2 References https://attackerkb.com/topics/cve-2020-19189 CVE - 2020-19189 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038

Huawei EulerOS: CVE-2022-44840: binutils security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. Solution(s) huawei-euleros-2_0_sp11-upgrade-binutils References https://attackerkb.com/topics/cve-2022-44840 CVE - 2022-44840 EulerOS-SA-2023-3024

OS X update for curl (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Oracle WebLogic: CVE-2022-44729 : Critical Patch Update Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 08/22/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. Solution(s) oracle-weblogic-oct-2023-cpu-12_2_1_4_0 oracle-weblogic-oct-2023-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2022-44729 CVE - 2022-44729 http://www.oracle.com/security-alerts/cpuoct2023.html https://support.oracle.com/rs?type=doc&id=2978467.2

OS X update for ncurses (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Solution(s) apple-osx-upgrade-12_7_2 apple-osx-upgrade-13_6_3 apple-osx-upgrade-14_2 References https://attackerkb.com/topics/cve-2020-19188 CVE - 2020-19188 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038

OS X update for Accessibility (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2020-18768: tiff -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2020-18768 CVE - 2020-18768 DLA-2777-1

OS X update for Bluetooth (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AVEVideoEncoder (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2020-27418: linux -- security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2020-27418 CVE - 2020-27418

Debian: CVE-2020-21679: graphicsmagick -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. Solution(s) debian-upgrade-graphicsmagick References https://attackerkb.com/topics/cve-2020-21679 CVE - 2020-21679

Debian: CVE-2020-21428: freeimage -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. Solution(s) debian-upgrade-freeimage References https://attackerkb.com/topics/cve-2020-21428 CVE - 2020-21428 DLA-3662-1

Debian: CVE-2020-22219: flac -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/22/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. Solution(s) debian-upgrade-flac References https://attackerkb.com/topics/cve-2020-22219 CVE - 2020-22219 DSA-5500 DSA-5500-1

Debian: CVE-2020-22628: libraw -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Solution(s) debian-upgrade-libraw References https://attackerkb.com/topics/cve-2020-22628 CVE - 2020-22628 DLA-3560-1

OS X update for Archive Utility (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2020-19726: binutils -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2020-19726 CVE - 2020-19726

OS X update for Automation (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2020-23793: spice -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. Solution(s) debian-upgrade-spice References https://attackerkb.com/topics/cve-2020-23793 CVE - 2020-23793

OS X update for CoreMedia Playback (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2022-48560: python2 security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description A use-after-free exists in Python through 3.9 via heappushpop in heapq. Solution(s) huawei-euleros-2_0_sp8-upgrade-python-unversioned-command huawei-euleros-2_0_sp8-upgrade-python2 huawei-euleros-2_0_sp8-upgrade-python2-devel huawei-euleros-2_0_sp8-upgrade-python2-libs huawei-euleros-2_0_sp8-upgrade-python2-test References https://attackerkb.com/topics/cve-2022-48560 CVE - 2022-48560 EulerOS-SA-2024-1290