ISHACK AI BOT

OS X update for CoreMedia Playback (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2022-37050: Security patch for poppler (ALAS-2023-2243) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. Solution(s) amazon-linux-ami-2-upgrade-poppler amazon-linux-ami-2-upgrade-poppler-cpp amazon-linux-ami-2-upgrade-poppler-cpp-devel amazon-linux-ami-2-upgrade-poppler-debuginfo amazon-linux-ami-2-upgrade-poppler-demos amazon-linux-ami-2-upgrade-poppler-devel amazon-linux-ami-2-upgrade-poppler-glib amazon-linux-ami-2-upgrade-poppler-glib-devel amazon-linux-ami-2-upgrade-poppler-qt amazon-linux-ami-2-upgrade-poppler-qt-devel amazon-linux-ami-2-upgrade-poppler-utils References https://attackerkb.com/topics/cve-2022-37050 AL2/ALAS-2023-2243 CVE - 2022-37050

Huawei EulerOS: CVE-2020-18652: exempi security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. Solution(s) huawei-euleros-2_0_sp8-upgrade-exempi References https://attackerkb.com/topics/cve-2020-18652 CVE - 2020-18652 EulerOS-SA-2024-1262

Amazon Linux AMI 2: CVE-2022-38349: Security patch for poppler (ALAS-2023-2281) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. Solution(s) amazon-linux-ami-2-upgrade-poppler amazon-linux-ami-2-upgrade-poppler-cpp amazon-linux-ami-2-upgrade-poppler-cpp-devel amazon-linux-ami-2-upgrade-poppler-debuginfo amazon-linux-ami-2-upgrade-poppler-demos amazon-linux-ami-2-upgrade-poppler-devel amazon-linux-ami-2-upgrade-poppler-glib amazon-linux-ami-2-upgrade-poppler-glib-devel amazon-linux-ami-2-upgrade-poppler-qt amazon-linux-ami-2-upgrade-poppler-qt-devel amazon-linux-ami-2-upgrade-poppler-utils References https://attackerkb.com/topics/cve-2022-38349 AL2/ALAS-2023-2281 CVE - 2022-38349

SUSE: CVE-2023-33850: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/22/2023 Created 02/27/2024 Added 02/26/2024 Modified 01/28/2025 Description IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. Solution(s) suse-upgrade-java-1_8_0-ibm suse-upgrade-java-1_8_0-ibm-32bit suse-upgrade-java-1_8_0-ibm-alsa suse-upgrade-java-1_8_0-ibm-demo suse-upgrade-java-1_8_0-ibm-devel suse-upgrade-java-1_8_0-ibm-devel-32bit suse-upgrade-java-1_8_0-ibm-plugin suse-upgrade-java-1_8_0-ibm-src References https://attackerkb.com/topics/cve-2023-33850 CVE - 2023-33850

Amazon Linux AMI 2: CVE-2022-35205: Security patch for binutils (ALAS-2024-2401) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Solution(s) amazon-linux-ami-2-upgrade-binutils amazon-linux-ami-2-upgrade-binutils-debuginfo amazon-linux-ami-2-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2022-35205 AL2/ALAS-2024-2401 CVE - 2022-35205

OS X update for CoreMedia Playback (CVE-2020-19187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

IBM AIX: java_feb2024_advisory (CVE-2023-33850): Vulnerability in IBM Java SDK affects AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/22/2023 Created 03/11/2024 Added 03/08/2024 Modified 01/28/2025 Description IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. Solution(s) ibm-aix-java_feb2024_advisory References https://attackerkb.com/topics/cve-2023-33850 CVE - 2023-33850 https://aix.software.ibm.com/aix/efixes/security/java_feb2024_advisory.asc

SUSE: CVE-2023-30079: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 10/04/2023 Added 10/04/2023 Modified 01/28/2025 Description Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. Solution(s) suse-upgrade-libeconf-devel suse-upgrade-libeconf-utils suse-upgrade-libeconf0 suse-upgrade-libeconf0-32bit References https://attackerkb.com/topics/cve-2023-30079 CVE - 2023-30079

SUSE: CVE-2020-21679: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. Solution(s) suse-upgrade-imagemagick suse-upgrade-imagemagick-config-6-suse suse-upgrade-imagemagick-config-6-upstream suse-upgrade-imagemagick-config-7-suse suse-upgrade-imagemagick-config-7-upstream suse-upgrade-imagemagick-devel suse-upgrade-libmagick-6_q16-3 suse-upgrade-libmagick-7_q16hdri4 suse-upgrade-libmagick-7_q16hdri4-32bit suse-upgrade-libmagick-devel suse-upgrade-libmagickcore-6_q16-1 suse-upgrade-libmagickcore-6_q16-1-32bit suse-upgrade-libmagickcore-7_q16hdri6 suse-upgrade-libmagickcore-7_q16hdri6-32bit suse-upgrade-libmagickwand-6_q16-1 suse-upgrade-libmagickwand-7_q16hdri6 suse-upgrade-libmagickwand-7_q16hdri6-32bit suse-upgrade-perl-perlmagick References https://attackerkb.com/topics/cve-2020-21679 CVE - 2020-21679

OS X update for Libsystem (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2020-19726: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2020-19726 CVE - 2020-19726

Oracle Linux: CVE-2022-48565: ELSA-2024-2987:python27:2.7 security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/22/2023 Created 05/29/2024 Added 05/28/2024 Modified 12/18/2024 Description An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. A flaw was found in Python caused by improper handling of XML external entity (XXE) declarations by the plistlib module. By using a specially crafted XML content, an attacker could obtain sensitive information by disclosing files specified by parsing URI, and may cause denial of service by resource exhaustion. Solution(s) oracle-linux-upgrade-babel oracle-linux-upgrade-python2 oracle-linux-upgrade-python2-attrs oracle-linux-upgrade-python2-babel oracle-linux-upgrade-python2-backports oracle-linux-upgrade-python2-backports-ssl-match-hostname oracle-linux-upgrade-python2-bson oracle-linux-upgrade-python2-chardet oracle-linux-upgrade-python2-coverage oracle-linux-upgrade-python2-cython oracle-linux-upgrade-python2-debug oracle-linux-upgrade-python2-devel oracle-linux-upgrade-python2-dns oracle-linux-upgrade-python2-docs oracle-linux-upgrade-python2-docs-info oracle-linux-upgrade-python2-docutils oracle-linux-upgrade-python2-funcsigs oracle-linux-upgrade-python2-idna oracle-linux-upgrade-python2-ipaddress oracle-linux-upgrade-python2-jinja2 oracle-linux-upgrade-python2-libs oracle-linux-upgrade-python2-lxml oracle-linux-upgrade-python2-markupsafe oracle-linux-upgrade-python2-mock oracle-linux-upgrade-python2-nose oracle-linux-upgrade-python2-numpy oracle-linux-upgrade-python2-numpy-doc oracle-linux-upgrade-python2-numpy-f2py oracle-linux-upgrade-python2-pip oracle-linux-upgrade-python2-pip-wheel oracle-linux-upgrade-python2-pluggy oracle-linux-upgrade-python2-psycopg2 oracle-linux-upgrade-python2-psycopg2-debug oracle-linux-upgrade-python2-psycopg2-tests oracle-linux-upgrade-python2-py oracle-linux-upgrade-python2-pygments oracle-linux-upgrade-python2-pymongo oracle-linux-upgrade-python2-pymongo-gridfs oracle-linux-upgrade-python2-pymysql oracle-linux-upgrade-python2-pysocks oracle-linux-upgrade-python2-pytest oracle-linux-upgrade-python2-pytest-mock oracle-linux-upgrade-python2-pytz oracle-linux-upgrade-python2-pyyaml oracle-linux-upgrade-python2-requests oracle-linux-upgrade-python2-rpm-macros oracle-linux-upgrade-python2-scipy oracle-linux-upgrade-python2-setuptools oracle-linux-upgrade-python2-setuptools-scm oracle-linux-upgrade-python2-setuptools-wheel oracle-linux-upgrade-python2-six oracle-linux-upgrade-python2-sqlalchemy oracle-linux-upgrade-python2-test oracle-linux-upgrade-python2-tkinter oracle-linux-upgrade-python2-tools oracle-linux-upgrade-python2-urllib3 oracle-linux-upgrade-python2-virtualenv oracle-linux-upgrade-python2-wheel oracle-linux-upgrade-python2-wheel-wheel oracle-linux-upgrade-python-nose-docs oracle-linux-upgrade-python-psycopg2-doc oracle-linux-upgrade-python-sqlalchemy-doc References https://attackerkb.com/topics/cve-2022-48565 CVE - 2022-48565 ELSA-2024-2987

OS X update for Kernel (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2020-19190) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2021-40211: Security patch for ImageMagick (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. Solution(s) amazon-linux-ami-2-upgrade-imagemagick amazon-linux-ami-2-upgrade-imagemagick-c amazon-linux-ami-2-upgrade-imagemagick-c-devel amazon-linux-ami-2-upgrade-imagemagick-debuginfo amazon-linux-ami-2-upgrade-imagemagick-devel amazon-linux-ami-2-upgrade-imagemagick-doc amazon-linux-ami-2-upgrade-imagemagick-perl References https://attackerkb.com/topics/cve-2021-40211 AL2/ALAS-2023-2239 AL2/ALAS-2023-2240 CVE - 2021-40211

Amazon Linux AMI 2: CVE-2021-29390: Security patch for libjpeg-turbo (ALAS-2023-2254) Severity 8 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. Solution(s) amazon-linux-ami-2-upgrade-libjpeg-turbo amazon-linux-ami-2-upgrade-libjpeg-turbo-debuginfo amazon-linux-ami-2-upgrade-libjpeg-turbo-devel amazon-linux-ami-2-upgrade-libjpeg-turbo-utils amazon-linux-ami-2-upgrade-turbojpeg amazon-linux-ami-2-upgrade-turbojpeg-devel References https://attackerkb.com/topics/cve-2021-29390 AL2/ALAS-2023-2254 CVE - 2021-29390

OS X update for Kernel (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Assets (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Assets (CVE-2020-19190) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2022-26592: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. Solution(s) suse-upgrade-libsass-3_6_5-1 suse-upgrade-libsass-devel References https://attackerkb.com/topics/cve-2022-26592 CVE - 2022-26592

Debian: CVE-2020-18780: nasm -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. Solution(s) debian-upgrade-nasm References https://attackerkb.com/topics/cve-2020-18780 CVE - 2020-18780

OS X update for FileURL (CVE-2020-19187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2021-46310: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. Solution(s) suse-upgrade-djvulibre suse-upgrade-djvulibre-doc suse-upgrade-libdjvulibre-devel suse-upgrade-libdjvulibre21 References https://attackerkb.com/topics/cve-2021-46310 CVE - 2021-46310