ISHACK AI BOT

CentOS Linux: CVE-2022-48564: Moderate: python3 security update (CESA-2024:0114) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. Solution(s) centos-upgrade-platform-python centos-upgrade-platform-python-debug centos-upgrade-platform-python-devel centos-upgrade-python3-debuginfo centos-upgrade-python3-debugsource centos-upgrade-python3-idle centos-upgrade-python3-libs centos-upgrade-python3-test centos-upgrade-python3-tkinter References CVE-2022-48564

CentOS Linux: CVE-2022-48560: Moderate: python3 security update (CESA-2024:0114) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description A use-after-free exists in Python through 3.9 via heappushpop in heapq. Solution(s) centos-upgrade-platform-python centos-upgrade-platform-python-debug centos-upgrade-platform-python-devel centos-upgrade-python3-debuginfo centos-upgrade-python3-debugsource centos-upgrade-python3-idle centos-upgrade-python3-libs centos-upgrade-python3-test centos-upgrade-python3-tkinter References CVE-2022-48560

SUSE: CVE-2022-43357: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. Solution(s) suse-upgrade-libsass-3_6_5-1 suse-upgrade-libsass-devel References https://attackerkb.com/topics/cve-2022-43357 CVE - 2022-43357

Ubuntu: (CVE-2022-47673): binutils vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. Solution(s) ubuntu-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47673 CVE - 2022-47673 https://sourceware.org/bugzilla/show_bug.cgi?id=29876 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 https://www.cve.org/CVERecord?id=CVE-2022-47673

VMware Photon OS: CVE-2020-22218 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2020-22218 CVE - 2020-22218

SUSE: CVE-2020-18770: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. Solution(s) suse-upgrade-libzzip-0-13 suse-upgrade-libzzip-0-13-32bit suse-upgrade-zziplib-devel suse-upgrade-zziplib-devel-32bit References https://attackerkb.com/topics/cve-2020-18770 CVE - 2020-18770

Ubuntu: USN-6381-1 (CVE-2020-19724): GNU binutils vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/20/2023 Added 09/19/2023 Modified 01/28/2025 Description A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. Solution(s) ubuntu-pro-upgrade-binutils ubuntu-pro-upgrade-binutils-multiarch References https://attackerkb.com/topics/cve-2020-19724 CVE - 2020-19724 USN-6381-1

Rocky Linux: CVE-2020-22217: c-ares (RLSA-2023-7207) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. Solution(s) rocky-upgrade-c-ares rocky-upgrade-c-ares-debuginfo rocky-upgrade-c-ares-debugsource rocky-upgrade-c-ares-devel References https://attackerkb.com/topics/cve-2020-22217 CVE - 2020-22217 https://errata.rockylinux.org/RLSA-2023:7207

SUSE: CVE-2020-22628: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Solution(s) suse-upgrade-libraw-devel suse-upgrade-libraw-devel-static suse-upgrade-libraw-tools suse-upgrade-libraw16 suse-upgrade-libraw20 suse-upgrade-libraw20-32bit suse-upgrade-libraw9 References https://attackerkb.com/topics/cve-2020-22628 CVE - 2020-22628

SUSE: CVE-2020-22217: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. Solution(s) suse-upgrade-libcares-devel suse-upgrade-libcares2 suse-upgrade-libcares2-32bit References https://attackerkb.com/topics/cve-2020-22217 CVE - 2020-22217

Alma Linux: CVE-2023-3899: Important: subscription-manager security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/22/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. Solution(s) alma-upgrade-dnf-plugin-subscription-manager alma-upgrade-libdnf-plugin-subscription-manager alma-upgrade-python3-cloud-what alma-upgrade-python3-subscription-manager-rhsm alma-upgrade-python3-syspurpose alma-upgrade-subscription-manager alma-upgrade-subscription-manager-migration alma-upgrade-subscription-manager-plugin-ostree alma-upgrade-subscription-manager-rhsm-certificates References https://attackerkb.com/topics/cve-2023-3899 CVE - 2023-3899 https://errata.almalinux.org/8/ALSA-2023-4706.html https://errata.almalinux.org/9/ALSA-2023-4708.html

Amazon Linux AMI 2: CVE-2022-47069: Security patch for p7zip (ALASGRAPHICSMAGICK1.3-2024-003) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 07/04/2024 Added 07/04/2024 Modified 01/28/2025 Description p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. Solution(s) amazon-linux-ami-2-upgrade-p7zip amazon-linux-ami-2-upgrade-p7zip-debuginfo amazon-linux-ami-2-upgrade-p7zip-doc amazon-linux-ami-2-upgrade-p7zip-plugins References https://attackerkb.com/topics/cve-2022-47069 AL2/ALASGRAPHICSMAGICK1.3-2024-003 CVE - 2022-47069

Microsoft Defender Security Feature Bypass Vulnerability (CVE-2023-24934) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 08/22/2023 Created 08/23/2023 Added 08/22/2023 Modified 01/28/2025 Description Microsoft Defender Security Feature Bypass Vulnerability Solution(s) windows-defender-upgrade-latest References https://attackerkb.com/topics/cve-2023-24934 CVE - 2023-24934 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24934

OS X update for Libsystem (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for FileURL (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Find My (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2022-35206: binutils -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2022-35206 CVE - 2022-35206

Rocky Linux: CVE-2021-29390: libjpeg-turbo (RLSA-2024-2295) Severity 8 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:C) Published 08/22/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/28/2025 Description libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. Solution(s) rocky-upgrade-libjpeg-turbo rocky-upgrade-libjpeg-turbo-debuginfo rocky-upgrade-libjpeg-turbo-debugsource rocky-upgrade-libjpeg-turbo-devel rocky-upgrade-libjpeg-turbo-utils rocky-upgrade-libjpeg-turbo-utils-debuginfo rocky-upgrade-turbojpeg rocky-upgrade-turbojpeg-debuginfo rocky-upgrade-turbojpeg-devel References https://attackerkb.com/topics/cve-2021-29390 CVE - 2021-29390 https://errata.rockylinux.org/RLSA-2024:2295

OS X update for Find My (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for FileURL (CVE-2020-19190) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AVEVideoEncoder (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleGraphicsControl (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2021-46174: binutils security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Solution(s) huawei-euleros-2_0_sp5-upgrade-binutils huawei-euleros-2_0_sp5-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2021-46174 CVE - 2021-46174 EulerOS-SA-2024-1133

Huawei EulerOS: CVE-2022-48064: gdb security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) huawei-euleros-2_0_sp5-upgrade-gdb huawei-euleros-2_0_sp5-upgrade-gdb-gdbserver References https://attackerkb.com/topics/cve-2022-48064 CVE - 2022-48064 EulerOS-SA-2024-1137

OS X update for AppleVA (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)