ISHACK AI BOT

SUSE: CVE-2022-48064: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2022-48064 CVE - 2022-48064

OS X update for curl (CVE-2020-19188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2020-18652: exempi: denial of service via opening of crafted webp file (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 05/24/2024 Added 05/23/2024 Modified 05/23/2024 Description Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. Solution(s) redhat-upgrade-exempi redhat-upgrade-exempi-debuginfo redhat-upgrade-exempi-debugsource redhat-upgrade-exempi-devel References CVE-2020-18652 RHSA-2024:3066

SUSE: CVE-2022-44729: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. Solution(s) suse-upgrade-xmlgraphics-batik suse-upgrade-xmlgraphics-batik-css suse-upgrade-xmlgraphics-batik-demo suse-upgrade-xmlgraphics-batik-javadoc suse-upgrade-xmlgraphics-batik-rasterizer suse-upgrade-xmlgraphics-batik-slideshow suse-upgrade-xmlgraphics-batik-squiggle suse-upgrade-xmlgraphics-batik-svgpp suse-upgrade-xmlgraphics-batik-ttf2svg References https://attackerkb.com/topics/cve-2022-44729 CVE - 2022-44729

Red Hat: CVE-2020-22219: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/22/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. Solution(s) redhat-upgrade-flac redhat-upgrade-flac-debuginfo redhat-upgrade-flac-debugsource redhat-upgrade-flac-devel redhat-upgrade-flac-libs redhat-upgrade-flac-libs-debuginfo References CVE-2020-22219 RHSA-2023:5045 RHSA-2023:5046 RHSA-2023:5047 RHSA-2023:5048

Red Hat: CVE-2020-21710: ghostscript: Divide by zero in eps_print_page in gdevepsn.c (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 05/24/2024 Added 05/23/2024 Modified 05/23/2024 Description A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. Solution(s) redhat-upgrade-ghostscript redhat-upgrade-ghostscript-debuginfo redhat-upgrade-ghostscript-debugsource redhat-upgrade-ghostscript-doc redhat-upgrade-ghostscript-gtk-debuginfo redhat-upgrade-ghostscript-tools-dvipdf redhat-upgrade-ghostscript-tools-fonts redhat-upgrade-ghostscript-tools-printing redhat-upgrade-ghostscript-x11 redhat-upgrade-ghostscript-x11-debuginfo redhat-upgrade-libgs redhat-upgrade-libgs-debuginfo redhat-upgrade-libgs-devel References CVE-2020-21710 RHSA-2024:2966

Huawei EulerOS: CVE-2020-21583: util-linux security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/22/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. Solution(s) huawei-euleros-2_0_sp5-upgrade-libblkid huawei-euleros-2_0_sp5-upgrade-libblkid-devel huawei-euleros-2_0_sp5-upgrade-libmount huawei-euleros-2_0_sp5-upgrade-libuuid huawei-euleros-2_0_sp5-upgrade-libuuid-devel huawei-euleros-2_0_sp5-upgrade-util-linux huawei-euleros-2_0_sp5-upgrade-uuidd References https://attackerkb.com/topics/cve-2020-21583 CVE - 2020-21583 EulerOS-SA-2024-1167

Gentoo Linux: CVE-2020-21528: NASM: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. Solution(s) gentoo-linux-upgrade-dev-lang-nasm References https://attackerkb.com/topics/cve-2020-21528 CVE - 2020-21528 202312-09

OS X update for Accessibility (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2020-18378: binaryen -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. Solution(s) debian-upgrade-binaryen References https://attackerkb.com/topics/cve-2020-18378 CVE - 2020-18378

SUSE: CVE-2022-37050: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/04/2023 Added 10/04/2023 Modified 01/28/2025 Description In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. Solution(s) suse-upgrade-libpoppler-cpp0 suse-upgrade-libpoppler-cpp0-32bit suse-upgrade-libpoppler-devel suse-upgrade-libpoppler-glib-devel suse-upgrade-libpoppler-glib8 suse-upgrade-libpoppler-glib8-32bit suse-upgrade-libpoppler-qt4-4 suse-upgrade-libpoppler-qt4-devel suse-upgrade-libpoppler-qt5-1 suse-upgrade-libpoppler-qt5-1-32bit suse-upgrade-libpoppler-qt5-devel suse-upgrade-libpoppler-qt6-3 suse-upgrade-libpoppler-qt6-devel suse-upgrade-libpoppler117 suse-upgrade-libpoppler117-32bit suse-upgrade-libpoppler44 suse-upgrade-libpoppler60 suse-upgrade-libpoppler73 suse-upgrade-libpoppler73-32bit suse-upgrade-libpoppler89 suse-upgrade-libpoppler89-32bit suse-upgrade-poppler-tools suse-upgrade-typelib-1_0-poppler-0_18 References https://attackerkb.com/topics/cve-2022-37050 CVE - 2022-37050

Rocky Linux: CVE-2023-30079: libeconf (RLSA-2023-4347) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/22/2023 Created 03/07/2024 Added 03/05/2024 Modified 08/28/2024 Description Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. Solution(s) rocky-upgrade-libeconf rocky-upgrade-libeconf-debuginfo rocky-upgrade-libeconf-debugsource References https://attackerkb.com/topics/cve-2023-30079 CVE - 2023-30079 https://errata.rockylinux.org/RLSA-2023:4347

OS X update for Libsystem (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for DiskArbitration (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2021-46174: binutils security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Solution(s) huawei-euleros-2_0_sp9-upgrade-binutils References https://attackerkb.com/topics/cve-2021-46174 CVE - 2021-46174 EulerOS-SA-2023-2891

Debian: CVE-2021-32292: json-c -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. Solution(s) debian-upgrade-json-c References https://attackerkb.com/topics/cve-2021-32292 CVE - 2021-32292 DSA-5486 DSA-5486-1

Red Hat: CVE-2021-40211: Important: ImageMagick security update (RHSA-2023:5461) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. Solution(s) redhat-upgrade-imagemagick redhat-upgrade-imagemagick-c redhat-upgrade-imagemagick-c-devel redhat-upgrade-imagemagick-debuginfo redhat-upgrade-imagemagick-devel redhat-upgrade-imagemagick-doc redhat-upgrade-imagemagick-perl References CVE-2021-40211

Debian: CVE-2022-40090: tiff -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2022-40090 CVE - 2022-40090

Debian: CVE-2022-48571: memcached -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. Solution(s) debian-upgrade-memcached References https://attackerkb.com/topics/cve-2022-48571 CVE - 2022-48571 DLA-3557-1

SUSE: CVE-2022-47696: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2022-47696 CVE - 2022-47696

Debian: CVE-2022-48565: pypy3, python2.7, python3.9 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/22/2023 Added 09/22/2023 Modified 01/28/2025 Description An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. Solution(s) debian-upgrade-pypy3 debian-upgrade-python2-7 debian-upgrade-python3-9 References https://attackerkb.com/topics/cve-2022-48565 CVE - 2022-48565 DLA-3575-1

Debian: CVE-2022-48538: cacti -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. Solution(s) debian-upgrade-cacti References https://attackerkb.com/topics/cve-2022-48538 CVE - 2022-48538

Huawei EulerOS: CVE-2021-32292: json-c security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. Solution(s) huawei-euleros-2_0_sp10-upgrade-json-c References https://attackerkb.com/topics/cve-2021-32292 CVE - 2021-32292 EulerOS-SA-2023-3216

Huawei EulerOS: CVE-2020-19724: binutils security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. Solution(s) huawei-euleros-2_0_sp5-upgrade-binutils huawei-euleros-2_0_sp5-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2020-19724 CVE - 2020-19724 EulerOS-SA-2024-1133

OS X update for Automation (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)