ISHACK AI BOT

Amazon Linux AMI 2: CVE-2020-19909: Security patch for curl (ALAS-2023-2230) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/22/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. Solution(s) amazon-linux-ami-2-upgrade-curl amazon-linux-ami-2-upgrade-curl-debuginfo amazon-linux-ami-2-upgrade-libcurl amazon-linux-ami-2-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2020-19909 AL2/ALAS-2023-2230 CVE - 2020-19909

Debian: CVE-2020-18839: poppler -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. Solution(s) debian-upgrade-poppler References https://attackerkb.com/topics/cve-2020-18839 CVE - 2020-18839

Huawei EulerOS: CVE-2022-47696: binutils security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. Solution(s) huawei-euleros-2_0_sp9-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47696 CVE - 2022-47696 EulerOS-SA-2023-2891

Amazon Linux AMI 2: CVE-2020-22218: Security patch for libssh2 (ALAS-2023-2257) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. Solution(s) amazon-linux-ami-2-upgrade-libssh2 amazon-linux-ami-2-upgrade-libssh2-debuginfo amazon-linux-ami-2-upgrade-libssh2-devel amazon-linux-ami-2-upgrade-libssh2-docs References https://attackerkb.com/topics/cve-2020-22218 AL2/ALAS-2023-2257 CVE - 2020-22218

Amazon Linux AMI 2: CVE-2020-27418: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 08/22/2023 Created 12/06/2023 Added 12/05/2023 Modified 01/28/2025 Description A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. Solution(s) amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-173-137-228 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2020-27418 AL2/ALAS-2020-1405 AL2/ALASKERNEL-5.4-2022-011 CVE - 2020-27418

Amazon Linux AMI 2: CVE-2020-18651: Security patch for exempi (ALAS-2023-2260) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. Solution(s) amazon-linux-ami-2-upgrade-exempi amazon-linux-ami-2-upgrade-exempi-debuginfo amazon-linux-ami-2-upgrade-exempi-devel References https://attackerkb.com/topics/cve-2020-18651 AL2/ALAS-2023-2260 CVE - 2020-18651

Amazon Linux AMI 2: CVE-2020-21890: Security patch for ghostscript (ALAS-2023-2258) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. Solution(s) amazon-linux-ami-2-upgrade-ghostscript amazon-linux-ami-2-upgrade-ghostscript-cups amazon-linux-ami-2-upgrade-ghostscript-debuginfo amazon-linux-ami-2-upgrade-ghostscript-doc amazon-linux-ami-2-upgrade-ghostscript-gtk amazon-linux-ami-2-upgrade-libgs amazon-linux-ami-2-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2020-21890 AL2/ALAS-2023-2258 CVE - 2020-21890

Amazon Linux AMI 2: CVE-2020-21679: Security patch for GraphicsMagick (ALASGRAPHICSMAGICK1.3-2023-001) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/04/2024 Added 07/04/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. Solution(s) amazon-linux-ami-2-upgrade-graphicsmagick amazon-linux-ami-2-upgrade-graphicsmagick-c amazon-linux-ami-2-upgrade-graphicsmagick-c-devel amazon-linux-ami-2-upgrade-graphicsmagick-debuginfo amazon-linux-ami-2-upgrade-graphicsmagick-devel amazon-linux-ami-2-upgrade-graphicsmagick-doc amazon-linux-ami-2-upgrade-graphicsmagick-perl References https://attackerkb.com/topics/cve-2020-21679 AL2/ALASGRAPHICSMAGICK1.3-2023-001 CVE - 2020-21679

OS X update for Find My (CVE-2020-19187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2020-19186: Security patch for ncurses (ALAS-2024-2412) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Solution(s) amazon-linux-ami-2-upgrade-ncurses amazon-linux-ami-2-upgrade-ncurses-base amazon-linux-ami-2-upgrade-ncurses-c-libs amazon-linux-ami-2-upgrade-ncurses-compat-libs amazon-linux-ami-2-upgrade-ncurses-debuginfo amazon-linux-ami-2-upgrade-ncurses-devel amazon-linux-ami-2-upgrade-ncurses-libs amazon-linux-ami-2-upgrade-ncurses-static amazon-linux-ami-2-upgrade-ncurses-term References https://attackerkb.com/topics/cve-2020-19186 AL2/ALAS-2024-2412 CVE - 2020-19186

Amazon Linux AMI 2: CVE-2020-18770: Security patch for zziplib (ALAS-2024-2689) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. Solution(s) amazon-linux-ami-2-upgrade-zziplib amazon-linux-ami-2-upgrade-zziplib-debuginfo amazon-linux-ami-2-upgrade-zziplib-devel amazon-linux-ami-2-upgrade-zziplib-utils References https://attackerkb.com/topics/cve-2020-18770 AL2/ALAS-2024-2689 CVE - 2020-18770

Amazon Linux AMI 2: CVE-2020-18780: Security patch for nasm (ALAS-2023-2277) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. Solution(s) amazon-linux-ami-2-upgrade-nasm amazon-linux-ami-2-upgrade-nasm-debuginfo amazon-linux-ami-2-upgrade-nasm-doc amazon-linux-ami-2-upgrade-nasm-rdoff References https://attackerkb.com/topics/cve-2020-18780 AL2/ALAS-2023-2277 CVE - 2020-18780

Amazon Linux AMI 2: CVE-2020-18781: Security patch for audiofile (ALAS-2024-2601) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/23/2024 Added 07/23/2024 Modified 01/28/2025 Description Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert. Solution(s) amazon-linux-ami-2-upgrade-audiofile amazon-linux-ami-2-upgrade-audiofile-debuginfo amazon-linux-ami-2-upgrade-audiofile-devel References https://attackerkb.com/topics/cve-2020-18781 AL2/ALAS-2024-2601 CVE - 2020-18781

VMware Photon OS: CVE-2022-47008 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-47008 CVE - 2022-47008

Huawei EulerOS: CVE-2022-48566: python security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/22/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. Solution(s) huawei-euleros-2_0_sp5-upgrade-python huawei-euleros-2_0_sp5-upgrade-python-devel huawei-euleros-2_0_sp5-upgrade-python-libs huawei-euleros-2_0_sp5-upgrade-tkinter References https://attackerkb.com/topics/cve-2022-48566 CVE - 2022-48566 EulerOS-SA-2024-1160

Debian: CVE-2022-29654: nasm -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. Solution(s) debian-upgrade-nasm References https://attackerkb.com/topics/cve-2022-29654 CVE - 2022-29654

VMware Photon OS: CVE-2022-47673 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-47673 CVE - 2022-47673

VMware Photon OS: CVE-2022-47696 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-47696 CVE - 2022-47696

VMware Photon OS: CVE-2022-48560 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free exists in Python through 3.9 via heappushpop in heapq. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-48560 CVE - 2022-48560

Debian: CVE-2021-33390: dpic -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421. Solution(s) debian-upgrade-dpic References https://attackerkb.com/topics/cve-2021-33390 CVE - 2021-33390

VMware Photon OS: CVE-2022-48564 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-48564 CVE - 2022-48564

VMware Photon OS: CVE-2023-4431 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4431 CVE - 2023-4431

SUSE: CVE-2020-23804: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. Solution(s) suse-upgrade-libpoppler-cpp0 suse-upgrade-libpoppler-devel suse-upgrade-libpoppler-glib-devel suse-upgrade-libpoppler-glib8 suse-upgrade-libpoppler-qt4-4 suse-upgrade-libpoppler-qt4-devel suse-upgrade-libpoppler44 suse-upgrade-libpoppler60 suse-upgrade-libpoppler73 suse-upgrade-libpoppler73-32bit suse-upgrade-libpoppler89 suse-upgrade-libpoppler89-32bit suse-upgrade-poppler-tools suse-upgrade-typelib-1_0-poppler-0_18 References https://attackerkb.com/topics/cve-2020-23804 CVE - 2020-23804

OS X update for CoreServices (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreMedia Playback (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)