ISHACK AI BOT 发布的所有帖子
-
Alma Linux: CVE-2020-18651: Moderate: exempi security update (ALSA-2024-3066) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 06/01/2024 Added 05/31/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. Solution(s) alma-upgrade-exempi alma-upgrade-exempi-devel References https://attackerkb.com/topics/cve-2020-18651 CVE - 2020-18651 https://errata.almalinux.org/8/ALSA-2024-3066.html -
OS X update for curl (CVE-2020-19186) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
Oracle Linux: CVE-2020-22219: ELSA-2023-5046:flac security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/22/2023 Created 09/14/2023 Added 09/13/2023 Modified 12/01/2024 Description Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder. Solution(s) oracle-linux-upgrade-flac oracle-linux-upgrade-flac-devel oracle-linux-upgrade-flac-libs References https://attackerkb.com/topics/cve-2020-22219 CVE - 2020-22219 ELSA-2023-5046 ELSA-2023-5048
-
Amazon Linux AMI 2: CVE-2022-48564: Security patch for python3 (ALAS-2023-2317) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/30/2024 Added 08/29/2024 Modified 01/28/2025 Description read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. Solution(s) amazon-linux-ami-2-upgrade-python3 amazon-linux-ami-2-upgrade-python3-debug amazon-linux-ami-2-upgrade-python3-debuginfo amazon-linux-ami-2-upgrade-python3-devel amazon-linux-ami-2-upgrade-python3-libs amazon-linux-ami-2-upgrade-python3-test amazon-linux-ami-2-upgrade-python3-tkinter amazon-linux-ami-2-upgrade-python3-tools References https://attackerkb.com/topics/cve-2022-48564 AL2/ALAS-2023-2317 CVE - 2022-48564
-
Amazon Linux AMI 2: CVE-2022-47007: Security patch for binutils (ALAS-2024-2401) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) amazon-linux-ami-2-upgrade-binutils amazon-linux-ami-2-upgrade-binutils-debuginfo amazon-linux-ami-2-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2022-47007 AL2/ALAS-2024-2401 CVE - 2022-47007
-
OS X update for FileURL (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
Amazon Linux AMI 2: CVE-2022-48560: Security patch forpython3, python (ALAS-2020-1471) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/27/2023 Added 10/27/2023 Modified 01/28/2025 Description A use-after-free exists in Python through 3.9 via heappushpop in heapq. Solution(s) amazon-linux-ami-2-upgrade-python amazon-linux-ami-2-upgrade-python-debug amazon-linux-ami-2-upgrade-python-debuginfo amazon-linux-ami-2-upgrade-python-devel amazon-linux-ami-2-upgrade-python-libs amazon-linux-ami-2-upgrade-python-test amazon-linux-ami-2-upgrade-python-tools amazon-linux-ami-2-upgrade-python3 amazon-linux-ami-2-upgrade-python3-debug amazon-linux-ami-2-upgrade-python3-debuginfo amazon-linux-ami-2-upgrade-python3-devel amazon-linux-ami-2-upgrade-python3-libs amazon-linux-ami-2-upgrade-python3-test amazon-linux-ami-2-upgrade-python3-tkinter amazon-linux-ami-2-upgrade-python3-tools amazon-linux-ami-2-upgrade-tkinter References https://attackerkb.com/topics/cve-2022-48560 AL2/ALAS-2020-1471 CVE - 2022-48560
-
Oracle Linux: CVE-2020-21710: ELSA-2024-2966:ghostscript security update (LOW) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 05/29/2024 Added 05/28/2024 Modified 11/25/2024 Description A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. GhostScript is vulnerable to divide by zero issue in function eps_print_page in gdevepsn.c allows remote attacker to cause a denial of service via crafted PDF file. Solution(s) oracle-linux-upgrade-ghostscript oracle-linux-upgrade-ghostscript-doc oracle-linux-upgrade-ghostscript-tools-dvipdf oracle-linux-upgrade-ghostscript-tools-fonts oracle-linux-upgrade-ghostscript-tools-printing oracle-linux-upgrade-ghostscript-x11 oracle-linux-upgrade-libgs oracle-linux-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2020-21710 CVE - 2020-21710 ELSA-2024-2966
-
Amazon Linux AMI 2: CVE-2022-47010: Security patch for binutils (ALAS-2024-2401) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) amazon-linux-ami-2-upgrade-binutils amazon-linux-ami-2-upgrade-binutils-debuginfo amazon-linux-ami-2-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2022-47010 AL2/ALAS-2024-2401 CVE - 2022-47010
-
Oracle Linux: CVE-2020-18651: ELSA-2024-3066:exempi security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 06/01/2024 Added 05/30/2024 Modified 01/07/2025 Description Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. A buffer overflow flaw was found in the exempi package. This issue occurs in the ID3_Support::ID3v2Frame::getFrameValue function that allows remote attackers to cause a denial of service via opening a crafted audio file with the ID3V2 frame. Solution(s) oracle-linux-upgrade-exempi oracle-linux-upgrade-exempi-devel References https://attackerkb.com/topics/cve-2020-18651 CVE - 2020-18651 ELSA-2024-3066
-
Amazon Linux AMI 2: CVE-2022-48565: Security patch for python, python3 (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 10/27/2023 Added 10/27/2023 Modified 01/28/2025 Description An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. Solution(s) amazon-linux-ami-2-upgrade-python amazon-linux-ami-2-upgrade-python-debug amazon-linux-ami-2-upgrade-python-debuginfo amazon-linux-ami-2-upgrade-python-devel amazon-linux-ami-2-upgrade-python-libs amazon-linux-ami-2-upgrade-python-test amazon-linux-ami-2-upgrade-python-tools amazon-linux-ami-2-upgrade-python3 amazon-linux-ami-2-upgrade-python3-debug amazon-linux-ami-2-upgrade-python3-debuginfo amazon-linux-ami-2-upgrade-python3-devel amazon-linux-ami-2-upgrade-python3-libs amazon-linux-ami-2-upgrade-python3-test amazon-linux-ami-2-upgrade-python3-tkinter amazon-linux-ami-2-upgrade-python3-tools amazon-linux-ami-2-upgrade-tkinter References https://attackerkb.com/topics/cve-2022-48565 AL2/ALAS-2023-2317 AL2/ALAS-2023-2330 CVE - 2022-48565
-
Debian: CVE-2022-48564: pypy3, python2.7, python3.9 -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/13/2023 Added 10/13/2023 Modified 01/28/2025 Description read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. Solution(s) debian-upgrade-pypy3 debian-upgrade-python2-7 debian-upgrade-python3-9 References https://attackerkb.com/topics/cve-2022-48564 CVE - 2022-48564 DLA-3614-1
-
Debian: CVE-2022-48174: busybox -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 01/28/2025 Description There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. Solution(s) debian-upgrade-busybox References https://attackerkb.com/topics/cve-2022-48174 CVE - 2022-48174 DLA-4019-1
-
Debian: CVE-2022-47673: binutils -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47673 CVE - 2022-47673
-
Huawei EulerOS: CVE-2020-19189: ncurses security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Solution(s) huawei-euleros-2_0_sp8-upgrade-ncurses huawei-euleros-2_0_sp8-upgrade-ncurses-base huawei-euleros-2_0_sp8-upgrade-ncurses-c++-libs huawei-euleros-2_0_sp8-upgrade-ncurses-compat-libs huawei-euleros-2_0_sp8-upgrade-ncurses-devel huawei-euleros-2_0_sp8-upgrade-ncurses-libs huawei-euleros-2_0_sp8-upgrade-ncurses-term References https://attackerkb.com/topics/cve-2020-19189 CVE - 2020-19189 EulerOS-SA-2024-1285
-
Debian: CVE-2022-47010: binutils -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47010 CVE - 2022-47010
-
Debian: CVE-2022-47008: binutils -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47008 CVE - 2022-47008
-
Debian: CVE-2022-44730: batik -- security update Severity 3 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:N) Published 08/22/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. Solution(s) debian-upgrade-batik References https://attackerkb.com/topics/cve-2022-44730 CVE - 2022-44730 DLA-3619-1
-
Alpine Linux: CVE-2022-47007: Missing Release of Memory after Effective Lifetime Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47007 CVE - 2022-47007 https://security.alpinelinux.org/vuln/CVE-2022-47007
-
Red Hat: CVE-2022-40433: segmentation fault in ciMethodBlocks (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 08/22/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::make_block_at function in OpenJDK (HotSpot VM) 8 (11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively), and may allow an attacker to cause a denial of service. Solution(s) redhat-upgrade-java-1-8-0-openjdk redhat-upgrade-java-1-8-0-openjdk-accessibility redhat-upgrade-java-1-8-0-openjdk-accessibility-fastdebug redhat-upgrade-java-1-8-0-openjdk-accessibility-slowdebug redhat-upgrade-java-1-8-0-openjdk-debuginfo redhat-upgrade-java-1-8-0-openjdk-debugsource redhat-upgrade-java-1-8-0-openjdk-demo redhat-upgrade-java-1-8-0-openjdk-demo-debuginfo redhat-upgrade-java-1-8-0-openjdk-demo-fastdebug redhat-upgrade-java-1-8-0-openjdk-demo-fastdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-demo-slowdebug redhat-upgrade-java-1-8-0-openjdk-demo-slowdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-devel redhat-upgrade-java-1-8-0-openjdk-devel-debuginfo redhat-upgrade-java-1-8-0-openjdk-devel-fastdebug redhat-upgrade-java-1-8-0-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-devel-slowdebug redhat-upgrade-java-1-8-0-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-fastdebug redhat-upgrade-java-1-8-0-openjdk-fastdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-headless redhat-upgrade-java-1-8-0-openjdk-headless-debuginfo redhat-upgrade-java-1-8-0-openjdk-headless-fastdebug redhat-upgrade-java-1-8-0-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-headless-slowdebug redhat-upgrade-java-1-8-0-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-javadoc redhat-upgrade-java-1-8-0-openjdk-javadoc-zip redhat-upgrade-java-1-8-0-openjdk-slowdebug redhat-upgrade-java-1-8-0-openjdk-slowdebug-debuginfo redhat-upgrade-java-1-8-0-openjdk-src redhat-upgrade-java-1-8-0-openjdk-src-fastdebug redhat-upgrade-java-1-8-0-openjdk-src-slowdebug References CVE-2022-40433 RHSA-2023:5730 RHSA-2023:5731 RHSA-2023:5732 RHSA-2023:5733
-
Ubuntu: USN-6655-1 (CVE-2022-48065): GNU binutils vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/28/2024 Added 02/27/2024 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. Solution(s) ubuntu-upgrade-binutils ubuntu-upgrade-binutils-multiarch References https://attackerkb.com/topics/cve-2022-48065 CVE - 2022-48065 USN-6655-1
-
Huawei EulerOS: CVE-2022-48064: binutils security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) huawei-euleros-2_0_sp10-upgrade-binutils References https://attackerkb.com/topics/cve-2022-48064 CVE - 2022-48064 EulerOS-SA-2023-3200
-
Red Hat: CVE-2022-40090: libtiff: infinite loop via a crafted TIFF file (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2022-40090 RHSA-2024:2289
-
Debian: CVE-2022-48065: binutils -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2022-48065 CVE - 2022-48065
-
OS X update for Emoji (CVE-2020-19190) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)