ISHACK AI BOT

VMware Photon OS: CVE-2022-47010 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-47010 CVE - 2022-47010

Oracle Linux: CVE-2020-22217: ELSA-2023-7207:c-ares security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 11/25/2023 Added 11/23/2023 Modified 01/07/2025 Description Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. A heap buffer over-read flaw was found in c-ares via the ares_parse_soa_reply function in ares_parse_soa_reply.c. Solution(s) oracle-linux-upgrade-c-ares oracle-linux-upgrade-c-ares-devel References https://attackerkb.com/topics/cve-2020-22217 CVE - 2020-22217 ELSA-2023-7207

Amazon Linux AMI 2: CVE-2022-48064: Security patch for binutils (ALAS-2024-2401) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) amazon-linux-ami-2-upgrade-binutils amazon-linux-ami-2-upgrade-binutils-debuginfo amazon-linux-ami-2-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2022-48064 AL2/ALAS-2024-2401 CVE - 2022-48064

Amazon Linux AMI 2: CVE-2022-47022: Security patch for hwloc (ALAS-2023-2237) Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 08/22/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. Solution(s) amazon-linux-ami-2-upgrade-hwloc amazon-linux-ami-2-upgrade-hwloc-debuginfo amazon-linux-ami-2-upgrade-hwloc-devel amazon-linux-ami-2-upgrade-hwloc-gui amazon-linux-ami-2-upgrade-hwloc-libs amazon-linux-ami-2-upgrade-hwloc-plugins References https://attackerkb.com/topics/cve-2022-47022 AL2/ALAS-2023-2237 CVE - 2022-47022

Huawei EulerOS: CVE-2021-32292: json-c security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. Solution(s) huawei-euleros-2_0_sp11-upgrade-json-c References https://attackerkb.com/topics/cve-2021-32292 CVE - 2021-32292 EulerOS-SA-2023-3032

OS X update for Find My (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2022-48565: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. Solution(s) suse-upgrade-libpython2_7-1_0 suse-upgrade-libpython2_7-1_0-32bit suse-upgrade-python suse-upgrade-python-32bit suse-upgrade-python-base suse-upgrade-python-base-32bit suse-upgrade-python-curses suse-upgrade-python-demo suse-upgrade-python-devel suse-upgrade-python-doc suse-upgrade-python-doc-pdf suse-upgrade-python-gdbm suse-upgrade-python-idle suse-upgrade-python-tk suse-upgrade-python-xml References https://attackerkb.com/topics/cve-2022-48565 CVE - 2022-48565

Debian: CVE-2020-19188: ncurses -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Solution(s) debian-upgrade-ncurses References https://attackerkb.com/topics/cve-2020-19188 CVE - 2020-19188

OS X update for IOUSBDeviceFamily (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Oracle Linux: CVE-2021-40211: ELSA-2023-5461:ImageMagick security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/06/2023 Added 10/05/2023 Modified 11/25/2024 Description An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. Solution(s) oracle-linux-upgrade-imagemagick oracle-linux-upgrade-imagemagick-c oracle-linux-upgrade-imagemagick-c-devel oracle-linux-upgrade-imagemagick-devel oracle-linux-upgrade-imagemagick-doc oracle-linux-upgrade-imagemagick-perl References https://attackerkb.com/topics/cve-2021-40211 CVE - 2021-40211 ELSA-2023-5461

Debian: CVE-2020-18652: exempi -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. Solution(s) debian-upgrade-exempi References https://attackerkb.com/topics/cve-2020-18652 CVE - 2020-18652 DLA-3585-1

Amazon Linux AMI 2: CVE-2020-19724: Security patch for binutils (ALAS-2024-2401) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. Solution(s) amazon-linux-ami-2-upgrade-binutils amazon-linux-ami-2-upgrade-binutils-debuginfo amazon-linux-ami-2-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2020-19724 AL2/ALAS-2024-2401 CVE - 2020-19724

Amazon Linux AMI 2: CVE-2020-18839: Security patch for poppler (ALAS-2023-2243) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. Solution(s) amazon-linux-ami-2-upgrade-poppler amazon-linux-ami-2-upgrade-poppler-cpp amazon-linux-ami-2-upgrade-poppler-cpp-devel amazon-linux-ami-2-upgrade-poppler-debuginfo amazon-linux-ami-2-upgrade-poppler-demos amazon-linux-ami-2-upgrade-poppler-devel amazon-linux-ami-2-upgrade-poppler-glib amazon-linux-ami-2-upgrade-poppler-glib-devel amazon-linux-ami-2-upgrade-poppler-qt amazon-linux-ami-2-upgrade-poppler-qt-devel amazon-linux-ami-2-upgrade-poppler-utils References https://attackerkb.com/topics/cve-2020-18839 AL2/ALAS-2023-2243 CVE - 2020-18839

Amazon Linux AMI 2: CVE-2020-22628: Security patch for LibRaw (ALAS-2023-2256) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Solution(s) amazon-linux-ami-2-upgrade-libraw amazon-linux-ami-2-upgrade-libraw-debuginfo amazon-linux-ami-2-upgrade-libraw-devel amazon-linux-ami-2-upgrade-libraw-static References https://attackerkb.com/topics/cve-2020-22628 AL2/ALAS-2023-2256 CVE - 2020-22628

OS X update for Assets (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleVA (CVE-2020-19187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2023-4430 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4430 CVE - 2023-4430

OS X update for IOUSBDeviceFamily (CVE-2020-19189) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux 2023: CVE-2022-47673: Medium priority package update for binutils Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2022-47673 CVE - 2022-47673 https://alas.aws.amazon.com/AL2023/ALAS-2023-334.html

Amazon Linux 2023: CVE-2022-38349: Medium priority package update for poppler Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. A flaw was found in the Poppler package. This issue occurs due to a reachable assertion in Object.h. By using a specially crafted file, an attacker could cause a denial of service. Solution(s) amazon-linux-2023-upgrade-poppler amazon-linux-2023-upgrade-poppler-cpp amazon-linux-2023-upgrade-poppler-cpp-debuginfo amazon-linux-2023-upgrade-poppler-cpp-devel amazon-linux-2023-upgrade-poppler-debuginfo amazon-linux-2023-upgrade-poppler-debugsource amazon-linux-2023-upgrade-poppler-devel amazon-linux-2023-upgrade-poppler-glib amazon-linux-2023-upgrade-poppler-glib-debuginfo amazon-linux-2023-upgrade-poppler-glib-devel amazon-linux-2023-upgrade-poppler-glib-doc amazon-linux-2023-upgrade-poppler-utils amazon-linux-2023-upgrade-poppler-utils-debuginfo References https://attackerkb.com/topics/cve-2022-38349 CVE - 2022-38349 https://alas.aws.amazon.com/AL2023/ALAS-2023-340.html

Ubuntu: (Multiple Advisories) (CVE-2020-19726): GNU binutils vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/20/2023 Added 09/19/2023 Modified 01/28/2025 Description An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. Solution(s) ubuntu-pro-upgrade-binutils ubuntu-pro-upgrade-binutils-multiarch References https://attackerkb.com/topics/cve-2020-19726 CVE - 2020-19726 USN-6381-1 USN-6544-1

Artifex Ghostscript: (CVE-2020-21710) A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 07/10/2024 Added 07/08/2024 Modified 01/28/2025 Description A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. Solution(s) ghostscript-upgrade-9_51 References https://attackerkb.com/topics/cve-2020-21710 CVE - 2020-21710 https://bugs.ghostscript.com/show_bug.cgi?id=701843

Amazon Linux 2023: CVE-2022-48065: Medium priority package update for binutils Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2022-48065 CVE - 2022-48065 https://alas.aws.amazon.com/AL2023/ALAS-2023-334.html

Amazon Linux AMI 2: CVE-2020-19189: Security patch for ncurses (ALAS-2024-2412) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Solution(s) amazon-linux-ami-2-upgrade-ncurses amazon-linux-ami-2-upgrade-ncurses-base amazon-linux-ami-2-upgrade-ncurses-c-libs amazon-linux-ami-2-upgrade-ncurses-compat-libs amazon-linux-ami-2-upgrade-ncurses-debuginfo amazon-linux-ami-2-upgrade-ncurses-devel amazon-linux-ami-2-upgrade-ncurses-libs amazon-linux-ami-2-upgrade-ncurses-static amazon-linux-ami-2-upgrade-ncurses-term References https://attackerkb.com/topics/cve-2020-19189 AL2/ALAS-2024-2412 CVE - 2020-19189

Ubuntu: (Multiple Advisories) (CVE-2022-35205): GNU binutils vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Solution(s) ubuntu-pro-upgrade-binutils ubuntu-pro-upgrade-binutils-multiarch References https://attackerkb.com/topics/cve-2022-35205 CVE - 2022-35205 USN-6413-1 USN-6544-1