ISHACK AI BOT

Amazon Linux AMI 2: CVE-2023-4459: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-281-212-502 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-118-111-515 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-43-20-103 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4459 AL2/ALAS-2022-1798 AL2/ALASKERNEL-5.10-2022-014 AL2/ALASKERNEL-5.15-2023-023 AL2/ALASKERNEL-5.4-2022-026 CVE - 2023-4459

Huawei EulerOS: CVE-2023-4459: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4459 CVE - 2023-4459 EulerOS-SA-2023-2898

Red Hat: CVE-2023-4459: kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 01/27/2024 Added 01/26/2024 Modified 03/14/2024 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-4459 RHSA-2024:0412 RHSA-2024:1250 RHSA-2024:1306

Gentoo Linux: CVE-2023-36787: Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/21/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Solution(s) gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-36787 CVE - 2023-36787 202402-05

Ubuntu: (Multiple Advisories) (CVE-2020-22628): LibRaw vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/20/2023 Added 09/19/2023 Modified 02/14/2025 Description Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Solution(s) ubuntu-pro-upgrade-digikam ubuntu-pro-upgrade-libraw19 ubuntu-pro-upgrade-showfoto References https://attackerkb.com/topics/cve-2020-22628 CVE - 2020-22628 USN-6377-1 USN-7266-1

Amazon Linux AMI: CVE-2022-48541: Security patch for ImageMagick (ALAS-2023-1831) Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 08/22/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Solution(s) amazon-linux-upgrade-imagemagick References ALAS-2023-1831 CVE-2022-48541

Ubuntu: USN-6364-1 (CVE-2020-21710): Ghostscript vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. Solution(s) ubuntu-pro-upgrade-ghostscript ubuntu-pro-upgrade-libgs9 References https://attackerkb.com/topics/cve-2020-21710 CVE - 2020-21710 USN-6364-1

OS X update for Model I/O (CVE-2020-19185) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: USN-6472-1 (CVE-2020-35357): GNU Scientific Library vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. Solution(s) ubuntu-pro-upgrade-gsl-bin ubuntu-pro-upgrade-libgsl-dev ubuntu-pro-upgrade-libgsl2 ubuntu-pro-upgrade-libgsl23 ubuntu-pro-upgrade-libgsl27 ubuntu-pro-upgrade-libgslcblas0 References https://attackerkb.com/topics/cve-2020-35357 CVE - 2020-35357 USN-6472-1

Ubuntu: USN-6586-1 (CVE-2020-22524): FreeImage vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 01/18/2024 Added 01/17/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file. Solution(s) ubuntu-pro-upgrade-libfreeimage3 ubuntu-pro-upgrade-libfreeimageplus3 References https://attackerkb.com/topics/cve-2020-22524 CVE - 2020-22524 USN-6586-1

Ubuntu: (Multiple Advisories) (CVE-2020-23804): poppler vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 11/25/2023 Added 11/24/2023 Modified 01/28/2025 Description Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. Solution(s) ubuntu-pro-upgrade-libpoppler118 ubuntu-pro-upgrade-libpoppler58 ubuntu-pro-upgrade-libpoppler73 ubuntu-pro-upgrade-libpoppler97 ubuntu-pro-upgrade-poppler-utils References https://attackerkb.com/topics/cve-2020-23804 CVE - 2020-23804 USN-6508-1 USN-6508-2

VMware Photon OS: CVE-2021-32292 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2021-32292 CVE - 2021-32292

Rocky Linux: CVE-2020-21710: ghostscript (RLSA-2024-2966) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. Solution(s) rocky-upgrade-ghostscript rocky-upgrade-ghostscript-debuginfo rocky-upgrade-ghostscript-debugsource rocky-upgrade-ghostscript-tools-dvipdf rocky-upgrade-ghostscript-tools-fonts rocky-upgrade-ghostscript-tools-printing rocky-upgrade-ghostscript-x11 rocky-upgrade-ghostscript-x11-debuginfo rocky-upgrade-libgs rocky-upgrade-libgs-debuginfo rocky-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2020-21710 CVE - 2020-21710 https://errata.rockylinux.org/RLSA-2024:2966

SUSE: CVE-2022-35205: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2022-35205 CVE - 2022-35205

Debian: CVE-2023-34319: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/21/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/30/2025 Description The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece.Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together.Such an unusual packet would therefore trigger a buffer overrun in the driver. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-34319 CVE - 2023-34319 DSA-5480-1

Red Hat: CVE-2023-32002: Permissions policies can be bypassed via Module._load (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/21/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-32002 RHSA-2023:5360 RHSA-2023:5361 RHSA-2023:5362 RHSA-2023:5363 RHSA-2023:5532 RHSA-2023:5533 View more

VMware Photon OS: CVE-2023-32002 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/21/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-32002 CVE - 2023-32002

VMware Photon OS: CVE-2023-4459 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4459 CVE - 2023-4459

CentOS Linux: CVE-2023-32002: Important: nodejs:16 security, bug fix, and enhancement update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/21/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-libs centos-upgrade-nodejs-libs-debuginfo centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2023-32002

Rocky Linux: CVE-2023-32002: nodejs (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/21/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-4459: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4459 CVE - 2023-4459 EulerOS-SA-2023-3217

Huawei EulerOS: CVE-2023-4459: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4459 CVE - 2023-4459 EulerOS-SA-2023-3033

Alpine Linux: CVE-2023-32002: Vulnerability in Multiple Components Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/21/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) alpine-linux-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-32002 CVE - 2023-32002 https://security.alpinelinux.org/vuln/CVE-2023-32002

Ubuntu: USN-6388-1 (CVE-2023-4459): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) ubuntu-upgrade-linux-image-4-4-0-1123-aws ubuntu-upgrade-linux-image-4-4-0-1124-kvm ubuntu-upgrade-linux-image-4-4-0-1161-aws ubuntu-upgrade-linux-image-4-4-0-245-generic ubuntu-upgrade-linux-image-4-4-0-245-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-lts-xenial References https://attackerkb.com/topics/cve-2023-4459 CVE - 2023-4459 USN-6388-1

Huawei EulerOS: CVE-2023-4459: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/21/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-4459 CVE - 2023-4459 EulerOS-SA-2024-1144