ISHACK AI BOT

Amazon Linux AMI: CVE-2020-36023: Security patch for poppler (ALAS-2023-1850) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. Solution(s) amazon-linux-upgrade-poppler References ALAS-2023-1850 CVE-2020-36023

Huawei EulerOS: CVE-2023-25775: kernel security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-25775 CVE - 2023-25775 EulerOS-SA-2024-1086

F5 Networks: CVE-2022-38083: K000137202: Intel BIOS vulnerability CVE-2022-38083 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/11/2023 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2022-38083 CVE - 2022-38083 https://my.f5.com/manage/s/article/K000137202

Oracle Linux: CVE-2023-25775: ELSA-2024-2394:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:P) Published 08/11/2023 Created 02/14/2024 Added 02/13/2024 Modified 01/23/2025 Description Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. An improper access control flaw was found in the Intel(R) Ethernet Controller RDMA driver in the Linux Kernel. This flaw allows an unauthenticated user to enable privilege escalation via network access. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-25775 CVE - 2023-25775 ELSA-2024-2394 ELSA-2024-12150 ELSA-2024-2004 ELSA-2024-12151 ELSA-2024-12153 ELSA-2024-12159 ELSA-2024-12154 ELSA-2024-3138 View more

XnSoft XnView: CVE-2021-28427: Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 08/28/2023 Added 08/21/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. Solution(s) xnsoft-xnview-upgrade-2_49_4 References https://attackerkb.com/topics/cve-2021-28427 CVE - 2021-28427 https://newsgroup.xnview.com/viewtopic.php?f=35&t=41035

Gentoo Linux: CVE-2023-3823: PHP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/11/2023 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. Solution(s) gentoo-linux-upgrade-dev-lang-php References https://attackerkb.com/topics/cve-2023-3823 CVE - 2023-3823 202408-32

SUSE: CVE-2023-23908: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 08/11/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Solution(s) suse-upgrade-ucode-intel References https://attackerkb.com/topics/cve-2023-23908 CVE - 2023-23908

Amazon Linux AMI 2: CVE-2021-28025: Security patch for qt5-qtsvg (ALAS-2023-2242) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). Solution(s) amazon-linux-ami-2-upgrade-qt5-qtsvg amazon-linux-ami-2-upgrade-qt5-qtsvg-debuginfo amazon-linux-ami-2-upgrade-qt5-qtsvg-devel amazon-linux-ami-2-upgrade-qt5-qtsvg-doc amazon-linux-ami-2-upgrade-qt5-qtsvg-examples References https://attackerkb.com/topics/cve-2021-28025 AL2/ALAS-2023-2242 CVE - 2021-28025

SUSE: CVE-2023-25775: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-25775 CVE - 2023-25775

Amazon Linux AMI 2: CVE-2021-3236: Security patch for vim (ALAS-2023-2266) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 amazon-linux-ami-2-upgrade-xxd References https://attackerkb.com/topics/cve-2021-3236 AL2/ALAS-2023-2266 CVE - 2021-3236

Huawei EulerOS: CVE-2023-25775: kernel security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-25775 CVE - 2023-25775 EulerOS-SA-2023-3033

CentOS Linux: CVE-2022-36351: Important: linux-firmware security update (CESA-2024:3939) Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. Solution(s) centos-upgrade-iwl100-firmware centos-upgrade-iwl1000-firmware centos-upgrade-iwl105-firmware centos-upgrade-iwl135-firmware centos-upgrade-iwl2000-firmware centos-upgrade-iwl2030-firmware centos-upgrade-iwl3160-firmware centos-upgrade-iwl3945-firmware centos-upgrade-iwl4965-firmware centos-upgrade-iwl5000-firmware centos-upgrade-iwl5150-firmware centos-upgrade-iwl6000-firmware centos-upgrade-iwl6000g2a-firmware centos-upgrade-iwl6000g2b-firmware centos-upgrade-iwl6050-firmware centos-upgrade-iwl7260-firmware centos-upgrade-linux-firmware References CVE-2022-36351

CentOS Linux: CVE-2022-46329: Important: linux-firmware security update (CESA-2024:3939) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) centos-upgrade-iwl100-firmware centos-upgrade-iwl1000-firmware centos-upgrade-iwl105-firmware centos-upgrade-iwl135-firmware centos-upgrade-iwl2000-firmware centos-upgrade-iwl2030-firmware centos-upgrade-iwl3160-firmware centos-upgrade-iwl3945-firmware centos-upgrade-iwl4965-firmware centos-upgrade-iwl5000-firmware centos-upgrade-iwl5150-firmware centos-upgrade-iwl6000-firmware centos-upgrade-iwl6000g2a-firmware centos-upgrade-iwl6000g2b-firmware centos-upgrade-iwl6050-firmware centos-upgrade-iwl7260-firmware centos-upgrade-linux-firmware References CVE-2022-46329

CentOS Linux: CVE-2022-40982: Important: kernel security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2022-40982

Amazon Linux AMI 2: CVE-2023-39417: Security patch for postgresql (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/11/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/30/2025 Description IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. Solution(s) amazon-linux-ami-2-upgrade-postgresql amazon-linux-ami-2-upgrade-postgresql-contrib amazon-linux-ami-2-upgrade-postgresql-debuginfo amazon-linux-ami-2-upgrade-postgresql-docs amazon-linux-ami-2-upgrade-postgresql-llvmjit amazon-linux-ami-2-upgrade-postgresql-plperl amazon-linux-ami-2-upgrade-postgresql-plpython2 amazon-linux-ami-2-upgrade-postgresql-plpython3 amazon-linux-ami-2-upgrade-postgresql-pltcl amazon-linux-ami-2-upgrade-postgresql-private-devel amazon-linux-ami-2-upgrade-postgresql-private-libs amazon-linux-ami-2-upgrade-postgresql-server amazon-linux-ami-2-upgrade-postgresql-server-devel amazon-linux-ami-2-upgrade-postgresql-static amazon-linux-ami-2-upgrade-postgresql-test amazon-linux-ami-2-upgrade-postgresql-test-rpm-macros amazon-linux-ami-2-upgrade-postgresql-upgrade amazon-linux-ami-2-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2023-39417 AL2/ALASPOSTGRESQL11-2023-004 AL2/ALASPOSTGRESQL12-2023-005 AL2/ALASPOSTGRESQL13-2023-004 AL2/ALASPOSTGRESQL14-2023-003 CVE - 2023-39417

Amazon Linux AMI 2: CVE-2023-28736: Security patch for mdadm (ALAS-2023-2275) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) amazon-linux-ami-2-upgrade-mdadm amazon-linux-ami-2-upgrade-mdadm-debuginfo References https://attackerkb.com/topics/cve-2023-28736 AL2/ALAS-2023-2275 CVE - 2023-28736

SUSE: CVE-2023-39418: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 08/11/2023 Created 08/18/2023 Added 08/18/2023 Modified 01/28/2025 Description A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. Solution(s) suse-upgrade-libecpg6 suse-upgrade-libecpg6-32bit suse-upgrade-libpq5 suse-upgrade-libpq5-32bit suse-upgrade-postgresql15 suse-upgrade-postgresql15-contrib suse-upgrade-postgresql15-devel suse-upgrade-postgresql15-docs suse-upgrade-postgresql15-llvmjit suse-upgrade-postgresql15-llvmjit-devel suse-upgrade-postgresql15-plperl suse-upgrade-postgresql15-plpython suse-upgrade-postgresql15-pltcl suse-upgrade-postgresql15-server suse-upgrade-postgresql15-server-devel suse-upgrade-postgresql15-test References https://attackerkb.com/topics/cve-2023-39418 CVE - 2023-39418

Amazon Linux AMI 2: CVE-2023-3824: Security patch for php (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 09/14/2023 Added 09/14/2023 Modified 01/28/2025 Description In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2023-3824 AL2/ALASPHP8.0-2023-009 AL2/ALASPHP8.1-2023-004 AL2/ALASPHP8.2-2023-002 CVE - 2023-3824

SUSE: CVE-2020-36024: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. Solution(s) suse-upgrade-libpoppler-cpp0 suse-upgrade-libpoppler-devel suse-upgrade-libpoppler-glib-devel suse-upgrade-libpoppler-glib8 suse-upgrade-libpoppler-qt4-4 suse-upgrade-libpoppler-qt4-devel suse-upgrade-libpoppler44 suse-upgrade-libpoppler60 suse-upgrade-libpoppler73 suse-upgrade-libpoppler73-32bit suse-upgrade-libpoppler89 suse-upgrade-libpoppler89-32bit suse-upgrade-poppler-tools suse-upgrade-typelib-1_0-poppler-0_18 References https://attackerkb.com/topics/cve-2020-36024 CVE - 2020-36024

CentOS Linux: CVE-2023-3823: Important: php security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/11/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. Solution(s) centos-upgrade-apcu-panel centos-upgrade-libzip centos-upgrade-libzip-debuginfo centos-upgrade-libzip-debugsource centos-upgrade-libzip-devel centos-upgrade-libzip-tools centos-upgrade-libzip-tools-debuginfo centos-upgrade-php centos-upgrade-php-bcmath centos-upgrade-php-bcmath-debuginfo centos-upgrade-php-cli centos-upgrade-php-cli-debuginfo centos-upgrade-php-common centos-upgrade-php-common-debuginfo centos-upgrade-php-dba centos-upgrade-php-dba-debuginfo centos-upgrade-php-dbg centos-upgrade-php-dbg-debuginfo centos-upgrade-php-debuginfo centos-upgrade-php-debugsource centos-upgrade-php-devel centos-upgrade-php-embedded centos-upgrade-php-embedded-debuginfo centos-upgrade-php-enchant centos-upgrade-php-enchant-debuginfo centos-upgrade-php-ffi centos-upgrade-php-ffi-debuginfo centos-upgrade-php-fpm centos-upgrade-php-fpm-debuginfo centos-upgrade-php-gd centos-upgrade-php-gd-debuginfo centos-upgrade-php-gmp centos-upgrade-php-gmp-debuginfo centos-upgrade-php-intl centos-upgrade-php-intl-debuginfo centos-upgrade-php-ldap centos-upgrade-php-ldap-debuginfo centos-upgrade-php-mbstring centos-upgrade-php-mbstring-debuginfo centos-upgrade-php-mysqlnd centos-upgrade-php-mysqlnd-debuginfo centos-upgrade-php-odbc centos-upgrade-php-odbc-debuginfo centos-upgrade-php-opcache centos-upgrade-php-opcache-debuginfo centos-upgrade-php-pdo centos-upgrade-php-pdo-debuginfo centos-upgrade-php-pear centos-upgrade-php-pecl-apcu centos-upgrade-php-pecl-apcu-debuginfo centos-upgrade-php-pecl-apcu-debugsource centos-upgrade-php-pecl-apcu-devel centos-upgrade-php-pecl-rrd centos-upgrade-php-pecl-rrd-debuginfo centos-upgrade-php-pecl-rrd-debugsource centos-upgrade-php-pecl-xdebug3 centos-upgrade-php-pecl-xdebug3-debuginfo centos-upgrade-php-pecl-xdebug3-debugsource centos-upgrade-php-pecl-zip centos-upgrade-php-pecl-zip-debuginfo centos-upgrade-php-pecl-zip-debugsource centos-upgrade-php-pgsql centos-upgrade-php-pgsql-debuginfo centos-upgrade-php-process centos-upgrade-php-process-debuginfo centos-upgrade-php-snmp centos-upgrade-php-snmp-debuginfo centos-upgrade-php-soap centos-upgrade-php-soap-debuginfo centos-upgrade-php-xml centos-upgrade-php-xml-debuginfo References CVE-2023-3823

Alpine Linux: CVE-2023-3824: Improper Restriction of Operations within the Bounds of a Memory Buffer Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. Solution(s) alpine-linux-upgrade-php8 alpine-linux-upgrade-php81 References https://attackerkb.com/topics/cve-2023-3824 CVE - 2023-3824 https://security.alpinelinux.org/vuln/CVE-2023-3824

Rocky Linux: CVE-2023-39418: postgresql-15 (RLSA-2023-7785) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 08/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. Solution(s) rocky-upgrade-pg_repack rocky-upgrade-pg_repack-debuginfo rocky-upgrade-pg_repack-debugsource rocky-upgrade-pgaudit rocky-upgrade-pgaudit-debuginfo rocky-upgrade-pgaudit-debugsource rocky-upgrade-postgres-decoderbufs rocky-upgrade-postgres-decoderbufs-debuginfo rocky-upgrade-postgres-decoderbufs-debugsource References https://attackerkb.com/topics/cve-2023-39418 CVE - 2023-39418 https://errata.rockylinux.org/RLSA-2023:7785

Debian: CVE-2023-28938: mdadm -- security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 08/11/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. Solution(s) debian-upgrade-mdadm References https://attackerkb.com/topics/cve-2023-28938 CVE - 2023-28938

SUSE: CVE-2022-40982: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/11/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-ec2 suse-upgrade-kernel-ec2-base suse-upgrade-kernel-ec2-devel suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-trace suse-upgrade-kernel-trace-base suse-upgrade-kernel-trace-devel suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-xen suse-upgrade-kernel-xen-base suse-upgrade-kernel-xen-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt suse-upgrade-ucode-intel suse-upgrade-xen suse-upgrade-xen-devel suse-upgrade-xen-doc-html suse-upgrade-xen-libs suse-upgrade-xen-libs-32bit suse-upgrade-xen-tools suse-upgrade-xen-tools-domu suse-upgrade-xen-tools-xendomains-wait-disk References https://attackerkb.com/topics/cve-2022-40982 CVE - 2022-40982

Alma Linux: CVE-2023-3823: Important: php:8.0 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/11/2023 Created 10/24/2023 Added 10/23/2023 Modified 02/11/2025 Description In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-3823 CVE - 2023-3823 https://errata.almalinux.org/8/ALSA-2023-5927.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2023-5926.html https://errata.almalinux.org/9/ALSA-2024-0387.html