ISHACK AI BOT

Alma Linux: CVE-2022-27635: Important: linux-firmware security, bug fix, and enhancement update (ALSA-2023-6595) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/11/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) alma-upgrade-iwl100-firmware alma-upgrade-iwl1000-firmware alma-upgrade-iwl105-firmware alma-upgrade-iwl135-firmware alma-upgrade-iwl2000-firmware alma-upgrade-iwl2030-firmware alma-upgrade-iwl3160-firmware alma-upgrade-iwl5000-firmware alma-upgrade-iwl5150-firmware alma-upgrade-iwl6000g2a-firmware alma-upgrade-iwl6000g2b-firmware alma-upgrade-iwl6050-firmware alma-upgrade-iwl7260-firmware alma-upgrade-libertas-sd8787-firmware alma-upgrade-linux-firmware alma-upgrade-linux-firmware-whence alma-upgrade-netronome-firmware References https://attackerkb.com/topics/cve-2022-27635 CVE - 2022-27635 https://errata.almalinux.org/9/ALSA-2023-6595.html

Alma Linux: CVE-2023-3824: Important: php:8.0 security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 10/24/2023 Added 10/23/2023 Modified 02/11/2025 Description In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-3824 CVE - 2023-3824 https://errata.almalinux.org/8/ALSA-2023-5927.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2023-5926.html https://errata.almalinux.org/9/ALSA-2024-0387.html

Huawei EulerOS: CVE-2022-40982: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-40982 CVE - 2022-40982 EulerOS-SA-2023-3217

FFmpeg: CVE-2020-36138: NULL Pointer Dereference Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 08/18/2023 Added 08/18/2023 Modified 01/28/2025 Description An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). Solution(s) misc-no-solution-exists References https://attackerkb.com/topics/cve-2020-36138 CVE - 2020-36138

Ubuntu: USN-6306-1 (CVE-2023-39947): Fast DDS vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue. Solution(s) ubuntu-pro-upgrade-fastdds-tools ubuntu-pro-upgrade-libfastrtps2-5 ubuntu-pro-upgrade-libfastrtps2-9 References https://attackerkb.com/topics/cve-2023-39947 CVE - 2023-39947 USN-6306-1

Ubuntu: (Multiple Advisories) (CVE-2023-25775): Linux kernel (OEM) vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1033-gkeop ubuntu-upgrade-linux-image-5-15-0-1041-nvidia ubuntu-upgrade-linux-image-5-15-0-1041-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1043-ibm ubuntu-upgrade-linux-image-5-15-0-1043-raspi ubuntu-upgrade-linux-image-5-15-0-1045-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1047-gcp ubuntu-upgrade-linux-image-5-15-0-1047-gke ubuntu-upgrade-linux-image-5-15-0-1047-kvm ubuntu-upgrade-linux-image-5-15-0-1048-oracle ubuntu-upgrade-linux-image-5-15-0-1050-aws ubuntu-upgrade-linux-image-5-15-0-1052-azure ubuntu-upgrade-linux-image-5-15-0-1052-azure-fde ubuntu-upgrade-linux-image-5-15-0-89-generic ubuntu-upgrade-linux-image-5-15-0-89-generic-64k ubuntu-upgrade-linux-image-5-15-0-89-generic-lpae ubuntu-upgrade-linux-image-5-15-0-89-lowlatency ubuntu-upgrade-linux-image-5-15-0-89-lowlatency-64k ubuntu-upgrade-linux-image-6-1-0-1023-oem ubuntu-upgrade-linux-image-6-2-0-1009-starfive ubuntu-upgrade-linux-image-6-2-0-1012-nvidia ubuntu-upgrade-linux-image-6-2-0-1012-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1016-aws ubuntu-upgrade-linux-image-6-2-0-1016-oracle ubuntu-upgrade-linux-image-6-2-0-1017-azure ubuntu-upgrade-linux-image-6-2-0-1017-azure-fde ubuntu-upgrade-linux-image-6-2-0-1017-kvm ubuntu-upgrade-linux-image-6-2-0-1017-lowlatency ubuntu-upgrade-linux-image-6-2-0-1017-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1017-raspi ubuntu-upgrade-linux-image-6-2-0-1019-gcp ubuntu-upgrade-linux-image-6-2-0-37-generic ubuntu-upgrade-linux-image-6-2-0-37-generic-64k ubuntu-upgrade-linux-image-6-2-0-37-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-25775 CVE - 2023-25775 USN-6415-1 USN-6496-1 USN-6496-2 USN-6502-1 USN-6502-2 USN-6502-3 USN-6502-4 USN-6516-1 USN-6520-1 View more

Ubuntu: (Multiple Advisories) (CVE-2023-3823): PHP vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/11/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. Solution(s) ubuntu-pro-upgrade-libapache2-mod-php7-0 ubuntu-pro-upgrade-libapache2-mod-php7-2 ubuntu-pro-upgrade-libapache2-mod-php7-4 ubuntu-pro-upgrade-libapache2-mod-php8-1 ubuntu-pro-upgrade-php7-0 ubuntu-pro-upgrade-php7-0-cgi ubuntu-pro-upgrade-php7-0-cli ubuntu-pro-upgrade-php7-0-fpm ubuntu-pro-upgrade-php7-0-xml ubuntu-pro-upgrade-php7-2 ubuntu-pro-upgrade-php7-2-cgi ubuntu-pro-upgrade-php7-2-cli ubuntu-pro-upgrade-php7-2-fpm ubuntu-pro-upgrade-php7-2-xml ubuntu-pro-upgrade-php7-4 ubuntu-pro-upgrade-php7-4-cgi ubuntu-pro-upgrade-php7-4-cli ubuntu-pro-upgrade-php7-4-fpm ubuntu-pro-upgrade-php7-4-xml ubuntu-pro-upgrade-php8-1 ubuntu-pro-upgrade-php8-1-cgi ubuntu-pro-upgrade-php8-1-cli ubuntu-pro-upgrade-php8-1-fpm ubuntu-pro-upgrade-php8-1-xml References https://attackerkb.com/topics/cve-2023-3823 CVE - 2023-3823 USN-6305-1 USN-6305-2 USN-6305-3

Red Hat: CVE-2022-38076: Improper input validation in some Intel(R) PROSet/Wireless WiFi (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) redhat-upgrade-iwl100-firmware redhat-upgrade-iwl1000-firmware redhat-upgrade-iwl105-firmware redhat-upgrade-iwl135-firmware redhat-upgrade-iwl2000-firmware redhat-upgrade-iwl2030-firmware redhat-upgrade-iwl3160-firmware redhat-upgrade-iwl3945-firmware redhat-upgrade-iwl4965-firmware redhat-upgrade-iwl5000-firmware redhat-upgrade-iwl5150-firmware redhat-upgrade-iwl6000-firmware redhat-upgrade-iwl6000g2a-firmware redhat-upgrade-iwl6000g2b-firmware redhat-upgrade-iwl6050-firmware redhat-upgrade-iwl7260-firmware redhat-upgrade-libertas-sd8787-firmware redhat-upgrade-linux-firmware redhat-upgrade-linux-firmware-whence redhat-upgrade-netronome-firmware References CVE-2022-38076 RHSA-2023:6595 RHSA-2024:3939

Red Hat: CVE-2022-40982: hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-40982 RHSA-2023:6583 RHSA-2023:6901 RHSA-2023:7077 RHSA-2023:7370 RHSA-2023:7379 RHSA-2023:7423 RHSA-2023:7424 RHSA-2023:7539 RHSA-2024:0412 RHSA-2024:1250 RHSA-2024:1306 View more

Huawei EulerOS: CVE-2023-25775: kernel security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-25775 CVE - 2023-25775 EulerOS-SA-2024-1275

Alma Linux: CVE-2023-39418: Important: postgresql:15 security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 08/11/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. Solution(s) alma-upgrade-pg_repack alma-upgrade-pgaudit alma-upgrade-postgres-decoderbufs alma-upgrade-postgresql alma-upgrade-postgresql-contrib alma-upgrade-postgresql-docs alma-upgrade-postgresql-plperl alma-upgrade-postgresql-plpython3 alma-upgrade-postgresql-pltcl alma-upgrade-postgresql-private-devel alma-upgrade-postgresql-private-libs alma-upgrade-postgresql-server alma-upgrade-postgresql-server-devel alma-upgrade-postgresql-static alma-upgrade-postgresql-test alma-upgrade-postgresql-test-rpm-macros alma-upgrade-postgresql-upgrade alma-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2023-39418 CVE - 2023-39418 https://errata.almalinux.org/8/ALSA-2023-7884.html https://errata.almalinux.org/9/ALSA-2023-7785.html

Huawei EulerOS: CVE-2023-3823: php security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/11/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. Solution(s) huawei-euleros-2_0_sp8-upgrade-php huawei-euleros-2_0_sp8-upgrade-php-cli huawei-euleros-2_0_sp8-upgrade-php-common huawei-euleros-2_0_sp8-upgrade-php-fpm huawei-euleros-2_0_sp8-upgrade-php-gd huawei-euleros-2_0_sp8-upgrade-php-ldap huawei-euleros-2_0_sp8-upgrade-php-odbc huawei-euleros-2_0_sp8-upgrade-php-pdo huawei-euleros-2_0_sp8-upgrade-php-process huawei-euleros-2_0_sp8-upgrade-php-recode huawei-euleros-2_0_sp8-upgrade-php-soap huawei-euleros-2_0_sp8-upgrade-php-xml huawei-euleros-2_0_sp8-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-3823 CVE - 2023-3823 EulerOS-SA-2024-1288

Huawei EulerOS: CVE-2023-3824: php security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. Solution(s) huawei-euleros-2_0_sp8-upgrade-php huawei-euleros-2_0_sp8-upgrade-php-cli huawei-euleros-2_0_sp8-upgrade-php-common huawei-euleros-2_0_sp8-upgrade-php-fpm huawei-euleros-2_0_sp8-upgrade-php-gd huawei-euleros-2_0_sp8-upgrade-php-ldap huawei-euleros-2_0_sp8-upgrade-php-odbc huawei-euleros-2_0_sp8-upgrade-php-pdo huawei-euleros-2_0_sp8-upgrade-php-process huawei-euleros-2_0_sp8-upgrade-php-recode huawei-euleros-2_0_sp8-upgrade-php-soap huawei-euleros-2_0_sp8-upgrade-php-xml huawei-euleros-2_0_sp8-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-3824 CVE - 2023-3824 EulerOS-SA-2023-3145

PHP Vulnerability: CVE-2023-3824 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/11/2023 Created 08/28/2023 Added 08/23/2023 Modified 01/28/2025 Description In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. Solution(s) php-upgrade-8_0_30 php-upgrade-8_1_22 php-upgrade-8_2_8 References https://attackerkb.com/topics/cve-2023-3824 CVE - 2023-3824

SUSE: CVE-2023-3823: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/11/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. Solution(s) suse-upgrade-apache2-mod_php7 suse-upgrade-apache2-mod_php74 suse-upgrade-apache2-mod_php8 suse-upgrade-php7 suse-upgrade-php7-bcmath suse-upgrade-php7-bz2 suse-upgrade-php7-calendar suse-upgrade-php7-cli suse-upgrade-php7-ctype suse-upgrade-php7-curl suse-upgrade-php7-dba suse-upgrade-php7-devel suse-upgrade-php7-dom suse-upgrade-php7-embed suse-upgrade-php7-enchant suse-upgrade-php7-exif suse-upgrade-php7-fastcgi suse-upgrade-php7-fileinfo suse-upgrade-php7-firebird suse-upgrade-php7-fpm suse-upgrade-php7-ftp suse-upgrade-php7-gd suse-upgrade-php7-gettext suse-upgrade-php7-gmp suse-upgrade-php7-iconv suse-upgrade-php7-intl suse-upgrade-php7-json suse-upgrade-php7-ldap suse-upgrade-php7-mbstring suse-upgrade-php7-mysql suse-upgrade-php7-odbc suse-upgrade-php7-opcache suse-upgrade-php7-openssl suse-upgrade-php7-pcntl suse-upgrade-php7-pdo suse-upgrade-php7-pgsql suse-upgrade-php7-phar suse-upgrade-php7-posix suse-upgrade-php7-readline suse-upgrade-php7-shmop suse-upgrade-php7-snmp suse-upgrade-php7-soap suse-upgrade-php7-sockets suse-upgrade-php7-sodium suse-upgrade-php7-sqlite suse-upgrade-php7-sysvmsg suse-upgrade-php7-sysvsem suse-upgrade-php7-sysvshm suse-upgrade-php7-test suse-upgrade-php7-tidy suse-upgrade-php7-tokenizer suse-upgrade-php7-xmlreader suse-upgrade-php7-xmlrpc suse-upgrade-php7-xmlwriter suse-upgrade-php7-xsl suse-upgrade-php7-zip suse-upgrade-php7-zlib suse-upgrade-php74 suse-upgrade-php74-bcmath suse-upgrade-php74-bz2 suse-upgrade-php74-calendar suse-upgrade-php74-ctype suse-upgrade-php74-curl suse-upgrade-php74-dba suse-upgrade-php74-devel suse-upgrade-php74-dom suse-upgrade-php74-enchant suse-upgrade-php74-exif suse-upgrade-php74-fastcgi suse-upgrade-php74-fileinfo suse-upgrade-php74-fpm suse-upgrade-php74-ftp suse-upgrade-php74-gd suse-upgrade-php74-gettext suse-upgrade-php74-gmp suse-upgrade-php74-iconv suse-upgrade-php74-intl suse-upgrade-php74-json suse-upgrade-php74-ldap suse-upgrade-php74-mbstring suse-upgrade-php74-mysql suse-upgrade-php74-odbc suse-upgrade-php74-opcache suse-upgrade-php74-openssl suse-upgrade-php74-pcntl suse-upgrade-php74-pdo suse-upgrade-php74-pgsql suse-upgrade-php74-phar suse-upgrade-php74-posix suse-upgrade-php74-readline suse-upgrade-php74-shmop suse-upgrade-php74-snmp suse-upgrade-php74-soap suse-upgrade-php74-sockets suse-upgrade-php74-sodium suse-upgrade-php74-sqlite suse-upgrade-php74-sysvmsg suse-upgrade-php74-sysvsem suse-upgrade-php74-sysvshm suse-upgrade-php74-tidy suse-upgrade-php74-tokenizer suse-upgrade-php74-xmlreader suse-upgrade-php74-xmlrpc suse-upgrade-php74-xmlwriter suse-upgrade-php74-xsl suse-upgrade-php74-zip suse-upgrade-php74-zlib suse-upgrade-php8 suse-upgrade-php8-bcmath suse-upgrade-php8-bz2 suse-upgrade-php8-calendar suse-upgrade-php8-cli suse-upgrade-php8-ctype suse-upgrade-php8-curl suse-upgrade-php8-dba suse-upgrade-php8-devel suse-upgrade-php8-dom suse-upgrade-php8-embed suse-upgrade-php8-enchant suse-upgrade-php8-exif suse-upgrade-php8-fastcgi suse-upgrade-php8-fileinfo suse-upgrade-php8-fpm suse-upgrade-php8-ftp suse-upgrade-php8-gd suse-upgrade-php8-gettext suse-upgrade-php8-gmp suse-upgrade-php8-iconv suse-upgrade-php8-intl suse-upgrade-php8-ldap suse-upgrade-php8-mbstring suse-upgrade-php8-mysql suse-upgrade-php8-odbc suse-upgrade-php8-opcache suse-upgrade-php8-openssl suse-upgrade-php8-pcntl suse-upgrade-php8-pdo suse-upgrade-php8-pgsql suse-upgrade-php8-phar suse-upgrade-php8-posix suse-upgrade-php8-readline suse-upgrade-php8-shmop suse-upgrade-php8-snmp suse-upgrade-php8-soap suse-upgrade-php8-sockets suse-upgrade-php8-sodium suse-upgrade-php8-sqlite suse-upgrade-php8-sysvmsg suse-upgrade-php8-sysvsem suse-upgrade-php8-sysvshm suse-upgrade-php8-test suse-upgrade-php8-tidy suse-upgrade-php8-tokenizer suse-upgrade-php8-xmlreader suse-upgrade-php8-xmlwriter suse-upgrade-php8-xsl suse-upgrade-php8-zip suse-upgrade-php8-zlib References https://attackerkb.com/topics/cve-2023-3823 CVE - 2023-3823

SUSE: CVE-2023-39417: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/11/2023 Created 08/18/2023 Added 08/18/2023 Modified 01/28/2025 Description IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. Solution(s) suse-upgrade-libecpg6 suse-upgrade-libecpg6-32bit suse-upgrade-libpq5 suse-upgrade-libpq5-32bit suse-upgrade-postgresql12 suse-upgrade-postgresql12-contrib suse-upgrade-postgresql12-devel suse-upgrade-postgresql12-docs suse-upgrade-postgresql12-llvmjit suse-upgrade-postgresql12-llvmjit-devel suse-upgrade-postgresql12-plperl suse-upgrade-postgresql12-plpython suse-upgrade-postgresql12-pltcl suse-upgrade-postgresql12-server suse-upgrade-postgresql12-server-devel suse-upgrade-postgresql12-test suse-upgrade-postgresql13 suse-upgrade-postgresql13-contrib suse-upgrade-postgresql13-devel suse-upgrade-postgresql13-docs suse-upgrade-postgresql13-llvmjit suse-upgrade-postgresql13-llvmjit-devel suse-upgrade-postgresql13-plperl suse-upgrade-postgresql13-plpython suse-upgrade-postgresql13-pltcl suse-upgrade-postgresql13-server suse-upgrade-postgresql13-server-devel suse-upgrade-postgresql13-test suse-upgrade-postgresql14 suse-upgrade-postgresql14-contrib suse-upgrade-postgresql14-devel suse-upgrade-postgresql14-docs suse-upgrade-postgresql14-llvmjit suse-upgrade-postgresql14-llvmjit-devel suse-upgrade-postgresql14-plperl suse-upgrade-postgresql14-plpython suse-upgrade-postgresql14-pltcl suse-upgrade-postgresql14-server suse-upgrade-postgresql14-server-devel suse-upgrade-postgresql14-test suse-upgrade-postgresql15 suse-upgrade-postgresql15-contrib suse-upgrade-postgresql15-devel suse-upgrade-postgresql15-docs suse-upgrade-postgresql15-llvmjit suse-upgrade-postgresql15-llvmjit-devel suse-upgrade-postgresql15-plperl suse-upgrade-postgresql15-plpython suse-upgrade-postgresql15-pltcl suse-upgrade-postgresql15-server suse-upgrade-postgresql15-server-devel suse-upgrade-postgresql15-test References https://attackerkb.com/topics/cve-2023-39417 CVE - 2023-39417

Debian: CVE-2021-28429: ffmpeg -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/11/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. Solution(s) debian-upgrade-ffmpeg References https://attackerkb.com/topics/cve-2021-28429 CVE - 2021-28429

Rocky Linux: CVE-2023-39417: postgresql-15 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. Solution(s) rocky-upgrade-pg_repack rocky-upgrade-pg_repack-debuginfo rocky-upgrade-pg_repack-debugsource rocky-upgrade-pgaudit rocky-upgrade-pgaudit-debuginfo rocky-upgrade-pgaudit-debugsource rocky-upgrade-postgres-decoderbufs rocky-upgrade-postgres-decoderbufs-debuginfo rocky-upgrade-postgres-decoderbufs-debugsource rocky-upgrade-postgresql rocky-upgrade-postgresql-contrib rocky-upgrade-postgresql-contrib-debuginfo rocky-upgrade-postgresql-debuginfo rocky-upgrade-postgresql-debugsource rocky-upgrade-postgresql-docs rocky-upgrade-postgresql-docs-debuginfo rocky-upgrade-postgresql-plperl rocky-upgrade-postgresql-plperl-debuginfo rocky-upgrade-postgresql-plpython3 rocky-upgrade-postgresql-plpython3-debuginfo rocky-upgrade-postgresql-pltcl rocky-upgrade-postgresql-pltcl-debuginfo rocky-upgrade-postgresql-server rocky-upgrade-postgresql-server-debuginfo rocky-upgrade-postgresql-server-devel rocky-upgrade-postgresql-server-devel-debuginfo rocky-upgrade-postgresql-static rocky-upgrade-postgresql-test rocky-upgrade-postgresql-test-debuginfo rocky-upgrade-postgresql-upgrade rocky-upgrade-postgresql-upgrade-debuginfo rocky-upgrade-postgresql-upgrade-devel rocky-upgrade-postgresql-upgrade-devel-debuginfo References https://attackerkb.com/topics/cve-2023-39417 CVE - 2023-39417 https://errata.rockylinux.org/RLSA-2023:7581 https://errata.rockylinux.org/RLSA-2023:7714 https://errata.rockylinux.org/RLSA-2023:7785

Amazon Linux AMI 2: CVE-2020-36023: Security patch for poppler (ALAS-2023-2281) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. Solution(s) amazon-linux-ami-2-upgrade-poppler amazon-linux-ami-2-upgrade-poppler-cpp amazon-linux-ami-2-upgrade-poppler-cpp-devel amazon-linux-ami-2-upgrade-poppler-debuginfo amazon-linux-ami-2-upgrade-poppler-demos amazon-linux-ami-2-upgrade-poppler-devel amazon-linux-ami-2-upgrade-poppler-glib amazon-linux-ami-2-upgrade-poppler-glib-devel amazon-linux-ami-2-upgrade-poppler-qt amazon-linux-ami-2-upgrade-poppler-qt-devel amazon-linux-ami-2-upgrade-poppler-utils References https://attackerkb.com/topics/cve-2020-36023 AL2/ALAS-2023-2281 CVE - 2020-36023

Debian: CVE-2021-25786: qpdf -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/11/2023 Created 08/31/2023 Added 08/31/2023 Modified 09/29/2023 Description An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. Solution(s) debian-upgrade-qpdf References https://attackerkb.com/topics/cve-2021-25786 CVE - 2021-25786 DLA-3548-1

CentOS Linux: CVE-2023-39417: Important: postgresql:13 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/11/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. Solution(s) centos-upgrade-pg_repack centos-upgrade-pg_repack-debuginfo centos-upgrade-pg_repack-debugsource centos-upgrade-pgaudit centos-upgrade-pgaudit-debuginfo centos-upgrade-pgaudit-debugsource centos-upgrade-postgres-decoderbufs centos-upgrade-postgres-decoderbufs-debuginfo centos-upgrade-postgres-decoderbufs-debugsource centos-upgrade-postgresql centos-upgrade-postgresql-contrib centos-upgrade-postgresql-contrib-debuginfo centos-upgrade-postgresql-debuginfo centos-upgrade-postgresql-debugsource centos-upgrade-postgresql-docs centos-upgrade-postgresql-docs-debuginfo centos-upgrade-postgresql-plperl centos-upgrade-postgresql-plperl-debuginfo centos-upgrade-postgresql-plpython3 centos-upgrade-postgresql-plpython3-debuginfo centos-upgrade-postgresql-pltcl centos-upgrade-postgresql-pltcl-debuginfo centos-upgrade-postgresql-private-devel centos-upgrade-postgresql-private-libs centos-upgrade-postgresql-private-libs-debuginfo centos-upgrade-postgresql-server centos-upgrade-postgresql-server-debuginfo centos-upgrade-postgresql-server-devel centos-upgrade-postgresql-server-devel-debuginfo centos-upgrade-postgresql-static centos-upgrade-postgresql-test centos-upgrade-postgresql-test-debuginfo centos-upgrade-postgresql-test-rpm-macros centos-upgrade-postgresql-upgrade centos-upgrade-postgresql-upgrade-debuginfo centos-upgrade-postgresql-upgrade-devel centos-upgrade-postgresql-upgrade-devel-debuginfo References CVE-2023-39417

CentOS Linux: CVE-2022-38076: Important: linux-firmware security update (CESA-2024:3939) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) centos-upgrade-iwl100-firmware centos-upgrade-iwl1000-firmware centos-upgrade-iwl105-firmware centos-upgrade-iwl135-firmware centos-upgrade-iwl2000-firmware centos-upgrade-iwl2030-firmware centos-upgrade-iwl3160-firmware centos-upgrade-iwl3945-firmware centos-upgrade-iwl4965-firmware centos-upgrade-iwl5000-firmware centos-upgrade-iwl5150-firmware centos-upgrade-iwl6000-firmware centos-upgrade-iwl6000g2a-firmware centos-upgrade-iwl6000g2b-firmware centos-upgrade-iwl6050-firmware centos-upgrade-iwl7260-firmware centos-upgrade-linux-firmware References CVE-2022-38076

Debian: CVE-2023-23908: intel-microcode -- security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 08/11/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Solution(s) debian-upgrade-intel-microcode References https://attackerkb.com/topics/cve-2023-23908 CVE - 2023-23908 DSA-5474-1

Debian: CVE-2022-41804: intel-microcode -- security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/11/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) debian-upgrade-intel-microcode References https://attackerkb.com/topics/cve-2022-41804 CVE - 2022-41804 DSA-5474-1

Debian: CVE-2022-46329: firmware-nonfree -- security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/11/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) debian-upgrade-firmware-nonfree References https://attackerkb.com/topics/cve-2022-46329 CVE - 2022-46329 DLA-3596-1