ISHACK AI BOT

Huawei EulerOS: CVE-2023-3327: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/08/2023 Created 08/10/2023 Added 08/09/2023 Modified 11/08/2023 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3327 CVE - 2023-3327 EulerOS-SA-2023-2584

Huawei EulerOS: CVE-2023-32611: glib2 security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/08/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) huawei-euleros-2_0_sp9-upgrade-glib2 References https://attackerkb.com/topics/cve-2023-32611 CVE - 2023-32611 EulerOS-SA-2023-2612

Alma Linux: CVE-2023-39976: Moderate: libqb security update (ALSA-2023-6578) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/08/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. Solution(s) alma-upgrade-libqb alma-upgrade-libqb-devel References https://attackerkb.com/topics/cve-2023-39976 CVE - 2023-39976 https://errata.almalinux.org/9/ALSA-2023-6578.html

Zoom: CVE-2023-39209: Zoom Desktop Client for Windows - Improper Input Validation Severity 6 CVSS (AV:N/AC:H/Au:S/C:C/I:N/A:P) Published 08/08/2023 Created 11/16/2023 Added 11/14/2023 Modified 01/08/2025 Description Improper input validation in Zoom Desktop Client for Windows before version 5.15.5 may allow an authenticated user to enable an information disclosure via network access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-39209 CVE - 2023-39209 https://explore.zoom.us/en/trust/security/security-bulletin

Red Hat: CVE-2023-38180: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/08/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-6-0 redhat-upgrade-aspnetcore-runtime-7-0 redhat-upgrade-aspnetcore-targeting-pack-6-0 redhat-upgrade-aspnetcore-targeting-pack-7-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-6-0 redhat-upgrade-dotnet-apphost-pack-6-0-debuginfo redhat-upgrade-dotnet-apphost-pack-7-0 redhat-upgrade-dotnet-apphost-pack-7-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-6-0 redhat-upgrade-dotnet-hostfxr-6-0-debuginfo redhat-upgrade-dotnet-hostfxr-7-0 redhat-upgrade-dotnet-hostfxr-7-0-debuginfo redhat-upgrade-dotnet-runtime-6-0 redhat-upgrade-dotnet-runtime-6-0-debuginfo redhat-upgrade-dotnet-runtime-7-0 redhat-upgrade-dotnet-runtime-7-0-debuginfo redhat-upgrade-dotnet-sdk-6-0 redhat-upgrade-dotnet-sdk-6-0-debuginfo redhat-upgrade-dotnet-sdk-6-0-source-built-artifacts redhat-upgrade-dotnet-sdk-7-0 redhat-upgrade-dotnet-sdk-7-0-debuginfo redhat-upgrade-dotnet-sdk-7-0-source-built-artifacts redhat-upgrade-dotnet-targeting-pack-6-0 redhat-upgrade-dotnet-targeting-pack-7-0 redhat-upgrade-dotnet-templates-6-0 redhat-upgrade-dotnet-templates-7-0 redhat-upgrade-dotnet6-0-debuginfo redhat-upgrade-dotnet6-0-debugsource redhat-upgrade-dotnet7-0-debuginfo redhat-upgrade-dotnet7-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-38180 RHSA-2023:4639 RHSA-2023:4640 RHSA-2023:4642 RHSA-2023:4643 RHSA-2023:4644 RHSA-2023:4645 View more

Ubuntu: (Multiple Advisories) (CVE-2021-3838): Dompdf vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/08/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code. Solution(s) ubuntu-pro-upgrade-php-dompdf References https://attackerkb.com/topics/cve-2021-3838 CVE - 2021-3838 USN-6277-1 USN-6277-2

Amazon Linux AMI: CVE-2023-20588: Security patch for kernel (ALAS-2023-1819) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 09/13/2023 Added 09/11/2023 Modified 01/28/2025 Description A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1819 CVE-2023-20588

Alpine Linux: CVE-2023-38180: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/08/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime alpine-linux-upgrade-dotnet7-build alpine-linux-upgrade-dotnet7-runtime References https://attackerkb.com/topics/cve-2023-38180 CVE - 2023-38180 https://security.alpinelinux.org/vuln/CVE-2023-38180

Adobe Acrobat: CVE-2023-38231: Security updates available for Adobe Acrobat and Reader (APSB23-30) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/08/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to application denial-of-service, security feature bypass, memory leak and arbitrary code execution . Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-38231 https://helpx.adobe.com/security/products/acrobat/apsb23-30.html CVE - 2023-38231

Adobe Acrobat: CVE-2023-38239: Security updates available for Adobe Acrobat and Reader (APSB23-30) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 08/08/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to application denial-of-service, security feature bypass, memory leak and arbitrary code execution . Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-38239 https://helpx.adobe.com/security/products/acrobat/apsb23-30.html CVE - 2023-38239

Adobe Acrobat: CVE-2023-38238: Security updates available for Adobe Acrobat and Reader (APSB23-30) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 08/08/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to application denial-of-service, security feature bypass, memory leak and arbitrary code execution . Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-38238 https://helpx.adobe.com/security/products/acrobat/apsb23-30.html CVE - 2023-38238

Adobe Acrobat: CVE-2023-29303: Security updates available for Adobe Acrobat and Reader (APSB23-30) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 08/08/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to application denial-of-service, security feature bypass, memory leak and arbitrary code execution . Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-29303 https://helpx.adobe.com/security/products/acrobat/apsb23-30.html CVE - 2023-29303

Rocky Linux: CVE-2023-20569: kernel-rt (RLSA-2024-0134) Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-20569 CVE - 2023-20569 https://errata.rockylinux.org/RLSA-2024:0134

Alpine Linux: CVE-2023-20588: Divide By Zero Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Solution(s) alpine-linux-upgrade-xen References https://attackerkb.com/topics/cve-2023-20588 CVE - 2023-20588 https://security.alpinelinux.org/vuln/CVE-2023-20588

Microsoft Windows: CVE-2023-36912: Microsoft Message Queuing Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Microsoft Message Queuing Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-36912 CVE - 2023-36912 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more

Microsoft Windows: CVE-2023-38186: Windows Mobile Device Management Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 07/22/2024 Description Windows Mobile Device Management Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 References https://attackerkb.com/topics/cve-2023-38186 CVE - 2023-38186 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029263

Microsoft Windows: CVE-2023-35377: Microsoft Message Queuing Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Microsoft Message Queuing Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-35377 CVE - 2023-35377 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more

Oracle Linux: CVE-2023-38710: ELSA-2023-6549:libreswan security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/08/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3). This flaw allows a malicious client or attacker to send a malformed IKEv2 REKEY packet, causing a crash and restarting the libreswan pluto daemon. When sent continuously, this could lead to a denial of service attack. Solution(s) oracle-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-38710 CVE - 2023-38710 ELSA-2023-6549 ELSA-2023-7052

CentOS Linux: CVE-2023-35390: Important: .NET 7.0 security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/08/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) centos-upgrade-aspnetcore-runtime-6-0 centos-upgrade-aspnetcore-runtime-7-0 centos-upgrade-aspnetcore-targeting-pack-6-0 centos-upgrade-aspnetcore-targeting-pack-7-0 centos-upgrade-dotnet centos-upgrade-dotnet-apphost-pack-6-0 centos-upgrade-dotnet-apphost-pack-6-0-debuginfo centos-upgrade-dotnet-apphost-pack-7-0 centos-upgrade-dotnet-apphost-pack-7-0-debuginfo centos-upgrade-dotnet-host centos-upgrade-dotnet-host-debuginfo centos-upgrade-dotnet-hostfxr-6-0 centos-upgrade-dotnet-hostfxr-6-0-debuginfo centos-upgrade-dotnet-hostfxr-7-0 centos-upgrade-dotnet-hostfxr-7-0-debuginfo centos-upgrade-dotnet-runtime-6-0 centos-upgrade-dotnet-runtime-6-0-debuginfo centos-upgrade-dotnet-runtime-7-0 centos-upgrade-dotnet-runtime-7-0-debuginfo centos-upgrade-dotnet-sdk-6-0 centos-upgrade-dotnet-sdk-6-0-debuginfo centos-upgrade-dotnet-sdk-7-0 centos-upgrade-dotnet-sdk-7-0-debuginfo centos-upgrade-dotnet-targeting-pack-6-0 centos-upgrade-dotnet-targeting-pack-7-0 centos-upgrade-dotnet-templates-6-0 centos-upgrade-dotnet-templates-7-0 centos-upgrade-dotnet6-0-debuginfo centos-upgrade-dotnet6-0-debugsource centos-upgrade-dotnet7-0-debuginfo centos-upgrade-dotnet7-0-debugsource centos-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-35390

Microsoft Windows: CVE-2023-20569: AMD: CVE-2023-20569 Return Address Predictor Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-20569 CVE - 2023-20569 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more

Microsoft Office: CVE-2023-35371: Microsoft Office Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Microsoft Office: CVE-2023-35371: Microsoft Office Remote Code Execution Vulnerability Solution(s) microsoft-office_online_server-kb5002435 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-35371 CVE - 2023-35371 https://support.microsoft.com/help/5002435

Microsoft Office: CVE-2023-36897: Visual Studio Tools for Office Runtime Spoofing Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Microsoft Office: CVE-2023-36897: Visual Studio Tools for Office Runtime Spoofing Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-36897 CVE - 2023-36897

Oracle Linux: CVE-2022-36351: ELSA-2023-6595:linux-firmware security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 3 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:P) Published 08/08/2023 Created 07/26/2024 Added 07/22/2024 Modified 01/07/2025 Description Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. An improper input validation flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow an unauthenticated user to enable a denial of service via adjacent access. Solution(s) oracle-linux-upgrade-iwl1000-firmware oracle-linux-upgrade-iwl100-firmware oracle-linux-upgrade-iwl105-firmware oracle-linux-upgrade-iwl135-firmware oracle-linux-upgrade-iwl2000-firmware oracle-linux-upgrade-iwl2030-firmware oracle-linux-upgrade-iwl3160-firmware oracle-linux-upgrade-iwl3945-firmware oracle-linux-upgrade-iwl4965-firmware oracle-linux-upgrade-iwl5000-firmware oracle-linux-upgrade-iwl5150-firmware oracle-linux-upgrade-iwl6000-firmware oracle-linux-upgrade-iwl6000g2a-firmware oracle-linux-upgrade-iwl6000g2b-firmware oracle-linux-upgrade-iwl6050-firmware oracle-linux-upgrade-iwl7260-firmware oracle-linux-upgrade-iwlax2xx-firmware oracle-linux-upgrade-libertas-sd8686-firmware oracle-linux-upgrade-libertas-sd8787-firmware oracle-linux-upgrade-libertas-usb8388-firmware oracle-linux-upgrade-libertas-usb8388-olpc-firmware oracle-linux-upgrade-linux-firmware oracle-linux-upgrade-linux-firmware-core oracle-linux-upgrade-linux-firmware-whence oracle-linux-upgrade-liquidio-firmware oracle-linux-upgrade-netronome-firmware References https://attackerkb.com/topics/cve-2022-36351 CVE - 2022-36351 ELSA-2023-6595

Oracle Linux: CVE-2022-40982: ELSA-2023-12782:Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 08/16/2023 Added 08/15/2023 Modified 01/23/2025 Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2022-40982 CVE - 2022-40982 ELSA-2023-12782 ELSA-2023-12722 ELSA-2023-12788 ELSA-2023-12723 ELSA-2023-7077 ELSA-2023-12786 ELSA-2023-7423 ELSA-2023-12785 ELSA-2023-6583 ELSA-2023-12724 View more

Oracle Linux: CVE-2022-38076: ELSA-2023-6595:linux-firmware security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 08/08/2023 Created 07/26/2024 Added 07/22/2024 Modified 01/07/2025 Description Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. An improper input validation flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow an authenticated user to enable escalation of privilege via local access. Solution(s) oracle-linux-upgrade-iwl1000-firmware oracle-linux-upgrade-iwl100-firmware oracle-linux-upgrade-iwl105-firmware oracle-linux-upgrade-iwl135-firmware oracle-linux-upgrade-iwl2000-firmware oracle-linux-upgrade-iwl2030-firmware oracle-linux-upgrade-iwl3160-firmware oracle-linux-upgrade-iwl3945-firmware oracle-linux-upgrade-iwl4965-firmware oracle-linux-upgrade-iwl5000-firmware oracle-linux-upgrade-iwl5150-firmware oracle-linux-upgrade-iwl6000-firmware oracle-linux-upgrade-iwl6000g2a-firmware oracle-linux-upgrade-iwl6000g2b-firmware oracle-linux-upgrade-iwl6050-firmware oracle-linux-upgrade-iwl7260-firmware oracle-linux-upgrade-iwlax2xx-firmware oracle-linux-upgrade-libertas-sd8686-firmware oracle-linux-upgrade-libertas-sd8787-firmware oracle-linux-upgrade-libertas-usb8388-firmware oracle-linux-upgrade-libertas-usb8388-olpc-firmware oracle-linux-upgrade-linux-firmware oracle-linux-upgrade-linux-firmware-core oracle-linux-upgrade-linux-firmware-whence oracle-linux-upgrade-liquidio-firmware oracle-linux-upgrade-netronome-firmware References https://attackerkb.com/topics/cve-2022-38076 CVE - 2022-38076 ELSA-2023-6595