ISHACK AI BOT

Amazon Linux AMI 2: CVE-2022-20565: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/14/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/14/2023 Description Amazon Linux AMI 2: CVE-2022-20565: Security patch for kernel (Multiple Advisories) Solution(s) amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-198-152-320 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-20565 AL2/ALAS-2020-1495 AL2/ALASKERNEL-5.4-2022-016 CVE - 2022-20565

Ubuntu: USN-6450-1 (CVE-2023-2975): OpenSSL vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) ubuntu-upgrade-libssl3 References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975 USN-6450-1

Ubuntu: USN-6307-1 (CVE-2023-37464): JOSE for C/C++ vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/14/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The specsays that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). Solution(s) ubuntu-pro-upgrade-libcjose0 References https://attackerkb.com/topics/cve-2023-37464 CVE - 2023-37464 USN-6307-1

VMware Photon OS: CVE-2023-3649 Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 07/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3649 CVE - 2023-3649

Alpine Linux: CVE-2023-38252: Out-of-bounds Read Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:C) Published 07/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. Solution(s) alpine-linux-upgrade-w3m References https://attackerkb.com/topics/cve-2023-38252 CVE - 2023-38252 https://security.alpinelinux.org/vuln/CVE-2023-38252

Red Hat: CVE-2023-2975: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 05/01/2024 Added 05/01/2024 Modified 10/16/2024 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) redhat-upgrade-openssl redhat-upgrade-openssl-debuginfo redhat-upgrade-openssl-debugsource redhat-upgrade-openssl-devel redhat-upgrade-openssl-fips-provider redhat-upgrade-openssl-fips-provider-debuginfo redhat-upgrade-openssl-fips-provider-debugsource redhat-upgrade-openssl-libs redhat-upgrade-openssl-libs-debuginfo redhat-upgrade-openssl-perl References CVE-2023-2975 RHSA-2024:2447

VMware Photon OS: CVE-2023-2975 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975

Microsoft Edge Chromium: CVE-2023-36887 Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/14/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36887 CVE - 2023-36887 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887

Ubuntu: (CVE-2023-38253): w3m vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/14/2023 Created 11/23/2024 Added 11/22/2024 Modified 01/28/2025 Description An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. Solution(s) ubuntu-pro-upgrade-w3m References https://attackerkb.com/topics/cve-2023-38253 CVE - 2023-38253 https://access.redhat.com/security/cve/CVE-2023-38253 https://www.cve.org/CVERecord?id=CVE-2023-38253

Debian: CVE-2023-29450: zabbix -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/13/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/30/2025 Description JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2023-29450 CVE - 2023-29450 DLA-3538-1

Debian: CVE-2023-29456: zabbix -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 07/13/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2023-29456 CVE - 2023-29456 DLA-3538-1

Ubuntu: (Multiple Advisories) (CVE-2023-21400): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/13/2023 Created 08/31/2023 Added 08/31/2023 Modified 02/14/2025 Description In multiple functionsof io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1026-gkeop ubuntu-upgrade-linux-image-5-15-0-1031-nvidia ubuntu-upgrade-linux-image-5-15-0-1031-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1036-ibm ubuntu-upgrade-linux-image-5-15-0-1036-raspi ubuntu-upgrade-linux-image-5-15-0-1038-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1040-gcp ubuntu-upgrade-linux-image-5-15-0-1040-gke ubuntu-upgrade-linux-image-5-15-0-1040-kvm ubuntu-upgrade-linux-image-5-15-0-1041-oracle ubuntu-upgrade-linux-image-5-15-0-1043-aws ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-82-generic ubuntu-upgrade-linux-image-5-15-0-82-generic-64k ubuntu-upgrade-linux-image-5-15-0-82-generic-lpae ubuntu-upgrade-linux-image-5-15-0-82-lowlatency ubuntu-upgrade-linux-image-5-15-0-82-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1085-ibm ubuntu-upgrade-linux-image-5-4-0-1098-bluefield ubuntu-upgrade-linux-image-5-4-0-1122-raspi ubuntu-upgrade-linux-image-5-4-0-1126-kvm ubuntu-upgrade-linux-image-5-4-0-1137-oracle ubuntu-upgrade-linux-image-5-4-0-1139-aws ubuntu-upgrade-linux-image-5-4-0-1142-gcp ubuntu-upgrade-linux-image-5-4-0-1143-azure ubuntu-upgrade-linux-image-5-4-0-205-generic ubuntu-upgrade-linux-image-5-4-0-205-generic-lpae ubuntu-upgrade-linux-image-5-4-0-205-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 References https://attackerkb.com/topics/cve-2023-21400 CVE - 2023-21400 USN-6315-1 USN-6325-1 USN-6330-1 USN-6332-1 USN-6348-1 USN-7234-1 USN-7234-2 USN-7234-3 USN-7234-4 View more

Debian: CVE-2023-29451: zabbix -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2023-29451 CVE - 2023-29451 DLA-3538-1

Debian: CVE-2023-21400: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/13/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description In multiple functionsof io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-21400 CVE - 2023-21400 DSA-5480-1

Debian: CVE-2023-29458: zabbix -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2023-29458 CVE - 2023-29458 DLA-3909-1

BoidCMS Command Injection Disclosed 07/13/2023 Created 03/01/2024 Description This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below.BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. Author(s) 1337kid bwatters-r7 Architectures cmd Development Source Code History

Gentoo Linux: CVE-2023-38197: Qt: Buffer Overflow Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. Solution(s) gentoo-linux-upgrade-dev-qt-qtbase gentoo-linux-upgrade-dev-qt-qtcore References https://attackerkb.com/topics/cve-2023-38197 CVE - 2023-38197 202501-08

Ubuntu: (Multiple Advisories) (CVE-2023-21255): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/13/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1027-gkeop ubuntu-upgrade-linux-image-5-15-0-1032-nvidia ubuntu-upgrade-linux-image-5-15-0-1032-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1037-ibm ubuntu-upgrade-linux-image-5-15-0-1037-raspi ubuntu-upgrade-linux-image-5-15-0-1039-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1041-gcp ubuntu-upgrade-linux-image-5-15-0-1041-gke ubuntu-upgrade-linux-image-5-15-0-1041-kvm ubuntu-upgrade-linux-image-5-15-0-1042-oracle ubuntu-upgrade-linux-image-5-15-0-1044-aws ubuntu-upgrade-linux-image-5-15-0-1046-azure ubuntu-upgrade-linux-image-5-15-0-1046-azure-fde ubuntu-upgrade-linux-image-5-15-0-83-generic ubuntu-upgrade-linux-image-5-15-0-83-generic-64k ubuntu-upgrade-linux-image-5-15-0-83-generic-lpae ubuntu-upgrade-linux-image-5-15-0-83-lowlatency ubuntu-upgrade-linux-image-5-15-0-83-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1021-iot ubuntu-upgrade-linux-image-5-4-0-1029-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1056-ibm ubuntu-upgrade-linux-image-5-4-0-1070-bluefield ubuntu-upgrade-linux-image-5-4-0-1076-gkeop ubuntu-upgrade-linux-image-5-4-0-1093-raspi ubuntu-upgrade-linux-image-5-4-0-1098-kvm ubuntu-upgrade-linux-image-5-4-0-1108-oracle ubuntu-upgrade-linux-image-5-4-0-1109-aws ubuntu-upgrade-linux-image-5-4-0-1112-gcp ubuntu-upgrade-linux-image-5-4-0-1115-azure ubuntu-upgrade-linux-image-5-4-0-162-generic ubuntu-upgrade-linux-image-5-4-0-162-generic-lpae ubuntu-upgrade-linux-image-5-4-0-162-lowlatency ubuntu-upgrade-linux-image-6-2-0-1004-starfive ubuntu-upgrade-linux-image-6-2-0-1009-ibm ubuntu-upgrade-linux-image-6-2-0-1011-aws ubuntu-upgrade-linux-image-6-2-0-1011-azure ubuntu-upgrade-linux-image-6-2-0-1011-oracle ubuntu-upgrade-linux-image-6-2-0-1012-kvm ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1012-raspi ubuntu-upgrade-linux-image-6-2-0-1013-gcp ubuntu-upgrade-linux-image-6-2-0-32-generic ubuntu-upgrade-linux-image-6-2-0-32-generic-64k ubuntu-upgrade-linux-image-6-2-0-32-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-21255 CVE - 2023-21255 USN-6338-1 USN-6338-2 USN-6339-1 USN-6339-2 USN-6339-3 USN-6339-4 USN-6340-1 USN-6340-2 USN-6344-1 USN-6349-1 USN-6350-1 USN-6351-1 USN-6357-1 USN-6397-1 View more

Amazon Linux AMI: CVE-2023-35945: Security patch for nghttp2 (ALAS-2023-1793) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11. Solution(s) amazon-linux-upgrade-nghttp2 References ALAS-2023-1793 CVE-2023-35945

VMware Photon OS: CVE-2022-24834 Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 07/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-24834 CVE - 2022-24834

Gentoo Linux: CVE-2022-24834: Redis: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/13/2023 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. Solution(s) gentoo-linux-upgrade-dev-db-redis References https://attackerkb.com/topics/cve-2022-24834 CVE - 2022-24834 202408-05

Debian: CVE-2023-21255: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/13/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-21255 CVE - 2023-21255 DSA-5480-1

CentOS Linux: CVE-2023-38197: Moderate: qt5 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. Solution(s) centos-upgrade-adwaita-qt-debuginfo centos-upgrade-adwaita-qt-debugsource centos-upgrade-adwaita-qt5 centos-upgrade-adwaita-qt5-debuginfo centos-upgrade-libadwaita-qt5 centos-upgrade-libadwaita-qt5-debuginfo centos-upgrade-python-pyqt5-sip-debugsource centos-upgrade-python-qt5-debuginfo centos-upgrade-python-qt5-debugsource centos-upgrade-python-qt5-rpm-macros centos-upgrade-python3-pyqt5-sip centos-upgrade-python3-pyqt5-sip-debuginfo centos-upgrade-python3-qt5 centos-upgrade-python3-qt5-base centos-upgrade-python3-qt5-base-debuginfo centos-upgrade-python3-qt5-debuginfo centos-upgrade-qgnomeplatform centos-upgrade-qgnomeplatform-debuginfo centos-upgrade-qgnomeplatform-debugsource centos-upgrade-qt5 centos-upgrade-qt5-assistant centos-upgrade-qt5-assistant-debuginfo centos-upgrade-qt5-designer centos-upgrade-qt5-designer-debuginfo centos-upgrade-qt5-doctools centos-upgrade-qt5-doctools-debuginfo centos-upgrade-qt5-linguist centos-upgrade-qt5-linguist-debuginfo centos-upgrade-qt5-qdbusviewer centos-upgrade-qt5-qdbusviewer-debuginfo centos-upgrade-qt5-qt3d centos-upgrade-qt5-qt3d-debuginfo centos-upgrade-qt5-qt3d-debugsource centos-upgrade-qt5-qt3d-devel centos-upgrade-qt5-qt3d-devel-debuginfo centos-upgrade-qt5-qt3d-doc centos-upgrade-qt5-qt3d-examples centos-upgrade-qt5-qt3d-examples-debuginfo centos-upgrade-qt5-qt3d-tests-debuginfo centos-upgrade-qt5-qtbase centos-upgrade-qt5-qtbase-common centos-upgrade-qt5-qtbase-debuginfo centos-upgrade-qt5-qtbase-debugsource centos-upgrade-qt5-qtbase-devel centos-upgrade-qt5-qtbase-devel-debuginfo centos-upgrade-qt5-qtbase-doc centos-upgrade-qt5-qtbase-examples centos-upgrade-qt5-qtbase-examples-debuginfo centos-upgrade-qt5-qtbase-gui centos-upgrade-qt5-qtbase-gui-debuginfo centos-upgrade-qt5-qtbase-mysql centos-upgrade-qt5-qtbase-mysql-debuginfo centos-upgrade-qt5-qtbase-odbc centos-upgrade-qt5-qtbase-odbc-debuginfo centos-upgrade-qt5-qtbase-postgresql centos-upgrade-qt5-qtbase-postgresql-debuginfo centos-upgrade-qt5-qtbase-private-devel centos-upgrade-qt5-qtbase-tests-debuginfo centos-upgrade-qt5-qtconnectivity centos-upgrade-qt5-qtconnectivity-debuginfo centos-upgrade-qt5-qtconnectivity-debugsource centos-upgrade-qt5-qtconnectivity-devel centos-upgrade-qt5-qtconnectivity-doc centos-upgrade-qt5-qtconnectivity-examples centos-upgrade-qt5-qtconnectivity-examples-debuginfo centos-upgrade-qt5-qtconnectivity-tests-debuginfo centos-upgrade-qt5-qtdeclarative centos-upgrade-qt5-qtdeclarative-debuginfo centos-upgrade-qt5-qtdeclarative-debugsource centos-upgrade-qt5-qtdeclarative-devel centos-upgrade-qt5-qtdeclarative-devel-debuginfo centos-upgrade-qt5-qtdeclarative-doc centos-upgrade-qt5-qtdeclarative-examples centos-upgrade-qt5-qtdeclarative-examples-debuginfo centos-upgrade-qt5-qtdeclarative-tests-debuginfo centos-upgrade-qt5-qtdoc centos-upgrade-qt5-qtgraphicaleffects centos-upgrade-qt5-qtgraphicaleffects-debuginfo centos-upgrade-qt5-qtgraphicaleffects-debugsource centos-upgrade-qt5-qtgraphicaleffects-doc centos-upgrade-qt5-qtgraphicaleffects-tests-debuginfo centos-upgrade-qt5-qtimageformats centos-upgrade-qt5-qtimageformats-debuginfo centos-upgrade-qt5-qtimageformats-debugsource centos-upgrade-qt5-qtimageformats-doc centos-upgrade-qt5-qtimageformats-tests-debuginfo centos-upgrade-qt5-qtlocation centos-upgrade-qt5-qtlocation-debuginfo centos-upgrade-qt5-qtlocation-debugsource centos-upgrade-qt5-qtlocation-devel centos-upgrade-qt5-qtlocation-doc centos-upgrade-qt5-qtlocation-examples centos-upgrade-qt5-qtlocation-examples-debuginfo centos-upgrade-qt5-qtlocation-tests-debuginfo centos-upgrade-qt5-qtmultimedia centos-upgrade-qt5-qtmultimedia-debuginfo centos-upgrade-qt5-qtmultimedia-debugsource centos-upgrade-qt5-qtmultimedia-devel centos-upgrade-qt5-qtmultimedia-doc centos-upgrade-qt5-qtmultimedia-examples centos-upgrade-qt5-qtmultimedia-examples-debuginfo centos-upgrade-qt5-qtmultimedia-tests-debuginfo centos-upgrade-qt5-qtquickcontrols centos-upgrade-qt5-qtquickcontrols-debuginfo centos-upgrade-qt5-qtquickcontrols-debugsource centos-upgrade-qt5-qtquickcontrols-doc centos-upgrade-qt5-qtquickcontrols-examples centos-upgrade-qt5-qtquickcontrols-examples-debuginfo centos-upgrade-qt5-qtquickcontrols-tests-debuginfo centos-upgrade-qt5-qtquickcontrols2 centos-upgrade-qt5-qtquickcontrols2-debuginfo centos-upgrade-qt5-qtquickcontrols2-debugsource centos-upgrade-qt5-qtquickcontrols2-devel centos-upgrade-qt5-qtquickcontrols2-doc centos-upgrade-qt5-qtquickcontrols2-examples centos-upgrade-qt5-qtquickcontrols2-examples-debuginfo centos-upgrade-qt5-qtquickcontrols2-tests-debuginfo centos-upgrade-qt5-qtscript centos-upgrade-qt5-qtscript-debuginfo centos-upgrade-qt5-qtscript-debugsource centos-upgrade-qt5-qtscript-devel centos-upgrade-qt5-qtscript-doc centos-upgrade-qt5-qtscript-examples centos-upgrade-qt5-qtscript-examples-debuginfo centos-upgrade-qt5-qtscript-tests-debuginfo centos-upgrade-qt5-qtsensors centos-upgrade-qt5-qtsensors-debuginfo centos-upgrade-qt5-qtsensors-debugsource centos-upgrade-qt5-qtsensors-devel centos-upgrade-qt5-qtsensors-doc centos-upgrade-qt5-qtsensors-examples centos-upgrade-qt5-qtsensors-examples-debuginfo centos-upgrade-qt5-qtsensors-tests-debuginfo centos-upgrade-qt5-qtserialbus centos-upgrade-qt5-qtserialbus-debuginfo centos-upgrade-qt5-qtserialbus-debugsource centos-upgrade-qt5-qtserialbus-devel centos-upgrade-qt5-qtserialbus-doc centos-upgrade-qt5-qtserialbus-examples centos-upgrade-qt5-qtserialbus-examples-debuginfo centos-upgrade-qt5-qtserialbus-tests-debuginfo centos-upgrade-qt5-qtserialport centos-upgrade-qt5-qtserialport-debuginfo centos-upgrade-qt5-qtserialport-debugsource centos-upgrade-qt5-qtserialport-devel centos-upgrade-qt5-qtserialport-doc centos-upgrade-qt5-qtserialport-examples centos-upgrade-qt5-qtserialport-examples-debuginfo centos-upgrade-qt5-qtserialport-tests-debuginfo centos-upgrade-qt5-qtsvg centos-upgrade-qt5-qtsvg-debuginfo centos-upgrade-qt5-qtsvg-debugsource centos-upgrade-qt5-qtsvg-devel centos-upgrade-qt5-qtsvg-doc centos-upgrade-qt5-qtsvg-examples centos-upgrade-qt5-qtsvg-examples-debuginfo centos-upgrade-qt5-qtsvg-tests-debuginfo centos-upgrade-qt5-qttools centos-upgrade-qt5-qttools-common centos-upgrade-qt5-qttools-debuginfo centos-upgrade-qt5-qttools-debugsource centos-upgrade-qt5-qttools-devel centos-upgrade-qt5-qttools-devel-debuginfo centos-upgrade-qt5-qttools-doc centos-upgrade-qt5-qttools-examples centos-upgrade-qt5-qttools-examples-debuginfo centos-upgrade-qt5-qttools-libs-designer centos-upgrade-qt5-qttools-libs-designer-debuginfo centos-upgrade-qt5-qttools-libs-designercomponents centos-upgrade-qt5-qttools-libs-designercomponents-debuginfo centos-upgrade-qt5-qttools-libs-help centos-upgrade-qt5-qttools-libs-help-debuginfo centos-upgrade-qt5-qttools-tests-debuginfo centos-upgrade-qt5-qttranslations centos-upgrade-qt5-qtwayland centos-upgrade-qt5-qtwayland-debuginfo centos-upgrade-qt5-qtwayland-debugsource centos-upgrade-qt5-qtwayland-devel centos-upgrade-qt5-qtwayland-devel-debuginfo centos-upgrade-qt5-qtwayland-doc centos-upgrade-qt5-qtwayland-examples centos-upgrade-qt5-qtwayland-examples-debuginfo centos-upgrade-qt5-qtwayland-tests-debuginfo centos-upgrade-qt5-qtwebchannel centos-upgrade-qt5-qtwebchannel-debuginfo centos-upgrade-qt5-qtwebchannel-debugsource centos-upgrade-qt5-qtwebchannel-devel centos-upgrade-qt5-qtwebchannel-doc centos-upgrade-qt5-qtwebchannel-examples centos-upgrade-qt5-qtwebchannel-examples-debuginfo centos-upgrade-qt5-qtwebchannel-tests-debuginfo centos-upgrade-qt5-qtwebsockets centos-upgrade-qt5-qtwebsockets-debuginfo centos-upgrade-qt5-qtwebsockets-debugsource centos-upgrade-qt5-qtwebsockets-devel centos-upgrade-qt5-qtwebsockets-doc centos-upgrade-qt5-qtwebsockets-examples centos-upgrade-qt5-qtwebsockets-examples-debuginfo centos-upgrade-qt5-qtwebsockets-tests-debuginfo centos-upgrade-qt5-qtx11extras centos-upgrade-qt5-qtx11extras-debuginfo centos-upgrade-qt5-qtx11extras-debugsource centos-upgrade-qt5-qtx11extras-devel centos-upgrade-qt5-qtx11extras-doc centos-upgrade-qt5-qtx11extras-tests-debuginfo centos-upgrade-qt5-qtxmlpatterns centos-upgrade-qt5-qtxmlpatterns-debuginfo centos-upgrade-qt5-qtxmlpatterns-debugsource centos-upgrade-qt5-qtxmlpatterns-devel centos-upgrade-qt5-qtxmlpatterns-devel-debuginfo centos-upgrade-qt5-qtxmlpatterns-doc centos-upgrade-qt5-qtxmlpatterns-examples centos-upgrade-qt5-qtxmlpatterns-examples-debuginfo centos-upgrade-qt5-qtxmlpatterns-tests-debuginfo centos-upgrade-qt5-rpm-macros centos-upgrade-qt5-srpm-macros References CVE-2023-38197

Ubuntu: USN-6531-1 (CVE-2022-24834): Redis vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/13/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. Solution(s) ubuntu-pro-upgrade-redis-server ubuntu-pro-upgrade-redis-tools References https://attackerkb.com/topics/cve-2022-24834 CVE - 2022-24834 USN-6531-1

SUSE: CVE-2023-21400: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/13/2023 Created 08/15/2023 Added 08/15/2023 Modified 01/28/2025 Description In multiple functionsof io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-21400 CVE - 2023-21400