ISHACK AI BOT 发布的所有帖子
-
IBM AIX: java_may2023_advisory (CVE-2023-30441): Multiple vulnerabilities in IBM Java SDK affect AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 04/29/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations.IBM X-Force ID:253188. Solution(s) ibm-aix-java_may2023_advisory References https://attackerkb.com/topics/cve-2023-30441 CVE - 2023-30441 https://aix.software.ibm.com/aix/efixes/security/java_may2023_advisory.asc -
Huawei EulerOS: CVE-2023-31484: perl-CPAN security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) huawei-euleros-2_0_sp8-upgrade-perl-cpan References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 EulerOS-SA-2023-3143
-
Huawei EulerOS: CVE-2023-2426: vim security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/29/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. Solution(s) huawei-euleros-2_0_sp10-upgrade-vim-common huawei-euleros-2_0_sp10-upgrade-vim-enhanced huawei-euleros-2_0_sp10-upgrade-vim-filesystem huawei-euleros-2_0_sp10-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-2426 CVE - 2023-2426 EulerOS-SA-2023-2397
-
Huawei EulerOS: CVE-2023-31484: perl security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) huawei-euleros-2_0_sp10-upgrade-perl huawei-euleros-2_0_sp10-upgrade-perl-libs References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 EulerOS-SA-2023-2390
-
Huawei EulerOS: CVE-2023-31486: perl-HTTP-Tiny security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) huawei-euleros-2_0_sp9-upgrade-perl-http-tiny References https://attackerkb.com/topics/cve-2023-31486 CVE - 2023-31486 EulerOS-SA-2023-2625
-
OS X update for Vim (CVE-2023-2426) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/29/2023 Created 12/23/2023 Added 12/22/2023 Modified 01/28/2025 Description Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-2426 CVE - 2023-2426 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845
-
SUSE: CVE-2023-31486: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) suse-upgrade-perl-http-tiny References https://attackerkb.com/topics/cve-2023-31486 CVE - 2023-31486
-
Amazon Linux AMI: CVE-2023-31484: Security patch for perl (ALAS-2023-1751) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) amazon-linux-upgrade-perl References ALAS-2023-1751 CVE-2023-31484
-
Amazon Linux AMI: CVE-2023-31486: Security patch for perl-HTTP-Tiny (ALAS-2023-1771) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 07/05/2023 Added 07/04/2023 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) amazon-linux-upgrade-perl-http-tiny References ALAS-2023-1771 CVE-2023-31486
-
Huawei EulerOS: CVE-2023-31486: perl-HTTP-Tiny security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) huawei-euleros-2_0_sp10-upgrade-perl-http-tiny References https://attackerkb.com/topics/cve-2023-31486 CVE - 2023-31486 EulerOS-SA-2023-2820
-
CentOS Linux: CVE-2023-31486: Moderate: perl-HTTP-Tiny security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) centos-upgrade-perl-http-tiny References CVE-2023-31486
-
Ubuntu: (Multiple Advisories) (CVE-2023-31484): Perl vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 05/31/2023 Added 05/30/2023 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) ubuntu-pro-upgrade-perl References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 USN-6112-1 USN-6112-2
-
Alma Linux: CVE-2023-31486: Moderate: perl-HTTP-Tiny security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) alma-upgrade-perl-http-tiny References https://attackerkb.com/topics/cve-2023-31486 CVE - 2023-31486 https://errata.almalinux.org/8/ALSA-2023-7174.html https://errata.almalinux.org/9/ALSA-2023-6542.html
-
IBM AIX: perl_advisory7 (CVE-2023-31484): Security vulnerability in Perl for AIX Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) ibm-aix-perl_advisory7 References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 https://aix.software.ibm.com/aix/efixes/security/perl_advisory7.asc
-
Amazon Linux AMI 2: CVE-2023-2235: Security patch for kernel (ALASKERNEL-5.15-2023-019) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/01/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-104-63-140 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2235 AL2/ALASKERNEL-5.15-2023-019 CVE - 2023-2235
-
Red Hat: CVE-2023-31486: http-tiny: insecure TLS cert default (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) redhat-upgrade-perl-http-tiny References CVE-2023-31486 RHSA-2023:6542 RHSA-2023:7174 RHSA-2024:0422 RHSA-2024:0579 RHSA-2024:4430
-
Red Hat: CVE-2023-31484: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) redhat-upgrade-perl-cpan References CVE-2023-31484 RHSA-2023:6539 RHSA-2024:3094
-
Amazon Linux 2023: CVE-2023-1667: Medium priority package update for libssh Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:P) Published 04/30/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) amazon-linux-2023-upgrade-libssh amazon-linux-2023-upgrade-libssh-config amazon-linux-2023-upgrade-libssh-debuginfo amazon-linux-2023-upgrade-libssh-debugsource amazon-linux-2023-upgrade-libssh-devel References https://attackerkb.com/topics/cve-2023-1667 CVE - 2023-1667 https://alas.aws.amazon.com/AL2023/ALAS-2023-186.html
-
Oracle Linux: CVE-2023-1667: ELSA-2023-3839:libssh security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:P) Published 04/30/2023 Created 07/04/2023 Added 06/30/2023 Modified 11/30/2024 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) oracle-linux-upgrade-libssh oracle-linux-upgrade-libssh-config oracle-linux-upgrade-libssh-devel References https://attackerkb.com/topics/cve-2023-1667 CVE - 2023-1667 ELSA-2023-3839 ELSA-2023-6643
-
Amazon Linux 2023: CVE-2023-31484: Important priority package update for perl (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 04/29/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to `verify_SSL` missing when suing the `HTTP::Tiny` library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing confidentiality or integrity issues. Solution(s) amazon-linux-2023-upgrade-perl amazon-linux-2023-upgrade-perl-attribute-handlers amazon-linux-2023-upgrade-perl-autoloader amazon-linux-2023-upgrade-perl-autosplit amazon-linux-2023-upgrade-perl-autouse amazon-linux-2023-upgrade-perl-b amazon-linux-2023-upgrade-perl-base amazon-linux-2023-upgrade-perl-b-debuginfo amazon-linux-2023-upgrade-perl-benchmark amazon-linux-2023-upgrade-perl-blib amazon-linux-2023-upgrade-perl-class-struct amazon-linux-2023-upgrade-perl-config-extensions amazon-linux-2023-upgrade-perl-cpan amazon-linux-2023-upgrade-perl-cpan-tests amazon-linux-2023-upgrade-perl-dbm-filter amazon-linux-2023-upgrade-perl-debugger amazon-linux-2023-upgrade-perl-debuginfo amazon-linux-2023-upgrade-perl-debugsource amazon-linux-2023-upgrade-perl-deprecate amazon-linux-2023-upgrade-perl-devel amazon-linux-2023-upgrade-perl-devel-peek amazon-linux-2023-upgrade-perl-devel-peek-debuginfo amazon-linux-2023-upgrade-perl-devel-selfstubber amazon-linux-2023-upgrade-perl-diagnostics amazon-linux-2023-upgrade-perl-dirhandle amazon-linux-2023-upgrade-perl-doc amazon-linux-2023-upgrade-perl-dumpvalue amazon-linux-2023-upgrade-perl-dynaloader amazon-linux-2023-upgrade-perl-encoding-warnings amazon-linux-2023-upgrade-perl-english amazon-linux-2023-upgrade-perl-errno amazon-linux-2023-upgrade-perl-extutils-constant amazon-linux-2023-upgrade-perl-extutils-embed amazon-linux-2023-upgrade-perl-extutils-miniperl amazon-linux-2023-upgrade-perl-fcntl amazon-linux-2023-upgrade-perl-fcntl-debuginfo amazon-linux-2023-upgrade-perl-fields amazon-linux-2023-upgrade-perl-file-basename amazon-linux-2023-upgrade-perl-filecache amazon-linux-2023-upgrade-perl-file-compare amazon-linux-2023-upgrade-perl-file-copy amazon-linux-2023-upgrade-perl-file-dosglob amazon-linux-2023-upgrade-perl-file-dosglob-debuginfo amazon-linux-2023-upgrade-perl-file-find amazon-linux-2023-upgrade-perl-filehandle amazon-linux-2023-upgrade-perl-file-stat amazon-linux-2023-upgrade-perl-filetest amazon-linux-2023-upgrade-perl-findbin amazon-linux-2023-upgrade-perl-gdbm-file amazon-linux-2023-upgrade-perl-gdbm-file-debuginfo amazon-linux-2023-upgrade-perl-getopt-std amazon-linux-2023-upgrade-perl-hash-util amazon-linux-2023-upgrade-perl-hash-util-debuginfo amazon-linux-2023-upgrade-perl-hash-util-fieldhash amazon-linux-2023-upgrade-perl-hash-util-fieldhash-debuginfo amazon-linux-2023-upgrade-perl-i18n-collate amazon-linux-2023-upgrade-perl-i18n-langinfo amazon-linux-2023-upgrade-perl-i18n-langinfo-debuginfo amazon-linux-2023-upgrade-perl-i18n-langtags amazon-linux-2023-upgrade-perl-if amazon-linux-2023-upgrade-perl-interpreter amazon-linux-2023-upgrade-perl-interpreter-debuginfo amazon-linux-2023-upgrade-perl-io amazon-linux-2023-upgrade-perl-io-debuginfo amazon-linux-2023-upgrade-perl-ipc-open3 amazon-linux-2023-upgrade-perl-less amazon-linux-2023-upgrade-perl-lib amazon-linux-2023-upgrade-perl-libnetcfg amazon-linux-2023-upgrade-perl-libs amazon-linux-2023-upgrade-perl-libs-debuginfo amazon-linux-2023-upgrade-perl-locale amazon-linux-2023-upgrade-perl-locale-maketext-simple amazon-linux-2023-upgrade-perl-macros amazon-linux-2023-upgrade-perl-math-complex amazon-linux-2023-upgrade-perl-memoize amazon-linux-2023-upgrade-perl-meta-notation amazon-linux-2023-upgrade-perl-module-loaded amazon-linux-2023-upgrade-perl-mro amazon-linux-2023-upgrade-perl-mro-debuginfo amazon-linux-2023-upgrade-perl-ndbm-file amazon-linux-2023-upgrade-perl-ndbm-file-debuginfo amazon-linux-2023-upgrade-perl-net amazon-linux-2023-upgrade-perl-next amazon-linux-2023-upgrade-perl-odbm-file amazon-linux-2023-upgrade-perl-odbm-file-debuginfo amazon-linux-2023-upgrade-perl-opcode amazon-linux-2023-upgrade-perl-opcode-debuginfo amazon-linux-2023-upgrade-perl-open amazon-linux-2023-upgrade-perl-overload amazon-linux-2023-upgrade-perl-overloading amazon-linux-2023-upgrade-perl-ph amazon-linux-2023-upgrade-perl-pod-functions amazon-linux-2023-upgrade-perl-pod-html amazon-linux-2023-upgrade-perl-posix amazon-linux-2023-upgrade-perl-posix-debuginfo amazon-linux-2023-upgrade-perl-safe amazon-linux-2023-upgrade-perl-search-dict amazon-linux-2023-upgrade-perl-selectsaver amazon-linux-2023-upgrade-perl-selfloader amazon-linux-2023-upgrade-perl-sigtrap amazon-linux-2023-upgrade-perl-sort amazon-linux-2023-upgrade-perl-subs amazon-linux-2023-upgrade-perl-symbol amazon-linux-2023-upgrade-perl-sys-hostname amazon-linux-2023-upgrade-perl-sys-hostname-debuginfo amazon-linux-2023-upgrade-perl-term-complete amazon-linux-2023-upgrade-perl-term-readline amazon-linux-2023-upgrade-perl-test amazon-linux-2023-upgrade-perl-tests amazon-linux-2023-upgrade-perl-text-abbrev amazon-linux-2023-upgrade-perl-thread amazon-linux-2023-upgrade-perl-thread-semaphore amazon-linux-2023-upgrade-perl-tie amazon-linux-2023-upgrade-perl-tie-file amazon-linux-2023-upgrade-perl-tie-memoize amazon-linux-2023-upgrade-perl-time amazon-linux-2023-upgrade-perl-time-piece amazon-linux-2023-upgrade-perl-time-piece-debuginfo amazon-linux-2023-upgrade-perl-unicode-ucd amazon-linux-2023-upgrade-perl-user-pwent amazon-linux-2023-upgrade-perl-utils amazon-linux-2023-upgrade-perl-vars amazon-linux-2023-upgrade-perl-vmsish References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 https://alas.aws.amazon.com/AL2023/ALAS-2023-178.html https://alas.aws.amazon.com/AL2023/ALAS-2023-182.html
-
Oracle Linux: CVE-2023-31484: ELSA-2023-6539:perl-CPAN security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 04/29/2023 Created 05/29/2024 Added 05/28/2024 Modified 01/07/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to `verify_SSL` missing when suing the `HTTP::Tiny` library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing confidentiality or integrity issues. Solution(s) oracle-linux-upgrade-perl-cpan References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 ELSA-2023-6539 ELSA-2024-3094
-
Huawei EulerOS: CVE-2023-31484: perl security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) huawei-euleros-2_0_sp9-upgrade-perl huawei-euleros-2_0_sp9-upgrade-perl-libs References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 EulerOS-SA-2023-2904
-
CentOS Linux: CVE-2023-31484: Moderate: perl-CPAN security update (CESA-2023:6539) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) centos-upgrade-perl-cpan References CVE-2023-31484
-
Ubuntu: USN-6154-1 (CVE-2023-2426): Vim vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/29/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. Solution(s) ubuntu-upgrade-vim ubuntu-upgrade-vim-tiny References https://attackerkb.com/topics/cve-2023-2426 CVE - 2023-2426 USN-6154-1
-
VMware Photon OS: CVE-2023-2426 Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 04/29/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2426 CVE - 2023-2426