ISHACK AI BOT

FreeBSD: VID-F504A8D2-E105-11ED-85F6-84A93843EB75 (CVE-2023-21982): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 05/05/2023 Added 04/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-java freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21982

Oracle Linux: CVE-2023-21962: ELSA-2024-1141:mysql security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 02/24/2024 Added 02/22/2024 Modified 01/07/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21962 CVE - 2023-21962 ELSA-2024-1141 ELSA-2024-0894

Rocky Linux: CVE-2023-28856: redis-6 (RLSA-2025-0595) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2023 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) rocky-upgrade-redis rocky-upgrade-redis-debuginfo rocky-upgrade-redis-debugsource rocky-upgrade-redis-devel References https://attackerkb.com/topics/cve-2023-28856 CVE - 2023-28856 https://errata.rockylinux.org/RLSA-2025:0595

Alma Linux: CVE-2023-21935: Moderate: mysql:8.0 security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) alma-upgrade-mecab alma-upgrade-mecab-devel alma-upgrade-mecab-ipadic alma-upgrade-mecab-ipadic-eucjp alma-upgrade-mysql alma-upgrade-mysql-common alma-upgrade-mysql-devel alma-upgrade-mysql-errmsg alma-upgrade-mysql-libs alma-upgrade-mysql-server alma-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21935 CVE - 2023-21935 https://errata.almalinux.org/8/ALSA-2024-0894.html https://errata.almalinux.org/9/ALSA-2024-1141.html

Alpine Linux: CVE-2023-27043: Improper Input Validation Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. Solution(s) alpine-linux-upgrade-python3 References https://attackerkb.com/topics/cve-2023-27043 CVE - 2023-27043 https://security.alpinelinux.org/vuln/CVE-2023-27043

Oracle Linux: CVE-2023-31084: ELSA-2023-12688: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/17/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/23/2025 Description An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. A potential deadlock flaw was found in the Linux’s kernel DVB API (used by Digital TV devices) functionality. This flaw allows a local user to crash the system. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-31084 CVE - 2023-31084 ELSA-2023-12688 ELSA-2023-7077

Debian: CVE-2021-33797: mujs -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/17/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d. Solution(s) debian-upgrade-mujs References https://attackerkb.com/topics/cve-2021-33797 CVE - 2021-33797

CVE-2023-27911: AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/17/2023 Created 11/15/2023 Added 11/10/2023 Modified 01/28/2025 Description CVE-2023-27911: AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior [Office for Mac] Solution(s) office-for-mac-upgrade-16_77_0 References https://attackerkb.com/topics/cve-2023-27911 CVE - 2023-27911 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#september-12-2023

CentOS Linux: CVE-2023-0547: Important: thunderbird security update (CESA-2023:1806) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/17/2023 Created 05/05/2023 Added 04/18/2023 Modified 01/28/2025 Description OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. Solution(s) centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-0547

Oracle Linux: CVE-2023-28856: ELSA-2025-0595:redis:6 security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/17/2023 Created 01/28/2025 Added 01/24/2025 Modified 01/31/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. A vulnerability was found in Redis. This flaw allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that may crash Redis on access. Solution(s) oracle-linux-upgrade-redis oracle-linux-upgrade-redis-devel oracle-linux-upgrade-redis-doc References https://attackerkb.com/topics/cve-2023-28856 CVE - 2023-28856 ELSA-2025-0595

Oracle Linux: CVE-2023-2269: ELSA-2023-12565:Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/17/2023 Created 07/05/2023 Added 07/04/2023 Modified 01/23/2025 Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-2269 CVE - 2023-2269 ELSA-2023-12565 ELSA-2023-12566

Oracle Linux: CVE-2023-31083: ELSA-2024-2394:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 04/17/2023 Created 05/21/2024 Added 05/14/2024 Modified 01/23/2025 Description An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu-&gt;proto is set. A NULL pointer dereference may occur. A NULL pointer dereference flaw was found in the Linux kernel’s Bluetooth HCI UART driver. This flaw allows a local user to crash the system. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-31083 CVE - 2023-31083 ELSA-2024-2394 ELSA-2024-3138 ELSA-2024-12813 ELSA-2024-12815 ELSA-2024-12868

FreeBSD: VID-96B2D4DB-DDD2-11ED-B6EA-080027F5FEC9 (CVE-2023-28856): redis -- HINCRBYFLOAT can be used to crash a redis-server process Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 04/17/2023 Created 05/10/2023 Added 05/08/2023 Modified 01/28/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) freebsd-upgrade-package-redis freebsd-upgrade-package-redis6 freebsd-upgrade-package-redis62 References CVE-2023-28856

Amazon Linux 2023: CVE-2023-28856: Medium priority package update for redis6 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/17/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. A vulnerability was found in Redis. This flaw allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that may crash Redis on access. Solution(s) amazon-linux-2023-upgrade-redis6 amazon-linux-2023-upgrade-redis6-debuginfo amazon-linux-2023-upgrade-redis6-debugsource amazon-linux-2023-upgrade-redis6-devel amazon-linux-2023-upgrade-redis6-doc References https://attackerkb.com/topics/cve-2023-28856 CVE - 2023-28856 https://alas.aws.amazon.com/AL2023/ALAS-2023-164.html

CentOS Linux: CVE-2023-29479: Important: thunderbird security update (CESA-2023:1806) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 04/17/2023 Created 05/05/2023 Added 04/18/2023 Modified 01/28/2025 Description Ribose RNP before 0.16.3 may hang when the input is malformed. Solution(s) centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-29479

Ubuntu: (Multiple Advisories) (CVE-2023-29197): php-guzzlehttp-psr7 vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/17/2023 Created 03/02/2024 Added 03/01/2024 Modified 01/28/2025 Description guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade. Solution(s) ubuntu-pro-upgrade-php-guzzlehttp-psr7 ubuntu-pro-upgrade-php-nyholm-psr7 References https://attackerkb.com/topics/cve-2023-29197 CVE - 2023-29197 USN-6670-1 USN-6671-1

Amazon Linux 2023: CVE-2023-2269: Important priority package update for kernel Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/17/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-29-47-49 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2269 CVE - 2023-2269 https://alas.aws.amazon.com/AL2023/ALAS-2023-184.html

Amazon Linux 2023: CVE-2023-30775: Medium priority package update for libtiff (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 04/17/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-30775 CVE - 2023-30775 https://alas.aws.amazon.com/AL2023/ALAS-2023-364.html https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html

Amazon Linux 2023: CVE-2023-30774: Medium priority package update for libtiff Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 04/17/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-30774 CVE - 2023-30774 https://alas.aws.amazon.com/AL2023/ALAS-2023-230.html

FreeBSD: VID-F504A8D2-E105-11ED-85F6-84A93843EB75 (CVE-2023-21953): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 05/05/2023 Added 04/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-java freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21953

FreeBSD: VID-F504A8D2-E105-11ED-85F6-84A93843EB75 (CVE-2023-21971): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:H/Au:M/C:P/I:P/A:C) Published 04/18/2023 Created 05/05/2023 Added 04/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well asunauthorized update, insert or delete access to some of MySQL Connectors accessible data andunauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-java freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21971

FreeBSD: VID-F504A8D2-E105-11ED-85F6-84A93843EB75 (CVE-2023-21976): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 05/05/2023 Added 04/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-java freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21976

VMware Photon OS: CVE-2023-28856 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28856 CVE - 2023-28856

VMware Photon OS: CVE-2023-27043 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-27043 CVE - 2023-27043

Ubuntu: USN-6060-1 (CVE-2023-21920): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21920 CVE - 2023-21920 USN-6060-1