ISHACK AI BOT

Huawei EulerOS: CVE-2022-4904: c-ares security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) huawei-euleros-2_0_sp9-upgrade-c-ares References https://attackerkb.com/topics/cve-2022-4904 CVE - 2022-4904 EulerOS-SA-2023-1861

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-36401) Severity 4 CVSS (AV:A/AC:M/Au:S/C:P/I:P/A:N) Published 03/06/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. Solution(s) moodle-upgrade-3_10_5 moodle-upgrade-3_11_1 moodle-upgrade-3_9_8 References https://attackerkb.com/topics/cve-2021-36401 CVE - 2021-36401 https://moodle.org/mod/forum/discuss.php?d=424807

Huawei EulerOS: CVE-2022-3707: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-3707 CVE - 2022-3707 EulerOS-SA-2023-1873

Alpine Linux: CVE-2022-45141: Inadequate Encryption Strength Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) alpine-linux-upgrade-samba References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-45141 https://security.alpinelinux.org/vuln/CVE-2022-45141

Rocky Linux: CVE-2019-8720: GNOME (RLSA-2020-4451) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Solution(s) rocky-upgrade-dleyna-renderer rocky-upgrade-dleyna-renderer-debuginfo rocky-upgrade-dleyna-renderer-debugsource rocky-upgrade-frei0r-devel rocky-upgrade-frei0r-plugins rocky-upgrade-frei0r-plugins-debuginfo rocky-upgrade-frei0r-plugins-debugsource rocky-upgrade-frei0r-plugins-opencv rocky-upgrade-frei0r-plugins-opencv-debuginfo rocky-upgrade-gnome-remote-desktop rocky-upgrade-gnome-remote-desktop-debuginfo rocky-upgrade-gnome-remote-desktop-debugsource rocky-upgrade-gnome-session rocky-upgrade-gnome-session-debuginfo rocky-upgrade-gnome-session-debugsource rocky-upgrade-gnome-session-wayland-session rocky-upgrade-gnome-session-xsession rocky-upgrade-gsettings-desktop-schemas rocky-upgrade-gsettings-desktop-schemas-devel rocky-upgrade-gtk-update-icon-cache rocky-upgrade-gtk-update-icon-cache-debuginfo rocky-upgrade-gtk3 rocky-upgrade-gtk3-debuginfo rocky-upgrade-gtk3-debugsource rocky-upgrade-gtk3-devel rocky-upgrade-gtk3-devel-debuginfo rocky-upgrade-gtk3-immodule-xim rocky-upgrade-gtk3-immodule-xim-debuginfo rocky-upgrade-libraw rocky-upgrade-libraw-debuginfo rocky-upgrade-libraw-debugsource rocky-upgrade-libraw-devel rocky-upgrade-libsoup rocky-upgrade-libsoup-debuginfo rocky-upgrade-libsoup-debugsource rocky-upgrade-libsoup-devel rocky-upgrade-packagekit rocky-upgrade-packagekit-command-not-found rocky-upgrade-packagekit-command-not-found-debuginfo rocky-upgrade-packagekit-cron rocky-upgrade-packagekit-debuginfo rocky-upgrade-packagekit-debugsource rocky-upgrade-packagekit-glib rocky-upgrade-packagekit-glib-debuginfo rocky-upgrade-packagekit-glib-devel rocky-upgrade-packagekit-gstreamer-plugin rocky-upgrade-packagekit-gstreamer-plugin-debuginfo rocky-upgrade-packagekit-gtk3-module rocky-upgrade-packagekit-gtk3-module-debuginfo rocky-upgrade-pipewire rocky-upgrade-pipewire-debuginfo rocky-upgrade-pipewire-debugsource rocky-upgrade-pipewire-devel rocky-upgrade-pipewire-doc rocky-upgrade-pipewire-libs rocky-upgrade-pipewire-libs-debuginfo rocky-upgrade-pipewire-utils rocky-upgrade-pipewire-utils-debuginfo rocky-upgrade-pipewire0.2-debugsource rocky-upgrade-pipewire0.2-devel rocky-upgrade-pipewire0.2-libs rocky-upgrade-pipewire0.2-libs-debuginfo rocky-upgrade-potrace rocky-upgrade-potrace-debuginfo rocky-upgrade-potrace-debugsource rocky-upgrade-pygobject3-debuginfo rocky-upgrade-pygobject3-debugsource rocky-upgrade-pygobject3-devel rocky-upgrade-python3-gobject rocky-upgrade-python3-gobject-base rocky-upgrade-python3-gobject-base-debuginfo rocky-upgrade-python3-gobject-debuginfo rocky-upgrade-tracker rocky-upgrade-tracker-debuginfo rocky-upgrade-tracker-debugsource rocky-upgrade-tracker-devel rocky-upgrade-vte-profile rocky-upgrade-vte291 rocky-upgrade-vte291-debuginfo rocky-upgrade-vte291-debugsource rocky-upgrade-vte291-devel rocky-upgrade-vte291-devel-debuginfo rocky-upgrade-webrtc-audio-processing rocky-upgrade-webrtc-audio-processing-debuginfo rocky-upgrade-webrtc-audio-processing-debugsource rocky-upgrade-xdg-desktop-portal-gtk rocky-upgrade-xdg-desktop-portal-gtk-debuginfo rocky-upgrade-xdg-desktop-portal-gtk-debugsource References https://attackerkb.com/topics/cve-2019-8720 CVE - 2019-8720 https://errata.rockylinux.org/RLSA-2020:4451

Huawei EulerOS: CVE-2022-3424: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/06/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-3424 CVE - 2022-3424 EulerOS-SA-2023-1781

Huawei EulerOS: CVE-2021-20251: samba security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/06/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsmbclient huawei-euleros-2_0_sp11-upgrade-libwbclient huawei-euleros-2_0_sp11-upgrade-samba huawei-euleros-2_0_sp11-upgrade-samba-client huawei-euleros-2_0_sp11-upgrade-samba-common huawei-euleros-2_0_sp11-upgrade-samba-common-tools huawei-euleros-2_0_sp11-upgrade-samba-libs huawei-euleros-2_0_sp11-upgrade-samba-winbind huawei-euleros-2_0_sp11-upgrade-samba-winbind-clients huawei-euleros-2_0_sp11-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2021-20251 CVE - 2021-20251 EulerOS-SA-2023-2300

Huawei EulerOS: CVE-2022-3707: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-3707 CVE - 2022-3707 EulerOS-SA-2023-1781

Amazon Linux AMI 2: CVE-2023-0330: Security patch for qemu (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 03/06/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. Solution(s) amazon-linux-ami-2-upgrade-ivshmem-tools amazon-linux-ami-2-upgrade-qemu amazon-linux-ami-2-upgrade-qemu-audio-alsa amazon-linux-ami-2-upgrade-qemu-audio-oss amazon-linux-ami-2-upgrade-qemu-audio-pa amazon-linux-ami-2-upgrade-qemu-audio-sdl amazon-linux-ami-2-upgrade-qemu-block-curl amazon-linux-ami-2-upgrade-qemu-block-dmg amazon-linux-ami-2-upgrade-qemu-block-iscsi amazon-linux-ami-2-upgrade-qemu-block-nfs amazon-linux-ami-2-upgrade-qemu-block-rbd amazon-linux-ami-2-upgrade-qemu-block-ssh amazon-linux-ami-2-upgrade-qemu-common amazon-linux-ami-2-upgrade-qemu-debuginfo amazon-linux-ami-2-upgrade-qemu-guest-agent amazon-linux-ami-2-upgrade-qemu-img amazon-linux-ami-2-upgrade-qemu-kvm amazon-linux-ami-2-upgrade-qemu-kvm-core amazon-linux-ami-2-upgrade-qemu-system-aarch64 amazon-linux-ami-2-upgrade-qemu-system-aarch64-core amazon-linux-ami-2-upgrade-qemu-system-x86 amazon-linux-ami-2-upgrade-qemu-system-x86-core amazon-linux-ami-2-upgrade-qemu-ui-curses amazon-linux-ami-2-upgrade-qemu-ui-gtk amazon-linux-ami-2-upgrade-qemu-ui-sdl amazon-linux-ami-2-upgrade-qemu-user amazon-linux-ami-2-upgrade-qemu-user-binfmt amazon-linux-ami-2-upgrade-qemu-user-static References https://attackerkb.com/topics/cve-2023-0330 AL2/ALAS-2023-2148 AL2/ALAS-2023-2191 CVE - 2023-0330

SUSE: CVE-2023-1226: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1226 CVE - 2023-1226

Debian: CVE-2023-1161: wireshark -- security update Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 03/06/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file Solution(s) debian-upgrade-wireshark References https://attackerkb.com/topics/cve-2023-1161 CVE - 2023-1161 DLA-3402-1 DSA-5429

Huawei EulerOS: CVE-2023-25690: httpd security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/30/2025 Description Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. Solution(s) huawei-euleros-2_0_sp11-upgrade-httpd huawei-euleros-2_0_sp11-upgrade-httpd-filesystem huawei-euleros-2_0_sp11-upgrade-httpd-tools huawei-euleros-2_0_sp11-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2023-25690 CVE - 2023-25690 EulerOS-SA-2023-2295

Amazon Linux AMI 2: CVE-2022-4904: Security patch for c-ares (ALAS-2024-2399) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) amazon-linux-ami-2-upgrade-c-ares amazon-linux-ami-2-upgrade-c-ares-debuginfo amazon-linux-ami-2-upgrade-c-ares-devel References https://attackerkb.com/topics/cve-2022-4904 AL2/ALAS-2024-2399 CVE - 2022-4904

Moodle: Stored XSS in quiz override screens via user ID number (CVE-2021-36399) Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 03/06/2023 Created 03/17/2023 Added 03/17/2023 Modified 01/28/2025 Description In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. Solution(s) moodle-upgrade-3_11_1 References https://attackerkb.com/topics/cve-2021-36399 CVE - 2021-36399 https://moodle.org/mod/forum/discuss.php?d=424805

Alma Linux: CVE-2022-4904: Moderate: c-ares security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) alma-upgrade-c-ares alma-upgrade-c-ares-devel alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-libs alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2022-4904 CVE - 2022-4904 https://errata.almalinux.org/8/ALSA-2023-1582.html https://errata.almalinux.org/8/ALSA-2023-1743.html https://errata.almalinux.org/8/ALSA-2023-4035.html https://errata.almalinux.org/8/ALSA-2023-7116.html https://errata.almalinux.org/9/ALSA-2023-2654.html https://errata.almalinux.org/9/ALSA-2023-2655.html https://errata.almalinux.org/9/ALSA-2023-6635.html View more

Huawei EulerOS: CVE-2022-3424: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/06/2023 Created 03/10/2023 Added 03/09/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-3424 CVE - 2022-3424 EulerOS-SA-2023-1469

Moodle: Stored XSS in the web service token list via user ID number (CVE-2021-36398) Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 03/06/2023 Created 03/17/2023 Added 03/17/2023 Modified 01/28/2025 Description In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. Solution(s) moodle-upgrade-3_11_1 References https://attackerkb.com/topics/cve-2021-36398 CVE - 2021-36398 https://moodle.org/mod/forum/discuss.php?d=424804

SUSE: CVE-2022-3854: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Solution(s) suse-upgrade-ceph suse-upgrade-ceph-base suse-upgrade-ceph-common suse-upgrade-ceph-fuse suse-upgrade-ceph-grafana-dashboards suse-upgrade-ceph-immutable-object-cache suse-upgrade-ceph-mds suse-upgrade-ceph-mgr suse-upgrade-ceph-mgr-cephadm suse-upgrade-ceph-mgr-dashboard suse-upgrade-ceph-mgr-diskprediction-local suse-upgrade-ceph-mgr-k8sevents suse-upgrade-ceph-mgr-modules-core suse-upgrade-ceph-mgr-rook suse-upgrade-ceph-mon suse-upgrade-ceph-osd suse-upgrade-ceph-prometheus-alerts suse-upgrade-ceph-radosgw suse-upgrade-ceph-test suse-upgrade-cephadm suse-upgrade-cephfs-mirror suse-upgrade-cephfs-shell suse-upgrade-cephfs-top suse-upgrade-libcephfs-devel suse-upgrade-libcephfs2 suse-upgrade-libcephsqlite suse-upgrade-libcephsqlite-devel suse-upgrade-librados-devel suse-upgrade-librados2 suse-upgrade-libradospp-devel suse-upgrade-librbd-devel suse-upgrade-librbd1 suse-upgrade-librgw-devel suse-upgrade-librgw2 suse-upgrade-python3-ceph-argparse suse-upgrade-python3-ceph-common suse-upgrade-python3-cephfs suse-upgrade-python3-rados suse-upgrade-python3-rbd suse-upgrade-python3-rgw suse-upgrade-rados-objclass-devel suse-upgrade-rbd-fuse suse-upgrade-rbd-mirror suse-upgrade-rbd-nbd References https://attackerkb.com/topics/cve-2022-3854 CVE - 2022-3854

Alpine Linux: CVE-2023-1161: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 03/06/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file Solution(s) alpine-linux-upgrade-wireshark References https://attackerkb.com/topics/cve-2023-1161 CVE - 2023-1161 https://security.alpinelinux.org/vuln/CVE-2023-1161

Huawei EulerOS: CVE-2022-45141: samba security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) huawei-euleros-2_0_sp8-upgrade-ctdb huawei-euleros-2_0_sp8-upgrade-ctdb-tests huawei-euleros-2_0_sp8-upgrade-libsmbclient huawei-euleros-2_0_sp8-upgrade-libwbclient huawei-euleros-2_0_sp8-upgrade-python2-samba huawei-euleros-2_0_sp8-upgrade-python2-samba-test huawei-euleros-2_0_sp8-upgrade-python3-samba huawei-euleros-2_0_sp8-upgrade-python3-samba-test huawei-euleros-2_0_sp8-upgrade-samba huawei-euleros-2_0_sp8-upgrade-samba-client huawei-euleros-2_0_sp8-upgrade-samba-client-libs huawei-euleros-2_0_sp8-upgrade-samba-common huawei-euleros-2_0_sp8-upgrade-samba-common-libs huawei-euleros-2_0_sp8-upgrade-samba-common-tools huawei-euleros-2_0_sp8-upgrade-samba-dc-libs huawei-euleros-2_0_sp8-upgrade-samba-krb5-printing huawei-euleros-2_0_sp8-upgrade-samba-libs huawei-euleros-2_0_sp8-upgrade-samba-pidl huawei-euleros-2_0_sp8-upgrade-samba-test huawei-euleros-2_0_sp8-upgrade-samba-test-libs huawei-euleros-2_0_sp8-upgrade-samba-winbind huawei-euleros-2_0_sp8-upgrade-samba-winbind-clients huawei-euleros-2_0_sp8-upgrade-samba-winbind-krb5-locator huawei-euleros-2_0_sp8-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-45141 EulerOS-SA-2023-3157

Rocky Linux: CVE-2022-4904: nodejs-18 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) rocky-upgrade-nodejs rocky-upgrade-nodejs-debuginfo rocky-upgrade-nodejs-debugsource rocky-upgrade-nodejs-devel rocky-upgrade-nodejs-full-i18n rocky-upgrade-nodejs-libs rocky-upgrade-nodejs-libs-debuginfo rocky-upgrade-npm References https://attackerkb.com/topics/cve-2022-4904 CVE - 2022-4904 https://errata.rockylinux.org/RLSA-2023:1582 https://errata.rockylinux.org/RLSA-2023:1743 https://errata.rockylinux.org/RLSA-2023:2655 https://errata.rockylinux.org/RLSA-2023:4035

Debian: CVE-2023-0330: qemu -- security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 03/06/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. Solution(s) debian-upgrade-qemu References https://attackerkb.com/topics/cve-2023-0330 CVE - 2023-0330 DLA-3604-1

Alpine Linux: CVE-2019-8720: Improper Restriction of Operations within the Bounds of a Memory Buffer Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Solution(s) alpine-linux-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2019-8720 CVE - 2019-8720 https://security.alpinelinux.org/vuln/CVE-2019-8720

Huawei EulerOS: CVE-2022-3424: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/06/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2022-3424 CVE - 2022-3424 EulerOS-SA-2023-2152

Huawei EulerOS: CVE-2022-45141: samba security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) huawei-euleros-2_0_sp11-upgrade-libsmbclient huawei-euleros-2_0_sp11-upgrade-libwbclient huawei-euleros-2_0_sp11-upgrade-samba huawei-euleros-2_0_sp11-upgrade-samba-client huawei-euleros-2_0_sp11-upgrade-samba-common huawei-euleros-2_0_sp11-upgrade-samba-common-tools huawei-euleros-2_0_sp11-upgrade-samba-libs huawei-euleros-2_0_sp11-upgrade-samba-winbind huawei-euleros-2_0_sp11-upgrade-samba-winbind-clients huawei-euleros-2_0_sp11-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-45141 EulerOS-SA-2023-1791