ISHACK AI BOT

CentOS Linux: CVE-2022-4904: Moderate: nodejs:16 security, bug fix, and enhancement update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) centos-upgrade-c-ares centos-upgrade-c-ares-debuginfo centos-upgrade-c-ares-debugsource centos-upgrade-c-ares-devel centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-libs centos-upgrade-nodejs-libs-debuginfo centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2022-4904

SUSE: CVE-2023-1161: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 03/06/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-1161 CVE - 2023-1161 DSA-5429

Wireshark : CVE-2023-1161 : ISO 15765 and ISO 10681 dissector crash Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 03/06/2023 Created 09/25/2024 Added 09/24/2024 Modified 01/28/2025 Description ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-3_6_12 wireshark-upgrade-4_0_4 References https://attackerkb.com/topics/cve-2023-1161 CVE - 2023-1161 https://www.wireshark.org/security/wnpa-sec-2023-08.html

Red Hat: CVE-2022-4904: buffer overflow in config_sortlist() due to missing string length check (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 04/04/2023 Added 04/03/2023 Modified 01/28/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) redhat-upgrade-c-ares redhat-upgrade-c-ares-debuginfo redhat-upgrade-c-ares-debugsource redhat-upgrade-c-ares-devel redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2022-4904 RHSA-2023:1533 RHSA-2023:1582 RHSA-2023:1742 RHSA-2023:1743 RHSA-2023:2654 RHSA-2023:2655 RHSA-2023:4035 RHSA-2023:5533 RHSA-2023:6291 RHSA-2023:6635 RHSA-2023:7116 RHSA-2023:7368 RHSA-2023:7543 View more

VMware Photon OS: CVE-2022-4904 Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-4904 CVE - 2022-4904

VMware Photon OS: CVE-2022-3424 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/06/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-3424 CVE - 2022-3424

Huawei EulerOS: CVE-2022-3707: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-3707 CVE - 2022-3707 EulerOS-SA-2023-1978

Ubuntu: USN-5907-1 (CVE-2022-4904): c-ares vulnerability Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 03/06/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. Solution(s) ubuntu-upgrade-libc-ares2 References https://attackerkb.com/topics/cve-2022-4904 CVE - 2022-4904 USN-5907-1

Gentoo Linux: CVE-2021-20251: Samba: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/06/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. Solution(s) gentoo-linux-upgrade-net-fs-samba References https://attackerkb.com/topics/cve-2021-20251 CVE - 2021-20251 202309-06

Gentoo Linux: CVE-2022-45141: Samba: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) gentoo-linux-upgrade-net-fs-samba References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-45141 202309-06

CentOS Linux: CVE-2022-3707: Important: kernel-rt security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2022-3707

Moodle: Authorization Bypass Through User-Controlled Key (CVE-2021-36400) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/06/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/30/2025 Description In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. Solution(s) moodle-upgrade-3_10_5 moodle-upgrade-3_11_1 moodle-upgrade-3_9_8 References https://attackerkb.com/topics/cve-2021-36400 CVE - 2021-36400 https://moodle.org/mod/forum/discuss.php?d=424806

Debian: CVE-2022-3707: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-3707 CVE - 2022-3707 DLA-3403-1 DLA-3404-1

Debian: CVE-2022-3854: ceph -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Solution(s) debian-upgrade-ceph References https://attackerkb.com/topics/cve-2022-3854 CVE - 2022-3854

Debian: CVE-2022-45141: samba -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-45141

Ubuntu: USN-6714-1 (CVE-2023-27635): Debian Goodies vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/05/2023 Created 03/27/2024 Added 03/26/2024 Modified 01/28/2025 Description debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.) Solution(s) ubuntu-upgrade-debian-goodies References https://attackerkb.com/topics/cve-2023-27635 CVE - 2023-27635 USN-6714-1

Oracle Linux: CVE-2023-38407: ELSA-2024-0130:frr security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/05/2023 Created 01/16/2024 Added 01/12/2024 Modified 01/07/2025 Description bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service. Solution(s) oracle-linux-upgrade-frr oracle-linux-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-38407 CVE - 2023-38407 ELSA-2024-0130 ELSA-2024-0477

Huawei EulerOS: CVE-2023-1175: vim security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) huawei-euleros-2_0_sp9-upgrade-vim-common huawei-euleros-2_0_sp9-upgrade-vim-enhanced huawei-euleros-2_0_sp9-upgrade-vim-filesystem huawei-euleros-2_0_sp9-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 EulerOS-SA-2023-1883

Huawei EulerOS: CVE-2023-1175: vim security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 EulerOS-SA-2023-2304

Oracle Linux: CVE-2023-26768: ELSA-2023-6385:liblouis security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/04/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/29/2024 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Solution(s) oracle-linux-upgrade-liblouis oracle-linux-upgrade-python3-louis References https://attackerkb.com/topics/cve-2023-26768 CVE - 2023-26768 ELSA-2023-6385

SUSE: CVE-2023-1175: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175

Huawei EulerOS: CVE-2023-1175: vim security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) huawei-euleros-2_0_sp8-upgrade-vim-common huawei-euleros-2_0_sp8-upgrade-vim-enhanced huawei-euleros-2_0_sp8-upgrade-vim-filesystem huawei-euleros-2_0_sp8-upgrade-vim-minimal huawei-euleros-2_0_sp8-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 EulerOS-SA-2023-3163

Alpine Linux: CVE-2023-1175: Incorrect Calculation of Buffer Size Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 https://security.alpinelinux.org/vuln/CVE-2023-1175

Huawei EulerOS: CVE-2023-1175: vim security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) huawei-euleros-2_0_sp10-upgrade-vim-common huawei-euleros-2_0_sp10-upgrade-vim-enhanced huawei-euleros-2_0_sp10-upgrade-vim-filesystem huawei-euleros-2_0_sp10-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 EulerOS-SA-2023-1833

Amazon Linux 2023: CVE-2023-1161: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 03/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file A flaw was found in the ISO 15765 and ISO 10681 dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an out-of-bounds write, resulting in a Denial of Service and limited memory corruption. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-1161 CVE - 2023-1161 https://alas.aws.amazon.com/AL2023/ALAS-2023-152.html