ISHACK AI BOT

Debian: CVE-2023-1175: vim -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 06/14/2023 Added 06/14/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 DLA-3453-1

Amazon Linux AMI 2: CVE-2023-1175: Security patch for vim (ALAS-2023-2005) Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2023-1175 AL2/ALAS-2023-2005 CVE - 2023-1175

Ubuntu: USN-5963-1 (CVE-2023-1175): Vim vulnerabilities Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) ubuntu-pro-upgrade-vim ubuntu-pro-upgrade-vim-athena ubuntu-pro-upgrade-vim-athena-py2 ubuntu-pro-upgrade-vim-gtk ubuntu-pro-upgrade-vim-gtk-py2 ubuntu-pro-upgrade-vim-gtk3 ubuntu-pro-upgrade-vim-gtk3-py2 ubuntu-pro-upgrade-vim-nox ubuntu-pro-upgrade-vim-nox-py2 ubuntu-pro-upgrade-vim-tiny References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 USN-5963-1

Amazon Linux 2023: CVE-2023-1175: Medium priority package update for vim Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 03/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as "startspaces" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-common-debuginfo amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 https://alas.aws.amazon.com/AL2023/ALAS-2023-151.html

Amazon Linux 2023: CVE-2023-1170: Medium priority package update for vim Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 03/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-common-debuginfo amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170 https://alas.aws.amazon.com/AL2023/ALAS-2023-151.html

Huawei EulerOS: CVE-2023-1175: vim security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) huawei-euleros-2_0_sp5-upgrade-vim-common huawei-euleros-2_0_sp5-upgrade-vim-enhanced huawei-euleros-2_0_sp5-upgrade-vim-filesystem huawei-euleros-2_0_sp5-upgrade-vim-minimal huawei-euleros-2_0_sp5-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 EulerOS-SA-2023-2179

VMware Photon OS: CVE-2023-1175 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/04/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175

Amazon Linux AMI: CVE-2023-1175: Security patch for vim (ALAS-2023-1716) Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) amazon-linux-upgrade-vim References ALAS-2023-1716 CVE-2023-1175

Alma Linux: CVE-2023-26604: Moderate: systemd security and bug fix update (ALSA-2023-3837) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/30/2025 Description systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. Solution(s) alma-upgrade-systemd alma-upgrade-systemd-container alma-upgrade-systemd-devel alma-upgrade-systemd-journal-remote alma-upgrade-systemd-libs alma-upgrade-systemd-pam alma-upgrade-systemd-tests alma-upgrade-systemd-udev References https://attackerkb.com/topics/cve-2023-26604 CVE - 2023-26604 https://errata.almalinux.org/8/ALSA-2023-3837.html

Ubuntu: USN-6659-1 (CVE-2022-47665): libde265 vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/03/2023 Created 02/28/2024 Added 02/27/2024 Modified 01/28/2025 Description Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) Solution(s) ubuntu-pro-upgrade-libde265-0 References https://attackerkb.com/topics/cve-2022-47665 CVE - 2022-47665 USN-6659-1

Rocky Linux: CVE-2023-26604: systemd (RLSA-2023-3837) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. Solution(s) rocky-upgrade-systemd rocky-upgrade-systemd-container rocky-upgrade-systemd-container-debuginfo rocky-upgrade-systemd-debuginfo rocky-upgrade-systemd-debugsource rocky-upgrade-systemd-devel rocky-upgrade-systemd-journal-remote rocky-upgrade-systemd-journal-remote-debuginfo rocky-upgrade-systemd-libs rocky-upgrade-systemd-libs-debuginfo rocky-upgrade-systemd-pam rocky-upgrade-systemd-pam-debuginfo rocky-upgrade-systemd-tests rocky-upgrade-systemd-tests-debuginfo rocky-upgrade-systemd-udev rocky-upgrade-systemd-udev-debuginfo References https://attackerkb.com/topics/cve-2023-26604 CVE - 2023-26604 https://errata.rockylinux.org/RLSA-2023:3837

SUSE: CVE-2023-1170: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/03/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170

VMware Photon OS: CVE-2022-41862 Severity 3 CVSS (AV:N/AC:H/Au:N/C:P/I:N/A:N) Published 03/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-41862 CVE - 2022-41862

Ubuntu: (Multiple Advisories) (CVE-2023-0210): Linux kernel (OEM) vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/03/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1017-gkeop ubuntu-upgrade-linux-image-5-15-0-1026-raspi ubuntu-upgrade-linux-image-5-15-0-1026-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1027-ibm ubuntu-upgrade-linux-image-5-15-0-1027-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1029-gke ubuntu-upgrade-linux-image-5-15-0-1030-gke ubuntu-upgrade-linux-image-5-15-0-1030-kvm ubuntu-upgrade-linux-image-5-15-0-1031-gcp ubuntu-upgrade-linux-image-5-15-0-1032-oracle ubuntu-upgrade-linux-image-5-15-0-1033-aws ubuntu-upgrade-linux-image-5-15-0-1035-azure ubuntu-upgrade-linux-image-5-15-0-1035-azure-fde ubuntu-upgrade-linux-image-5-15-0-69-generic ubuntu-upgrade-linux-image-5-15-0-69-generic-64k ubuntu-upgrade-linux-image-5-15-0-69-generic-lpae ubuntu-upgrade-linux-image-5-15-0-69-lowlatency ubuntu-upgrade-linux-image-5-15-0-69-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1018-raspi ubuntu-upgrade-linux-image-5-19-0-1018-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1022-ibm ubuntu-upgrade-linux-image-5-19-0-1023-kvm ubuntu-upgrade-linux-image-5-19-0-1023-oracle ubuntu-upgrade-linux-image-5-19-0-1024-gcp ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1025-aws ubuntu-upgrade-linux-image-5-19-0-1026-azure ubuntu-upgrade-linux-image-5-19-0-42-generic ubuntu-upgrade-linux-image-5-19-0-42-generic-64k ubuntu-upgrade-linux-image-5-19-0-42-generic-lpae ubuntu-upgrade-linux-image-6-1-0-1007-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-0210 CVE - 2023-0210 USN-5915-1 USN-5982-1 USN-5987-1 USN-6004-1 USN-6079-1 USN-6091-1 USN-6096-1 View more

Ubuntu: USN-5963-1 (CVE-2023-1170): Vim vulnerabilities Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/03/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Solution(s) ubuntu-pro-upgrade-vim ubuntu-pro-upgrade-vim-athena ubuntu-pro-upgrade-vim-athena-py2 ubuntu-pro-upgrade-vim-gtk ubuntu-pro-upgrade-vim-gtk-py2 ubuntu-pro-upgrade-vim-gtk3 ubuntu-pro-upgrade-vim-gtk3-py2 ubuntu-pro-upgrade-vim-nox ubuntu-pro-upgrade-vim-nox-py2 ubuntu-pro-upgrade-vim-tiny References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170 USN-5963-1

Alpine Linux: CVE-2022-4645: Out-of-bounds Read Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/03/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. Solution(s) alpine-linux-upgrade-tiff References https://attackerkb.com/topics/cve-2022-4645 CVE - 2022-4645 https://security.alpinelinux.org/vuln/CVE-2022-4645

Alpine Linux: CVE-2023-1170: Vulnerability in Multiple Components Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/03/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170 https://security.alpinelinux.org/vuln/CVE-2023-1170

Alpine Linux: CVE-2023-27561: Use of Incorrectly-Resolved Name or Reference Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Solution(s) alpine-linux-upgrade-runc References https://attackerkb.com/topics/cve-2023-27561 CVE - 2023-27561 https://security.alpinelinux.org/vuln/CVE-2023-27561

Debian: CVE-2022-47664: libde265 -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/03/2023 Created 03/09/2023 Added 03/08/2023 Modified 01/28/2025 Description Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2022-47664 CVE - 2022-47664 DLA-3352-1 DSA-5346-1

Alpine Linux: CVE-2022-41862: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/03/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) alpine-linux-upgrade-postgresql alpine-linux-upgrade-postgresql13 alpine-linux-upgrade-postgresql14 alpine-linux-upgrade-postgresql12 alpine-linux-upgrade-postgresql15 References https://attackerkb.com/topics/cve-2022-41862 CVE - 2022-41862 https://security.alpinelinux.org/vuln/CVE-2022-41862

Gentoo Linux: CVE-2022-47665: libde265: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/03/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) Solution(s) gentoo-linux-upgrade-media-libs-libde265 References https://attackerkb.com/topics/cve-2022-47665 CVE - 2022-47665 202408-20

Debian: CVE-2023-1170: vim -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170

VMware Photon OS: CVE-2023-1170 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170

Amazon Linux AMI 2: CVE-2023-27561: Security patch for runc (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Solution(s) amazon-linux-ami-2-upgrade-runc amazon-linux-ami-2-upgrade-runc-debuginfo References https://attackerkb.com/topics/cve-2023-27561 AL2/ALASDOCKER-2023-025 AL2/ALASECS-2023-004 AL2/ALASNITRO-ENCLAVES-2023-024 CVE - 2023-27561

Gentoo Linux: CVE-2023-27561: runc: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Solution(s) gentoo-linux-upgrade-app-containers-runc References https://attackerkb.com/topics/cve-2023-27561 CVE - 2023-27561 202408-25