ISHACK AI BOT

Huawei EulerOS: CVE-2023-1118: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/02/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-1118 CVE - 2023-1118 EulerOS-SA-2023-1873

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2022-3758): Gitlab -- Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-3758

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2022-4331): Gitlab -- Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:N) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-4331

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2022-4462): Gitlab -- Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-4462

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2023-1072): Gitlab -- Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-1072

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2022-4007): Gitlab -- Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-4007

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2023-0483): Gitlab -- Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0483

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2022-4289): Gitlab -- Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-4289

SUSE: CVE-2023-25155: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/02/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) suse-upgrade-redis suse-upgrade-redis7 References https://attackerkb.com/topics/cve-2023-25155 CVE - 2023-25155

Red Hat: CVE-2023-25360: renderer() (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/02/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-25360 RHSA-2023:2256 RHSA-2023:2834

Alma Linux: CVE-2023-25155: Important: redis:6 security update (ALSA-2025-0595) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/02/2023 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) alma-upgrade-redis alma-upgrade-redis-devel alma-upgrade-redis-doc References https://attackerkb.com/topics/cve-2023-25155 CVE - 2023-25155 https://errata.almalinux.org/8/ALSA-2025-0595.html

Amazon Linux 2023: CVE-2022-4645: Medium priority package update for libtiff Severity 5 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:C) Published 03/01/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2022-4645 CVE - 2022-4645 https://alas.aws.amazon.com/AL2023/ALAS-2023-230.html

Alma Linux: CVE-2023-25360: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/02/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-25360 CVE - 2023-25360 https://errata.almalinux.org/8/ALSA-2023-2834.html https://errata.almalinux.org/9/ALSA-2023-2256.html

VMware Photon OS: CVE-2022-3294 Severity 7 CVSS (AV:N/AC:H/Au:M/C:C/I:C/A:C) Published 03/01/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-3294 CVE - 2022-3294

Ubuntu: USN-5887-1 (CVE-2023-20032): ClamAV vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/01/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. Solution(s) ubuntu-pro-upgrade-clamav References https://attackerkb.com/topics/cve-2023-20032 CVE - 2023-20032 USN-5887-1

Gentoo Linux: CVE-2023-24751: libde265: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/01/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. Solution(s) gentoo-linux-upgrade-media-libs-libde265 References https://attackerkb.com/topics/cve-2023-24751 CVE - 2023-24751 202408-20

SUSE: CVE-2022-3162: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/01/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group. Solution(s) suse-upgrade-kubernetes1-23-client suse-upgrade-kubernetes1-23-client-common suse-upgrade-kubernetes1-24-client suse-upgrade-kubernetes1-24-client-common References https://attackerkb.com/topics/cve-2022-3162 CVE - 2022-3162

Google Chrome Vulnerability: CVE-2023-0927 Use after free in Web Payments API Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/01/2023 Created 03/02/2023 Added 03/01/2023 Modified 01/28/2025 Description Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-0927 CVE - 2023-0927 https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html

Ubuntu: (Multiple Advisories) (CVE-2022-27672): Linux kernel (OEM) vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 03/01/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1124-oracle ubuntu-upgrade-linux-image-4-15-0-1145-kvm ubuntu-upgrade-linux-image-4-15-0-1155-gcp ubuntu-upgrade-linux-image-4-15-0-1161-aws ubuntu-upgrade-linux-image-4-15-0-1170-azure ubuntu-upgrade-linux-image-4-15-0-218-generic ubuntu-upgrade-linux-image-4-15-0-218-lowlatency ubuntu-upgrade-linux-image-5-15-0-1020-gkeop ubuntu-upgrade-linux-image-5-15-0-1029-raspi ubuntu-upgrade-linux-image-5-15-0-1029-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1030-ibm ubuntu-upgrade-linux-image-5-15-0-1030-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1033-gke ubuntu-upgrade-linux-image-5-15-0-1033-kvm ubuntu-upgrade-linux-image-5-15-0-1034-gcp ubuntu-upgrade-linux-image-5-15-0-1035-oracle ubuntu-upgrade-linux-image-5-15-0-1036-aws ubuntu-upgrade-linux-image-5-15-0-1038-azure ubuntu-upgrade-linux-image-5-15-0-1038-azure-fde ubuntu-upgrade-linux-image-5-15-0-72-generic ubuntu-upgrade-linux-image-5-15-0-72-generic-64k ubuntu-upgrade-linux-image-5-15-0-72-generic-lpae ubuntu-upgrade-linux-image-5-15-0-72-lowlatency ubuntu-upgrade-linux-image-5-15-0-72-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1018-raspi ubuntu-upgrade-linux-image-5-19-0-1018-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1022-ibm ubuntu-upgrade-linux-image-5-19-0-1023-kvm ubuntu-upgrade-linux-image-5-19-0-1023-oracle ubuntu-upgrade-linux-image-5-19-0-1024-gcp ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1025-aws ubuntu-upgrade-linux-image-5-19-0-1026-azure ubuntu-upgrade-linux-image-5-19-0-42-generic ubuntu-upgrade-linux-image-5-19-0-42-generic-64k ubuntu-upgrade-linux-image-5-19-0-42-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1019-iot ubuntu-upgrade-linux-image-5-4-0-1027-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1054-ibm ubuntu-upgrade-linux-image-5-4-0-1068-bluefield ubuntu-upgrade-linux-image-5-4-0-1074-gkeop ubuntu-upgrade-linux-image-5-4-0-1091-raspi ubuntu-upgrade-linux-image-5-4-0-1096-kvm ubuntu-upgrade-linux-image-5-4-0-1105-gke ubuntu-upgrade-linux-image-5-4-0-1106-oracle ubuntu-upgrade-linux-image-5-4-0-1107-aws ubuntu-upgrade-linux-image-5-4-0-1110-gcp ubuntu-upgrade-linux-image-5-4-0-1113-azure ubuntu-upgrade-linux-image-5-4-0-1114-azure ubuntu-upgrade-linux-image-5-4-0-156-generic ubuntu-upgrade-linux-image-5-4-0-156-generic-lpae ubuntu-upgrade-linux-image-5-4-0-156-lowlatency ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-6-1-0-1008-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2022-27672 CVE - 2022-27672 USN-5978-1 USN-6079-1 USN-6080-1 USN-6085-1 USN-6090-1 USN-6091-1 USN-6096-1 USN-6133-1 USN-6134-1 USN-6284-1 USN-6301-1 USN-6312-1 USN-6314-1 USN-6331-1 USN-6337-1 USN-6385-1 USN-6396-1 USN-6396-2 USN-6396-3 View more

Debian: CVE-2022-36021: redis -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/01/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. Solution(s) debian-upgrade-redis References https://attackerkb.com/topics/cve-2022-36021 CVE - 2022-36021 DLA-3361-1

Debian: CVE-2023-23002: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/01/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-23002 CVE - 2023-23002

Debian: CVE-2022-3294: kubernetes -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/01/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. Solution(s) debian-upgrade-kubernetes References https://attackerkb.com/topics/cve-2022-3294 CVE - 2022-3294

Debian: CVE-2023-24757: libde265 -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/01/2023 Created 03/07/2023 Added 03/06/2023 Modified 01/28/2025 Description libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-24757 CVE - 2023-24757 DLA-3352-1 DSA-5346-1

Google Chrome Vulnerability: CVE-2023-0928 Use after free in SwiftShader Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/01/2023 Created 03/02/2023 Added 03/01/2023 Modified 01/28/2025 Description Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-0928 CVE - 2023-0928 https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html

Ubuntu: USN-6531-1 (CVE-2022-36021): Redis vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/01/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. Solution(s) ubuntu-pro-upgrade-redis-server ubuntu-pro-upgrade-redis-tools References https://attackerkb.com/topics/cve-2022-36021 CVE - 2022-36021 USN-6531-1