ISHACK AI BOT

CentOS Linux: CVE-2023-23529: Important: webkit2gtk3 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-23529

Debian: CVE-2023-0929: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0929 CVE - 2023-0929 DSA-5359-1

Ubuntu: USN-5949-1 (CVE-2023-0931): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0931 CVE - 2023-0931 USN-5949-1

FreeBSD: VID-4D6B5EA9-BC64-4E77-A7EE-D62BA68A80DD (CVE-2023-0927): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/24/2023 Modified 01/28/2025 Description Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0927

Ubuntu: (Multiple Advisories) (CVE-2023-26253): GlusterFS vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/21/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Solution(s) ubuntu-pro-upgrade-glusterfs-client ubuntu-pro-upgrade-glusterfs-common ubuntu-pro-upgrade-glusterfs-server References https://attackerkb.com/topics/cve-2023-26253 CVE - 2023-26253 USN-5989-1 USN-6157-1

FreeBSD: VID-4D6B5EA9-BC64-4E77-A7EE-D62BA68A80DD (CVE-2023-0930): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/24/2023 Modified 01/28/2025 Description Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0930

Oracle Linux: CVE-2022-48338: ELSA-2023-2626:emacs security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/21/2023 Created 05/18/2023 Added 05/17/2023 Modified 12/18/2024 Description An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection. Solution(s) oracle-linux-upgrade-emacs oracle-linux-upgrade-emacs-common oracle-linux-upgrade-emacs-filesystem oracle-linux-upgrade-emacs-lucid oracle-linux-upgrade-emacs-nox References https://attackerkb.com/topics/cve-2022-48338 CVE - 2022-48338 ELSA-2023-2626

Amazon Linux AMI 2: CVE-2023-26253: Security patch for glusterfs (ALAS-2023-2071) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/21/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Solution(s) amazon-linux-ami-2-upgrade-glusterfs amazon-linux-ami-2-upgrade-glusterfs-api amazon-linux-ami-2-upgrade-glusterfs-api-devel amazon-linux-ami-2-upgrade-glusterfs-cli amazon-linux-ami-2-upgrade-glusterfs-client-xlators amazon-linux-ami-2-upgrade-glusterfs-debuginfo amazon-linux-ami-2-upgrade-glusterfs-devel amazon-linux-ami-2-upgrade-glusterfs-fuse amazon-linux-ami-2-upgrade-glusterfs-libs amazon-linux-ami-2-upgrade-glusterfs-rdma amazon-linux-ami-2-upgrade-python2-gluster References https://attackerkb.com/topics/cve-2023-26253 AL2/ALAS-2023-2071 CVE - 2023-26253

Huawei EulerOS: CVE-2022-48340: glusterfs security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/21/2023 Created 05/10/2024 Added 05/13/2024 Modified 01/28/2025 Description In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. Solution(s) huawei-euleros-2_0_sp10-upgrade-glusterfs huawei-euleros-2_0_sp10-upgrade-python3-gluster References https://attackerkb.com/topics/cve-2022-48340 CVE - 2022-48340 EulerOS-SA-2024-1588

Huawei EulerOS: CVE-2022-48340: glusterfs security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/21/2023 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. Solution(s) huawei-euleros-2_0_sp11-upgrade-glusterfs huawei-euleros-2_0_sp11-upgrade-glusterfs-cli huawei-euleros-2_0_sp11-upgrade-glusterfs-client-xlators huawei-euleros-2_0_sp11-upgrade-glusterfs-events huawei-euleros-2_0_sp11-upgrade-glusterfs-fuse huawei-euleros-2_0_sp11-upgrade-glusterfs-server huawei-euleros-2_0_sp11-upgrade-glusterfs-thin-arbiter huawei-euleros-2_0_sp11-upgrade-libgfapi0 huawei-euleros-2_0_sp11-upgrade-libgfchangelog0 huawei-euleros-2_0_sp11-upgrade-libgfrpc0 huawei-euleros-2_0_sp11-upgrade-libgfxdr0 huawei-euleros-2_0_sp11-upgrade-libglusterd0 huawei-euleros-2_0_sp11-upgrade-libglusterfs0 huawei-euleros-2_0_sp11-upgrade-python3-gluster References https://attackerkb.com/topics/cve-2022-48340 CVE - 2022-48340 EulerOS-SA-2024-1833

CentOS Linux: CVE-2022-31631: Moderate: php:8.0 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/21/2023 Created 02/22/2023 Added 02/22/2023 Modified 06/05/2023 Description A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. Solution(s) centos-upgrade-apcu-panel centos-upgrade-libzip centos-upgrade-libzip-debuginfo centos-upgrade-libzip-debugsource centos-upgrade-libzip-devel centos-upgrade-libzip-tools centos-upgrade-libzip-tools-debuginfo centos-upgrade-php centos-upgrade-php-bcmath centos-upgrade-php-bcmath-debuginfo centos-upgrade-php-cli centos-upgrade-php-cli-debuginfo centos-upgrade-php-common centos-upgrade-php-common-debuginfo centos-upgrade-php-dba centos-upgrade-php-dba-debuginfo centos-upgrade-php-dbg centos-upgrade-php-dbg-debuginfo centos-upgrade-php-debuginfo centos-upgrade-php-debugsource centos-upgrade-php-devel centos-upgrade-php-embedded centos-upgrade-php-embedded-debuginfo centos-upgrade-php-enchant centos-upgrade-php-enchant-debuginfo centos-upgrade-php-ffi centos-upgrade-php-ffi-debuginfo centos-upgrade-php-fpm centos-upgrade-php-fpm-debuginfo centos-upgrade-php-gd centos-upgrade-php-gd-debuginfo centos-upgrade-php-gmp centos-upgrade-php-gmp-debuginfo centos-upgrade-php-intl centos-upgrade-php-intl-debuginfo centos-upgrade-php-json centos-upgrade-php-json-debuginfo centos-upgrade-php-ldap centos-upgrade-php-ldap-debuginfo centos-upgrade-php-mbstring centos-upgrade-php-mbstring-debuginfo centos-upgrade-php-mysqlnd centos-upgrade-php-mysqlnd-debuginfo centos-upgrade-php-odbc centos-upgrade-php-odbc-debuginfo centos-upgrade-php-opcache centos-upgrade-php-opcache-debuginfo centos-upgrade-php-pdo centos-upgrade-php-pdo-debuginfo centos-upgrade-php-pear centos-upgrade-php-pecl-apcu centos-upgrade-php-pecl-apcu-debuginfo centos-upgrade-php-pecl-apcu-debugsource centos-upgrade-php-pecl-apcu-devel centos-upgrade-php-pecl-rrd centos-upgrade-php-pecl-rrd-debuginfo centos-upgrade-php-pecl-rrd-debugsource centos-upgrade-php-pecl-xdebug centos-upgrade-php-pecl-xdebug-debuginfo centos-upgrade-php-pecl-xdebug-debugsource centos-upgrade-php-pecl-xdebug3 centos-upgrade-php-pecl-xdebug3-debuginfo centos-upgrade-php-pecl-xdebug3-debugsource centos-upgrade-php-pecl-zip centos-upgrade-php-pecl-zip-debuginfo centos-upgrade-php-pecl-zip-debugsource centos-upgrade-php-pgsql centos-upgrade-php-pgsql-debuginfo centos-upgrade-php-process centos-upgrade-php-process-debuginfo centos-upgrade-php-snmp centos-upgrade-php-snmp-debuginfo centos-upgrade-php-soap centos-upgrade-php-soap-debuginfo centos-upgrade-php-xml centos-upgrade-php-xml-debuginfo centos-upgrade-php-xmlrpc centos-upgrade-php-xmlrpc-debuginfo References CESA-2023:0848 CESA-2023:0965 CESA-2023:2417 CESA-2023:2903 CVE-2022-31631

Oracle Linux: CVE-2023-23009: ELSA-2023-2633:libreswan security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/21/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/05/2024 Description Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. A flaw was found in the Libreswan package. A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service. Solution(s) oracle-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-23009 CVE - 2023-23009 ELSA-2023-2633 ELSA-2023-3095

OS X update for Crash Reporter (CVE-2023-23520) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/21/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. Solution(s) apple-osx-upgrade-13_2 References https://attackerkb.com/topics/cve-2023-23520 CVE - 2023-23520 https://support.apple.com/kb/HT213605

Amazon Linux 2023: CVE-2022-48337: Important priority package update for emacs Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file. Solution(s) amazon-linux-2023-upgrade-emacs amazon-linux-2023-upgrade-emacs-common amazon-linux-2023-upgrade-emacs-common-debuginfo amazon-linux-2023-upgrade-emacs-debuginfo amazon-linux-2023-upgrade-emacs-debugsource amazon-linux-2023-upgrade-emacs-devel amazon-linux-2023-upgrade-emacs-filesystem amazon-linux-2023-upgrade-emacs-lucid amazon-linux-2023-upgrade-emacs-lucid-debuginfo amazon-linux-2023-upgrade-emacs-nox amazon-linux-2023-upgrade-emacs-nox-debuginfo amazon-linux-2023-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2022-48337 CVE - 2022-48337 https://alas.aws.amazon.com/AL2023/ALAS-2023-122.html

Amazon Linux 2023: CVE-2022-48339: Important priority package update for emacs Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed. Solution(s) amazon-linux-2023-upgrade-emacs amazon-linux-2023-upgrade-emacs-common amazon-linux-2023-upgrade-emacs-common-debuginfo amazon-linux-2023-upgrade-emacs-debuginfo amazon-linux-2023-upgrade-emacs-debugsource amazon-linux-2023-upgrade-emacs-devel amazon-linux-2023-upgrade-emacs-filesystem amazon-linux-2023-upgrade-emacs-lucid amazon-linux-2023-upgrade-emacs-lucid-debuginfo amazon-linux-2023-upgrade-emacs-nox amazon-linux-2023-upgrade-emacs-nox-debuginfo amazon-linux-2023-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2022-48339 CVE - 2022-48339 https://alas.aws.amazon.com/AL2023/ALAS-2023-122.html

Huawei EulerOS: CVE-2015-10082: libplist security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/21/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. Solution(s) huawei-euleros-2_0_sp5-upgrade-libplist References https://attackerkb.com/topics/cve-2015-10082 CVE - 2015-10082 EulerOS-SA-2024-1147

Huawei EulerOS: CVE-2022-48340: glusterfs security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/21/2023 Created 07/17/2024 Added 07/17/2024 Modified 01/28/2025 Description In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. Solution(s) huawei-euleros-2_0_sp9-upgrade-glusterfs huawei-euleros-2_0_sp9-upgrade-python3-gluster References https://attackerkb.com/topics/cve-2022-48340 CVE - 2022-48340 EulerOS-SA-2024-1960

Huawei EulerOS: CVE-2023-26253: glusterfs security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Solution(s) huawei-euleros-2_0_sp11-upgrade-glusterfs huawei-euleros-2_0_sp11-upgrade-glusterfs-cli huawei-euleros-2_0_sp11-upgrade-glusterfs-client-xlators huawei-euleros-2_0_sp11-upgrade-glusterfs-events huawei-euleros-2_0_sp11-upgrade-glusterfs-fuse huawei-euleros-2_0_sp11-upgrade-glusterfs-server huawei-euleros-2_0_sp11-upgrade-glusterfs-thin-arbiter huawei-euleros-2_0_sp11-upgrade-libgfapi0 huawei-euleros-2_0_sp11-upgrade-libgfchangelog0 huawei-euleros-2_0_sp11-upgrade-libgfrpc0 huawei-euleros-2_0_sp11-upgrade-libgfxdr0 huawei-euleros-2_0_sp11-upgrade-libglusterd0 huawei-euleros-2_0_sp11-upgrade-libglusterfs0 huawei-euleros-2_0_sp11-upgrade-python3-gluster References https://attackerkb.com/topics/cve-2023-26253 CVE - 2023-26253 EulerOS-SA-2023-2685

Gentoo Linux: CVE-2023-26266: AFLplusplus: Arbitrary Code Execution Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 02/21/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. Solution(s) gentoo-linux-upgrade-app-forensics-aflplusplus References https://attackerkb.com/topics/cve-2023-26266 CVE - 2023-26266 202408-27

SUSE: CVE-2022-31394: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/21/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. Solution(s) suse-upgrade-aws-nitro-enclaves-binaryblobs-upstream suse-upgrade-aws-nitro-enclaves-cli suse-upgrade-gstreamer-plugins-rs suse-upgrade-gstreamer-plugins-rs-devel suse-upgrade-rustup suse-upgrade-sccache suse-upgrade-system-group-ne References https://attackerkb.com/topics/cve-2022-31394 CVE - 2022-31394

Alpine Linux: CVE-2023-23009: Uncontrolled Resource Consumption Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/21/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. Solution(s) alpine-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-23009 CVE - 2023-23009 https://security.alpinelinux.org/vuln/CVE-2023-23009

Amazon Linux 2023: CVE-2022-48338: Important priority package update for emacs Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection. Solution(s) amazon-linux-2023-upgrade-emacs amazon-linux-2023-upgrade-emacs-common amazon-linux-2023-upgrade-emacs-common-debuginfo amazon-linux-2023-upgrade-emacs-debuginfo amazon-linux-2023-upgrade-emacs-debugsource amazon-linux-2023-upgrade-emacs-devel amazon-linux-2023-upgrade-emacs-filesystem amazon-linux-2023-upgrade-emacs-lucid amazon-linux-2023-upgrade-emacs-lucid-debuginfo amazon-linux-2023-upgrade-emacs-nox amazon-linux-2023-upgrade-emacs-nox-debuginfo amazon-linux-2023-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2022-48338 CVE - 2022-48338 https://alas.aws.amazon.com/AL2023/ALAS-2023-122.html

CentOS Linux: CVE-2023-23009: Moderate: libreswan security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/21/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. Solution(s) centos-upgrade-libreswan centos-upgrade-libreswan-debuginfo centos-upgrade-libreswan-debugsource References DSA-5368 CVE-2023-23009

Alma Linux: CVE-2023-23009: Moderate: libreswan security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/21/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. Solution(s) alma-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-23009 CVE - 2023-23009 https://errata.almalinux.org/8/ALSA-2023-3095.html https://errata.almalinux.org/9/ALSA-2023-2633.html

Huawei EulerOS: CVE-2022-48339: emacs security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/20/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. Solution(s) huawei-euleros-2_0_sp10-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2022-48339 CVE - 2022-48339 EulerOS-SA-2023-1972