ISHACK AI BOT

Huawei EulerOS: CVE-2023-0797: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp11-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 EulerOS-SA-2023-2298

Huawei EulerOS: CVE-2023-0798: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp11-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0798 CVE - 2023-0798 EulerOS-SA-2023-2298

Huawei EulerOS: CVE-2023-0795: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp11-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 EulerOS-SA-2023-2298

SUSE: CVE-2023-42826: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/13/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk3-lang suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk3-devel References https://attackerkb.com/topics/cve-2023-42826 CVE - 2023-42826

Debian: CVE-2023-0818: gpac -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-0818 CVE - 2023-0818 DSA-5411 DSA-5411-1

Huawei EulerOS: CVE-2023-0799: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp11-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799 EulerOS-SA-2023-2298

Huawei EulerOS: CVE-2023-0796: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796 EulerOS-SA-2023-1874

Huawei EulerOS: CVE-2023-0803: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 EulerOS-SA-2023-1874

Debian: CVE-2023-25727: phpmyadmin -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 02/13/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. Solution(s) debian-upgrade-phpmyadmin References https://attackerkb.com/topics/cve-2023-25727 CVE - 2023-25727

Huawei EulerOS: CVE-2023-0797: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 EulerOS-SA-2023-1874

Huawei EulerOS: CVE-2023-0801: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0801 CVE - 2023-0801 EulerOS-SA-2023-1874

Huawei EulerOS: CVE-2023-0802: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 EulerOS-SA-2023-1874

Huawei EulerOS: CVE-2023-0802: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp10-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 EulerOS-SA-2023-1979

Amazon Linux AMI 2: CVE-2023-0803: Security patch for compat-libtiff3, libtiff (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-ami-2-upgrade-compat-libtiff3 amazon-linux-ami-2-upgrade-compat-libtiff3-debuginfo amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0803 AL2/ALAS-2023-2235 AL2/ALAS-2023-2236 CVE - 2023-0803

Alma Linux: CVE-2023-0798: Moderate: libtiff security update (ALSA-2023-3711) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) alma-upgrade-libtiff alma-upgrade-libtiff-devel alma-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0798 CVE - 2023-0798 https://errata.almalinux.org/9/ALSA-2023-3711.html

VMware Photon OS: CVE-2023-0797 Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797

VMware Photon OS: CVE-2023-0804 Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804

Debian: CVE-2021-1494: snort -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 02/13/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/30/2025 Description Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. Solution(s) debian-upgrade-snort References https://attackerkb.com/topics/cve-2021-1494 CVE - 2021-1494 DLA-3317-1

Huawei EulerOS: CVE-2023-0799: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp5-upgrade-libtiff huawei-euleros-2_0_sp5-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799 EulerOS-SA-2023-2157

SUSE: CVE-2023-25727: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 02/13/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. Solution(s) suse-upgrade-phpmyadmin suse-upgrade-phpmyadmin-apache suse-upgrade-phpmyadmin-lang References https://attackerkb.com/topics/cve-2023-25727 CVE - 2023-25727

SUSE: CVE-2023-0802: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 DSA-5361

Huawei EulerOS: CVE-2023-0801: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0801 CVE - 2023-0801 EulerOS-SA-2023-1599

Huawei EulerOS: CVE-2023-0802: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 EulerOS-SA-2023-1599

Huawei EulerOS: CVE-2023-0795: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp5-upgrade-libtiff huawei-euleros-2_0_sp5-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 EulerOS-SA-2023-2157

Huawei EulerOS: CVE-2023-0803: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 EulerOS-SA-2023-1599