ISHACK AI BOT

NotepadPlusPlus: Out-of-bounds Write (CVE-2022-31901) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/19/2023 Created 03/17/2023 Added 03/17/2023 Modified 01/28/2025 Description Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. Solution(s) notepadplusplus-upgrade-latest References https://attackerkb.com/topics/cve-2022-31901 CVE - 2022-31901 https://github.com/CDACesec/CVE-2022-31901

FreeBSD: VID-DC49F6DC-99D2-11ED-86E9-D4C9EF517024 (CVE-2023-21866): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21866

Oracle E-Business Suite: CVE-2023-21853: Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization).Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Mobile Field Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Solution(s) oracle-ebs-jan-2023-cpu-12_2 References https://attackerkb.com/topics/cve-2023-21853 CVE - 2023-21853 https://support.oracle.com/epmos/faces/DocumentDisplay?id=2916871.1 https://www.oracle.com/security-alerts/cpujan2023.html

FreeBSD: VID-DC49F6DC-99D2-11ED-86E9-D4C9EF517024 (CVE-2023-21836): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21836

OS X update for MallocStackLogging (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

FreeBSD: VID-DC49F6DC-99D2-11ED-86E9-D4C9EF517024 (CVE-2023-21882): MySQL -- Multiple vulnerabilities Severity 3 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:N) Published 01/18/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21882

FreeBSD: VID-DC49F6DC-99D2-11ED-86E9-D4C9EF517024 (CVE-2023-21872): MySQL -- Multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21872

FreeBSD: VID-DC49F6DC-99D2-11ED-86E9-D4C9EF517024 (CVE-2023-21867): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21867

FreeBSD: VID-DC49F6DC-99D2-11ED-86E9-D4C9EF517024 (CVE-2023-21877): MySQL -- Multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21877

Huawei EulerOS: CVE-2023-21830: java-1.8.0-openjdk security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk-devel huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk-headless References https://attackerkb.com/topics/cve-2023-21830 CVE - 2023-21830 EulerOS-SA-2023-1597

FreeBSD: VID-DC49F6DC-99D2-11ED-86E9-D4C9EF517024 (CVE-2023-21879): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21879

Debian: CVE-2022-47950: swift -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 01/18/2023 Created 01/26/2023 Added 01/26/2023 Modified 01/28/2025 Description An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). Solution(s) debian-upgrade-swift References https://attackerkb.com/topics/cve-2022-47950 CVE - 2022-47950 DLA-3281-1 DSA-5327-1

Foxit Reader: Out-of-bounds Read (CVE-2022-47881) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/18/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2022-47881 CVE - 2022-47881 https://hacksys.io/advisories/HI-2022-005 https://www.foxit.com/support/security-bulletins.html https://www.foxitsoftware.com/support/security-bulletins.php

Debian: CVE-2022-25901: node-cookiejar -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/18/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/30/2025 Description Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression. Solution(s) debian-upgrade-node-cookiejar References https://attackerkb.com/topics/cve-2022-25901 CVE - 2022-25901 DLA-3561-1

Huawei EulerOS: CVE-2023-22809: sudo security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. Solution(s) huawei-euleros-2_0_sp5-upgrade-sudo References https://attackerkb.com/topics/cve-2023-22809 CVE - 2023-22809 EulerOS-SA-2023-2173

CentOS Linux: CVE-2023-21873: Important: mysql security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) centos-upgrade-mecab centos-upgrade-mecab-debuginfo centos-upgrade-mecab-debugsource centos-upgrade-mecab-devel centos-upgrade-mecab-ipadic centos-upgrade-mecab-ipadic-eucjp centos-upgrade-mysql centos-upgrade-mysql-common centos-upgrade-mysql-debuginfo centos-upgrade-mysql-debugsource centos-upgrade-mysql-devel centos-upgrade-mysql-devel-debuginfo centos-upgrade-mysql-errmsg centos-upgrade-mysql-libs centos-upgrade-mysql-libs-debuginfo centos-upgrade-mysql-server centos-upgrade-mysql-server-debuginfo centos-upgrade-mysql-test centos-upgrade-mysql-test-debuginfo References CVE-2023-21873

SUSE: CVE-2023-22809: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 01/20/2023 Added 01/20/2023 Modified 01/28/2025 Description In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. Solution(s) suse-upgrade-sudo suse-upgrade-sudo-devel suse-upgrade-sudo-plugin-python suse-upgrade-sudo-test References https://attackerkb.com/topics/cve-2023-22809 CVE - 2023-22809 DSA-5321

SUSE: CVE-2023-21889: SUSE Linux Security Advisory Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 01/18/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).Supported versions that are affected are Prior to 6.1.42 andprior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).Successful attacks of this vulnerability can result inunauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Solution(s) suse-upgrade-python3-virtualbox suse-upgrade-virtualbox suse-upgrade-virtualbox-devel suse-upgrade-virtualbox-guest-desktop-icons suse-upgrade-virtualbox-guest-source suse-upgrade-virtualbox-guest-tools suse-upgrade-virtualbox-host-source suse-upgrade-virtualbox-kmp-default suse-upgrade-virtualbox-qt suse-upgrade-virtualbox-vnc suse-upgrade-virtualbox-websrv References https://attackerkb.com/topics/cve-2023-21889 CVE - 2023-21889

Oracle MySQL Vulnerability: CVE-2023-21875 Severity 7 CVSS (AV:N/AC:M/Au:M/C:N/I:C/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/26/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2023-21875 CVE - 2023-21875 https://www.oracle.com/security-alerts/cpujan2023.html

Oracle MySQL Vulnerability: CVE-2023-21887 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2023-21887 CVE - 2023-21887 https://www.oracle.com/security-alerts/cpujan2023.html

SUSE: CVE-2023-21884: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).Supported versions that are affected are Prior to 6.1.42 andprior to 7.0.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) suse-upgrade-python3-virtualbox suse-upgrade-virtualbox suse-upgrade-virtualbox-devel suse-upgrade-virtualbox-guest-desktop-icons suse-upgrade-virtualbox-guest-source suse-upgrade-virtualbox-guest-tools suse-upgrade-virtualbox-host-source suse-upgrade-virtualbox-kmp-default suse-upgrade-virtualbox-qt suse-upgrade-virtualbox-vnc suse-upgrade-virtualbox-websrv References https://attackerkb.com/topics/cve-2023-21884 CVE - 2023-21884

Amazon Linux AMI 2: CVE-2023-21830: Security patch for java-1.8.0-amazon-corretto, java-1.8.0-openjdk (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) amazon-linux-ami-2-upgrade-java-1-8-0-amazon-corretto amazon-linux-ami-2-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-ami-2-upgrade-java-1-8-0-openjdk amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-accessibility amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-accessibility-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-debuginfo amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-demo amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-demo-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-devel amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-devel-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-headless amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-headless-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc-zip amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc-zip-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-src amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-src-debug References https://attackerkb.com/topics/cve-2023-21830 AL2/ALAS-2023-1963 AL2/ALASCORRETTO8-2023-005 CVE - 2023-21830

Amazon Linux AMI 2: CVE-2023-21843: Security patch for java-1.8.0-amazon-corretto, java-11-amazon-corretto, java-11-openjdk, java-17-amazon-corretto (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) amazon-linux-ami-2-upgrade-java-1-8-0-amazon-corretto amazon-linux-ami-2-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-ami-2-upgrade-java-11-amazon-corretto amazon-linux-ami-2-upgrade-java-11-amazon-corretto-headless amazon-linux-ami-2-upgrade-java-11-amazon-corretto-javadoc amazon-linux-ami-2-upgrade-java-11-openjdk amazon-linux-ami-2-upgrade-java-11-openjdk-debug amazon-linux-ami-2-upgrade-java-11-openjdk-debuginfo amazon-linux-ami-2-upgrade-java-11-openjdk-demo amazon-linux-ami-2-upgrade-java-11-openjdk-demo-debug amazon-linux-ami-2-upgrade-java-11-openjdk-devel amazon-linux-ami-2-upgrade-java-11-openjdk-devel-debug amazon-linux-ami-2-upgrade-java-11-openjdk-headless amazon-linux-ami-2-upgrade-java-11-openjdk-headless-debug amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc-debug amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc-zip amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc-zip-debug amazon-linux-ami-2-upgrade-java-11-openjdk-jmods amazon-linux-ami-2-upgrade-java-11-openjdk-jmods-debug amazon-linux-ami-2-upgrade-java-11-openjdk-src amazon-linux-ami-2-upgrade-java-11-openjdk-src-debug amazon-linux-ami-2-upgrade-java-11-openjdk-static-libs amazon-linux-ami-2-upgrade-java-11-openjdk-static-libs-debug amazon-linux-ami-2-upgrade-java-17-amazon-corretto amazon-linux-ami-2-upgrade-java-17-amazon-corretto-devel amazon-linux-ami-2-upgrade-java-17-amazon-corretto-headless amazon-linux-ami-2-upgrade-java-17-amazon-corretto-javadoc amazon-linux-ami-2-upgrade-java-17-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2023-21843 AL2/ALAS-2023-1918 AL2/ALAS-2023-1919 AL2/ALASCORRETTO8-2023-005 AL2/ALASJAVA-OPENJDK11-2023-003 CVE - 2023-21843

OS X update for PDFKit (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI: CVE-2023-21840: Security patch for mysql57 (ALAS-2023-1686) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 02/24/2023 Added 02/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) amazon-linux-upgrade-mysql57 References ALAS-2023-1686 CVE-2023-21840 USN-5823-1 USN-5823-2