ISHACK AI BOT

OS X update for Model I/O (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Java CPU January 2023 Oracle Java SE, Oracle GraalVM Enterprise Edition vulnerability (CVE-2023-21843) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 03/24/2023 Added 03/24/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2023-21843 CVE - 2023-21843 http://www.oracle.com/security-alerts/cpujan2023.html

Oracle MySQL Vulnerability: CVE-2023-21877 Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/26/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2023-21877 CVE - 2023-21877 https://www.oracle.com/security-alerts/cpujan2023.html

Java CPU January 2023 Oracle Java SE, Oracle GraalVM Enterprise Edition vulnerability (CVE-2023-21835) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/18/2023 Created 03/24/2023 Added 03/24/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2023-21835 CVE - 2023-21835 http://www.oracle.com/security-alerts/cpujan2023.html

SUSE: CVE-2023-21898: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/18/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).Supported versions that are affected are Prior to 6.1.42 andprior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) suse-upgrade-python3-virtualbox suse-upgrade-virtualbox suse-upgrade-virtualbox-devel suse-upgrade-virtualbox-guest-desktop-icons suse-upgrade-virtualbox-guest-source suse-upgrade-virtualbox-guest-tools suse-upgrade-virtualbox-host-source suse-upgrade-virtualbox-kmp-default suse-upgrade-virtualbox-qt suse-upgrade-virtualbox-vnc suse-upgrade-virtualbox-websrv References https://attackerkb.com/topics/cve-2023-21898 CVE - 2023-21898

CentOS Linux: CVE-2023-21870: Important: mysql security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) centos-upgrade-mecab centos-upgrade-mecab-debuginfo centos-upgrade-mecab-debugsource centos-upgrade-mecab-devel centos-upgrade-mecab-ipadic centos-upgrade-mecab-ipadic-eucjp centos-upgrade-mysql centos-upgrade-mysql-common centos-upgrade-mysql-debuginfo centos-upgrade-mysql-debugsource centos-upgrade-mysql-devel centos-upgrade-mysql-devel-debuginfo centos-upgrade-mysql-errmsg centos-upgrade-mysql-libs centos-upgrade-mysql-libs-debuginfo centos-upgrade-mysql-server centos-upgrade-mysql-server-debuginfo centos-upgrade-mysql-test centos-upgrade-mysql-test-debuginfo References CVE-2023-21870

OS X update for Shell (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

CentOS Linux: CVE-2023-21835: Moderate: java-11-openjdk security and bug fix update (CESA-2023:0195) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/18/2023 Created 01/20/2023 Added 01/19/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-21835

CentOS Linux: CVE-2023-21874: Important: mysql security update (Multiple Advisories) Severity 3 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:P) Published 01/18/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). Solution(s) centos-upgrade-mecab centos-upgrade-mecab-debuginfo centos-upgrade-mecab-debugsource centos-upgrade-mecab-devel centos-upgrade-mecab-ipadic centos-upgrade-mecab-ipadic-eucjp centos-upgrade-mysql centos-upgrade-mysql-common centos-upgrade-mysql-debuginfo centos-upgrade-mysql-debugsource centos-upgrade-mysql-devel centos-upgrade-mysql-devel-debuginfo centos-upgrade-mysql-errmsg centos-upgrade-mysql-libs centos-upgrade-mysql-libs-debuginfo centos-upgrade-mysql-server centos-upgrade-mysql-server-debuginfo centos-upgrade-mysql-test centos-upgrade-mysql-test-debuginfo References CVE-2023-21874

CentOS Linux: CVE-2023-21879: Important: mysql security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) centos-upgrade-mecab centos-upgrade-mecab-debuginfo centos-upgrade-mecab-debugsource centos-upgrade-mecab-devel centos-upgrade-mecab-ipadic centos-upgrade-mecab-ipadic-eucjp centos-upgrade-mysql centos-upgrade-mysql-common centos-upgrade-mysql-debuginfo centos-upgrade-mysql-debugsource centos-upgrade-mysql-devel centos-upgrade-mysql-devel-debuginfo centos-upgrade-mysql-errmsg centos-upgrade-mysql-libs centos-upgrade-mysql-libs-debuginfo centos-upgrade-mysql-server centos-upgrade-mysql-server-debuginfo centos-upgrade-mysql-test centos-upgrade-mysql-test-debuginfo References CVE-2023-21879

Java CPU January 2023 Oracle Java SE, Oracle GraalVM Enterprise Edition vulnerability (CVE-2023-21830) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 03/24/2023 Added 03/24/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2023-21830 CVE - 2023-21830 http://www.oracle.com/security-alerts/cpujan2023.html

CentOS Linux: CVE-2023-21830: Moderate: java-1.8.0-openjdk security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) centos-upgrade-java-1-8-0-ibm centos-upgrade-java-1-8-0-ibm-demo centos-upgrade-java-1-8-0-ibm-devel centos-upgrade-java-1-8-0-ibm-jdbc centos-upgrade-java-1-8-0-ibm-plugin centos-upgrade-java-1-8-0-ibm-src centos-upgrade-java-1-8-0-openjdk centos-upgrade-java-1-8-0-openjdk-accessibility centos-upgrade-java-1-8-0-openjdk-debuginfo centos-upgrade-java-1-8-0-openjdk-demo centos-upgrade-java-1-8-0-openjdk-devel centos-upgrade-java-1-8-0-openjdk-headless centos-upgrade-java-1-8-0-openjdk-javadoc centos-upgrade-java-1-8-0-openjdk-javadoc-zip centos-upgrade-java-1-8-0-openjdk-src References CVE-2023-21830

SUSE: CVE-2023-21885: SUSE Linux Security Advisory Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 01/18/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).Supported versions that are affected are Prior to 6.1.42 andprior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).Successful attacks of this vulnerability can result inunauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Applies to Windows only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Solution(s) suse-upgrade-python3-virtualbox suse-upgrade-virtualbox suse-upgrade-virtualbox-devel suse-upgrade-virtualbox-guest-desktop-icons suse-upgrade-virtualbox-guest-source suse-upgrade-virtualbox-guest-tools suse-upgrade-virtualbox-host-source suse-upgrade-virtualbox-kmp-default suse-upgrade-virtualbox-qt suse-upgrade-virtualbox-vnc suse-upgrade-virtualbox-websrv References https://attackerkb.com/topics/cve-2023-21885 CVE - 2023-21885

SUSE: CVE-2023-21830: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) suse-upgrade-java-1_8_0-ibm suse-upgrade-java-1_8_0-ibm-32bit suse-upgrade-java-1_8_0-ibm-alsa suse-upgrade-java-1_8_0-ibm-demo suse-upgrade-java-1_8_0-ibm-devel suse-upgrade-java-1_8_0-ibm-devel-32bit suse-upgrade-java-1_8_0-ibm-plugin suse-upgrade-java-1_8_0-ibm-src suse-upgrade-java-1_8_0-openj9 suse-upgrade-java-1_8_0-openj9-accessibility suse-upgrade-java-1_8_0-openj9-demo suse-upgrade-java-1_8_0-openj9-devel suse-upgrade-java-1_8_0-openj9-headless suse-upgrade-java-1_8_0-openj9-javadoc suse-upgrade-java-1_8_0-openj9-src suse-upgrade-java-1_8_0-openjdk suse-upgrade-java-1_8_0-openjdk-accessibility suse-upgrade-java-1_8_0-openjdk-demo suse-upgrade-java-1_8_0-openjdk-devel suse-upgrade-java-1_8_0-openjdk-headless suse-upgrade-java-1_8_0-openjdk-javadoc suse-upgrade-java-1_8_0-openjdk-src References https://attackerkb.com/topics/cve-2023-21830 CVE - 2023-21830

Huawei EulerOS: CVE-2023-21830: java-1.8.0-openjdk security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) huawei-euleros-2_0_sp5-upgrade-java-1.8.0-openjdk huawei-euleros-2_0_sp5-upgrade-java-1.8.0-openjdk-devel huawei-euleros-2_0_sp5-upgrade-java-1.8.0-openjdk-headless References https://attackerkb.com/topics/cve-2023-21830 CVE - 2023-21830 EulerOS-SA-2023-2150

Oracle E-Business Suite: CVE-2023-21855: Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)).Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales for Handhelds.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Sales for Handhelds accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Solution(s) oracle-ebs-jan-2023-cpu-12_2 References https://attackerkb.com/topics/cve-2023-21855 CVE - 2023-21855 https://support.oracle.com/epmos/faces/DocumentDisplay?id=2916871.1 https://www.oracle.com/security-alerts/cpujan2023.html

Oracle E-Business Suite: CVE-2023-21849: Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils).Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications DBA.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Solution(s) oracle-ebs-jan-2023-cpu-12_2 References https://attackerkb.com/topics/cve-2023-21849 CVE - 2023-21849 https://support.oracle.com/epmos/faces/DocumentDisplay?id=2916871.1 https://www.oracle.com/security-alerts/cpujan2023.html

Debian: CVE-2023-21835: openjdk-11, openjdk-17 -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/18/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) debian-upgrade-openjdk-11 debian-upgrade-openjdk-17 References https://attackerkb.com/topics/cve-2023-21835 CVE - 2023-21835 DSA-5331-1

Oracle E-Business Suite: CVE-2023-21825: Critical Patch Update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Supplier Management).Supported versions that are affected are 12.2.6-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier Portal.Successful attacks of this vulnerability can result inunauthorized read access to a subset of Oracle iSupplier Portal accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Solution(s) oracle-ebs-12_2_6-apply-patch-34870379 oracle-ebs-12_2_7-apply-patch-34870379 oracle-ebs-12_2_8-apply-patch-34870379 oracle-ebs-jan-2023-cpu-12_2 References https://attackerkb.com/topics/cve-2023-21825 CVE - 2023-21825 https://support.oracle.com/epmos/faces/DocumentDisplay?id=2916871.1 https://www.oracle.com/security-alerts/cpujan2023.html

Oracle E-Business Suite: CVE-2023-21858: Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: Installation).Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative Planning.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Collaborative Planning accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Solution(s) oracle-ebs-jan-2023-cpu-12_2 References https://attackerkb.com/topics/cve-2023-21858 CVE - 2023-21858 https://support.oracle.com/epmos/faces/DocumentDisplay?id=2916871.1 https://www.oracle.com/security-alerts/cpujan2023.html

Oracle E-Business Suite: CVE-2023-21854: Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/18/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components).Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Sales Offline accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Solution(s) oracle-ebs-jan-2023-cpu-12_2 References https://attackerkb.com/topics/cve-2023-21854 CVE - 2023-21854 https://support.oracle.com/epmos/faces/DocumentDisplay?id=2916871.1 https://www.oracle.com/security-alerts/cpujan2023.html

Huawei EulerOS: CVE-2023-22809: sudo security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/30/2025 Description In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. Solution(s) huawei-euleros-2_0_sp10-upgrade-sudo References https://attackerkb.com/topics/cve-2023-22809 CVE - 2023-22809 EulerOS-SA-2023-1566

OS X update for Accessibility (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alpine Linux: CVE-2023-22809: Improper Privilege Management Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. Solution(s) alpine-linux-upgrade-sudo References https://attackerkb.com/topics/cve-2023-22809 CVE - 2023-22809 https://security.alpinelinux.org/vuln/CVE-2023-22809

OS X update for IOSurfaceAccelerator (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)