ISHACK AI BOT

SUSE: CVE-2022-36760: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. Solution(s) suse-upgrade-apache2 suse-upgrade-apache2-devel suse-upgrade-apache2-doc suse-upgrade-apache2-event suse-upgrade-apache2-example-pages suse-upgrade-apache2-prefork suse-upgrade-apache2-utils suse-upgrade-apache2-worker References https://attackerkb.com/topics/cve-2022-36760 CVE - 2022-36760

Alpine Linux: CVE-2022-41861: Improper Input Validation Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 01/17/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. Solution(s) alpine-linux-upgrade-freeradius References https://attackerkb.com/topics/cve-2022-41861 CVE - 2022-41861 https://security.alpinelinux.org/vuln/CVE-2022-41861

Huawei EulerOS: CVE-2022-36760: httpd security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/30/2025 Description Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. Solution(s) huawei-euleros-2_0_sp10-upgrade-httpd huawei-euleros-2_0_sp10-upgrade-httpd-filesystem huawei-euleros-2_0_sp10-upgrade-httpd-tools huawei-euleros-2_0_sp10-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2022-36760 CVE - 2022-36760 EulerOS-SA-2023-1550

VMware Photon OS: CVE-2023-21878 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21878 CVE - 2023-21878

Ubuntu: (CVE-2018-14628): samba vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 01/17/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/30/2025 Description An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Solution(s) ubuntu-upgrade-samba References https://attackerkb.com/topics/cve-2018-14628 CVE - 2018-14628 https://marc.info/?l=oss-security&m=170118854915655 https://www.cve.org/CVERecord?id=CVE-2018-14628 https://www.samba.org/samba/security/CVE-2018-14628.html

MFSA2023-01 Firefox: Security Vulnerabilities fixed in Firefox 109 (CVE-2023-23597) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/17/2023 Created 01/19/2023 Added 01/18/2023 Modified 01/28/2025 Description A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. Solution(s) mozilla-firefox-upgrade-109_0 References https://attackerkb.com/topics/cve-2023-23597 CVE - 2023-23597 http://www.mozilla.org/security/announce/2023/mfsa2023-01.html

Huawei EulerOS: CVE-2022-47929: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/17/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2022-47929 CVE - 2022-47929 EulerOS-SA-2023-2152

VMware Photon OS: CVE-2023-21873 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21873 CVE - 2023-21873

VMware Photon OS: CVE-2023-0296 Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0296 CVE - 2023-0296

VMware Photon OS: CVE-2023-21871 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21871 CVE - 2023-21871

VMware Photon OS: CVE-2023-21879 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21879 CVE - 2023-21879

VMware Photon OS: CVE-2023-21867 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21867 CVE - 2023-21867

Alpine Linux: CVE-2022-41903: Integer Overflow or Wraparound Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`. Solution(s) alpine-linux-upgrade-git References https://attackerkb.com/topics/cve-2022-41903 CVE - 2022-41903 https://security.alpinelinux.org/vuln/CVE-2022-41903

Oracle Linux: CVE-2023-21876: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21876 CVE - 2023-21876 ELSA-2023-2621 ELSA-2023-3087

Ubuntu: (Multiple Advisories) (CVE-2022-44617): libXpm vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 01/25/2023 Added 01/18/2023 Modified 01/28/2025 Description A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. Solution(s) ubuntu-pro-upgrade-libxpm4 ubuntu-pro-upgrade-xpmutils References https://attackerkb.com/topics/cve-2022-44617 CVE - 2022-44617 CVE-2022-44617 USN-5807-1 USN-5807-2

Ubuntu: (Multiple Advisories) (CVE-2022-41858): Linux kernel (AWS) vulnerabilities Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 01/17/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. Solution(s) ubuntu-upgrade-linux-image-4-4-0-1116-aws ubuntu-upgrade-linux-image-4-4-0-1117-kvm ubuntu-upgrade-linux-image-4-4-0-1154-aws ubuntu-upgrade-linux-image-4-4-0-237-generic ubuntu-upgrade-linux-image-4-4-0-237-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-lts-xenial References https://attackerkb.com/topics/cve-2022-41858 CVE - 2022-41858 USN-5884-1 USN-5926-1

Ubuntu: (Multiple Advisories) (CVE-2022-36760): Apache HTTP Server vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. Solution(s) ubuntu-pro-upgrade-apache2 ubuntu-pro-upgrade-apache2-bin References https://attackerkb.com/topics/cve-2022-36760 CVE - 2022-36760 USN-5834-1 USN-5839-1

Rocky Linux: CVE-2006-20001: httpd (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_http2 rocky-upgrade-mod_http2-debuginfo rocky-upgrade-mod_http2-debugsource rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_md rocky-upgrade-mod_md-debuginfo rocky-upgrade-mod_md-debugsource rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2006-20001 CVE - 2006-20001 https://errata.rockylinux.org/RLSA-2023:0852 https://errata.rockylinux.org/RLSA-2023:0970

Apache HTTPD: mod_dav out ofbounds read, or write of zero byte (CVE-2006-20001) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 11/30/2023 Added 11/29/2023 Modified 02/14/2025 Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Solution(s) apache-httpd-upgrade-latest References https://attackerkb.com/topics/cve-2006-20001 https://httpd.apache.org/security/vulnerabilities_24.html https://security.gentoo.org/glsa/202309-01 https://security.netapp.com/advisory/ntap-20230316-0005/ CVE - 2006-20001

Apache HTTPD: Apache HTTP Server: mod_proxy_ajp Possible request smuggling (CVE-2022-36760) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 11/30/2023 Added 11/29/2023 Modified 12/03/2024 Description Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. Solution(s) apache-httpd-upgrade-latest References https://attackerkb.com/topics/cve-2022-36760 https://httpd.apache.org/security/vulnerabilities_24.html https://security.gentoo.org/glsa/202309-01 CVE - 2022-36760

Apache HTTPD: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting (CVE-2022-37436) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/17/2023 Created 11/30/2023 Added 11/29/2023 Modified 12/03/2024 Description Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. Solution(s) apache-httpd-upgrade-latest References https://attackerkb.com/topics/cve-2022-37436 https://httpd.apache.org/security/vulnerabilities_24.html https://security.gentoo.org/glsa/202309-01 CVE - 2022-37436

SUSE: CVE-2022-41903: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 01/24/2023 Added 01/23/2023 Modified 01/28/2025 Description Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`. Solution(s) suse-upgrade-git suse-upgrade-git-arch suse-upgrade-git-core suse-upgrade-git-credential-gnome-keyring suse-upgrade-git-credential-libsecret suse-upgrade-git-cvs suse-upgrade-git-daemon suse-upgrade-git-doc suse-upgrade-git-email suse-upgrade-git-gui suse-upgrade-git-p4 suse-upgrade-git-svn suse-upgrade-git-web suse-upgrade-gitk suse-upgrade-perl-git References https://attackerkb.com/topics/cve-2022-41903 CVE - 2022-41903

Alma Linux: CVE-2006-20001: Moderate: httpd:2.4 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Solution(s) alma-upgrade-httpd alma-upgrade-httpd-core alma-upgrade-httpd-devel alma-upgrade-httpd-filesystem alma-upgrade-httpd-manual alma-upgrade-httpd-tools alma-upgrade-mod_http2 alma-upgrade-mod_ldap alma-upgrade-mod_lua alma-upgrade-mod_md alma-upgrade-mod_proxy_html alma-upgrade-mod_session alma-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2006-20001 CVE - 2006-20001 https://errata.almalinux.org/8/ALSA-2023-0852.html https://errata.almalinux.org/9/ALSA-2023-0970.html

Gentoo Linux: CVE-2022-37436: Apache HTTPD: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/17/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. Solution(s) gentoo-linux-upgrade-www-servers-apache References https://attackerkb.com/topics/cve-2022-37436 CVE - 2022-37436 202309-01

Debian: CVE-2022-41858: linux -- security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 01/17/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-41858 CVE - 2022-41858