ISHACK AI BOT

Huawei EulerOS: CVE-2006-20001: httpd security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Solution(s) huawei-euleros-2_0_sp8-upgrade-httpd huawei-euleros-2_0_sp8-upgrade-httpd-devel huawei-euleros-2_0_sp8-upgrade-httpd-filesystem huawei-euleros-2_0_sp8-upgrade-httpd-manual huawei-euleros-2_0_sp8-upgrade-httpd-tools huawei-euleros-2_0_sp8-upgrade-mod_session huawei-euleros-2_0_sp8-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2006-20001 CVE - 2006-20001 EulerOS-SA-2023-1596

SUSE: CVE-2023-0122: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-0122 CVE - 2023-0122

Huawei EulerOS: CVE-2022-23521: git security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 03/10/2023 Added 03/09/2023 Modified 01/28/2025 Description Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) huawei-euleros-2_0_sp9-upgrade-git huawei-euleros-2_0_sp9-upgrade-git-help References https://attackerkb.com/topics/cve-2022-23521 CVE - 2022-23521 EulerOS-SA-2023-1466

Huawei EulerOS: CVE-2022-47929: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/17/2023 Created 03/10/2023 Added 03/09/2023 Modified 01/30/2025 Description In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-47929 CVE - 2022-47929 EulerOS-SA-2023-1469

Huawei EulerOS: CVE-2022-41953: git security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 03/10/2023 Added 03/09/2023 Modified 01/28/2025 Description Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources. Solution(s) huawei-euleros-2_0_sp9-upgrade-git huawei-euleros-2_0_sp9-upgrade-git-help References https://attackerkb.com/topics/cve-2022-41953 CVE - 2022-41953 EulerOS-SA-2023-1466

Huawei EulerOS: CVE-2022-37436: httpd security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/17/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. Solution(s) huawei-euleros-2_0_sp9-upgrade-httpd huawei-euleros-2_0_sp9-upgrade-httpd-filesystem huawei-euleros-2_0_sp9-upgrade-httpd-tools huawei-euleros-2_0_sp9-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2022-37436 CVE - 2022-37436 EulerOS-SA-2023-1872

Oracle Linux: CVE-2022-44617: ELSA-2023-0379:libXpm security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/07/2025 Description A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. Solution(s) oracle-linux-upgrade-libxpm oracle-linux-upgrade-libxpm-devel References https://attackerkb.com/topics/cve-2022-44617 CVE - 2022-44617 ELSA-2023-0379 ELSA-2023-0383

Oracle Linux: CVE-2023-21867: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21867 CVE - 2023-21867 ELSA-2023-2621 ELSA-2023-3087

Oracle Linux: CVE-2023-21843: ELSA-2023-0200:java-11-openjdk security and bug fix update (MODERATE) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 01/17/2023 Created 01/20/2023 Added 01/19/2023 Modified 01/08/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) oracle-linux-upgrade-graalvm22-ce-11 oracle-linux-upgrade-graalvm22-ce-11-devel oracle-linux-upgrade-graalvm22-ce-11-espresso oracle-linux-upgrade-graalvm22-ce-11-espresso-llvm oracle-linux-upgrade-graalvm22-ce-11-fastr oracle-linux-upgrade-graalvm22-ce-11-javascript oracle-linux-upgrade-graalvm22-ce-11-jdk oracle-linux-upgrade-graalvm22-ce-11-libpolyglot oracle-linux-upgrade-graalvm22-ce-11-llvm oracle-linux-upgrade-graalvm22-ce-11-llvm-toolchain oracle-linux-upgrade-graalvm22-ce-11-native-image oracle-linux-upgrade-graalvm22-ce-11-native-image-llvm-backend oracle-linux-upgrade-graalvm22-ce-11-nodejs oracle-linux-upgrade-graalvm22-ce-11-nodejs-devel oracle-linux-upgrade-graalvm22-ce-11-polyglot oracle-linux-upgrade-graalvm22-ce-11-python oracle-linux-upgrade-graalvm22-ce-11-python-devel oracle-linux-upgrade-graalvm22-ce-11-ruby oracle-linux-upgrade-graalvm22-ce-11-ruby-devel oracle-linux-upgrade-graalvm22-ce-11-tools oracle-linux-upgrade-graalvm22-ce-11-wasm oracle-linux-upgrade-graalvm22-ce-17 oracle-linux-upgrade-graalvm22-ce-17-devel oracle-linux-upgrade-graalvm22-ce-17-espresso oracle-linux-upgrade-graalvm22-ce-17-espresso-llvm oracle-linux-upgrade-graalvm22-ce-17-fastr oracle-linux-upgrade-graalvm22-ce-17-javascript oracle-linux-upgrade-graalvm22-ce-17-jdk oracle-linux-upgrade-graalvm22-ce-17-libpolyglot oracle-linux-upgrade-graalvm22-ce-17-llvm oracle-linux-upgrade-graalvm22-ce-17-llvm-toolchain oracle-linux-upgrade-graalvm22-ce-17-native-image oracle-linux-upgrade-graalvm22-ce-17-native-image-llvm-backend oracle-linux-upgrade-graalvm22-ce-17-nodejs oracle-linux-upgrade-graalvm22-ce-17-nodejs-devel oracle-linux-upgrade-graalvm22-ce-17-polyglot oracle-linux-upgrade-graalvm22-ce-17-python oracle-linux-upgrade-graalvm22-ce-17-python-devel oracle-linux-upgrade-graalvm22-ce-17-ruby oracle-linux-upgrade-graalvm22-ce-17-ruby-devel oracle-linux-upgrade-graalvm22-ce-17-tools oracle-linux-upgrade-graalvm22-ce-17-wasm oracle-linux-upgrade-java-11-openjdk oracle-linux-upgrade-java-11-openjdk-demo oracle-linux-upgrade-java-11-openjdk-demo-fastdebug oracle-linux-upgrade-java-11-openjdk-demo-slowdebug oracle-linux-upgrade-java-11-openjdk-devel oracle-linux-upgrade-java-11-openjdk-devel-fastdebug oracle-linux-upgrade-java-11-openjdk-devel-slowdebug oracle-linux-upgrade-java-11-openjdk-fastdebug oracle-linux-upgrade-java-11-openjdk-headless oracle-linux-upgrade-java-11-openjdk-headless-fastdebug oracle-linux-upgrade-java-11-openjdk-headless-slowdebug oracle-linux-upgrade-java-11-openjdk-javadoc oracle-linux-upgrade-java-11-openjdk-javadoc-zip oracle-linux-upgrade-java-11-openjdk-jmods oracle-linux-upgrade-java-11-openjdk-jmods-fastdebug oracle-linux-upgrade-java-11-openjdk-jmods-slowdebug oracle-linux-upgrade-java-11-openjdk-slowdebug oracle-linux-upgrade-java-11-openjdk-src oracle-linux-upgrade-java-11-openjdk-src-fastdebug oracle-linux-upgrade-java-11-openjdk-src-slowdebug oracle-linux-upgrade-java-11-openjdk-static-libs oracle-linux-upgrade-java-11-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-11-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-17-openjdk oracle-linux-upgrade-java-17-openjdk-demo oracle-linux-upgrade-java-17-openjdk-demo-fastdebug oracle-linux-upgrade-java-17-openjdk-demo-slowdebug oracle-linux-upgrade-java-17-openjdk-devel oracle-linux-upgrade-java-17-openjdk-devel-fastdebug oracle-linux-upgrade-java-17-openjdk-devel-slowdebug oracle-linux-upgrade-java-17-openjdk-fastdebug oracle-linux-upgrade-java-17-openjdk-headless oracle-linux-upgrade-java-17-openjdk-headless-fastdebug oracle-linux-upgrade-java-17-openjdk-headless-slowdebug oracle-linux-upgrade-java-17-openjdk-javadoc oracle-linux-upgrade-java-17-openjdk-javadoc-zip oracle-linux-upgrade-java-17-openjdk-jmods oracle-linux-upgrade-java-17-openjdk-jmods-fastdebug oracle-linux-upgrade-java-17-openjdk-jmods-slowdebug oracle-linux-upgrade-java-17-openjdk-slowdebug oracle-linux-upgrade-java-17-openjdk-src oracle-linux-upgrade-java-17-openjdk-src-fastdebug oracle-linux-upgrade-java-17-openjdk-src-slowdebug oracle-linux-upgrade-java-17-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-17-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk oracle-linux-upgrade-java-1-8-0-openjdk-accessibility oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo oracle-linux-upgrade-java-1-8-0-openjdk-demo-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel oracle-linux-upgrade-java-1-8-0-openjdk-devel-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless oracle-linux-upgrade-java-1-8-0-openjdk-headless-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-javadoc oracle-linux-upgrade-java-1-8-0-openjdk-javadoc-zip oracle-linux-upgrade-java-1-8-0-openjdk-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-src oracle-linux-upgrade-java-1-8-0-openjdk-src-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-src-slowdebug References https://attackerkb.com/topics/cve-2023-21843 CVE - 2023-21843 ELSA-2023-0200 ELSA-2023-0208 ELSA-2023-12072 ELSA-2023-12075 ELSA-2023-0194 ELSA-2023-12066 ELSA-2023-0210 ELSA-2023-0203 ELSA-2023-12070 ELSA-2023-12077 ELSA-2023-12074 ELSA-2023-0202 ELSA-2023-0195 ELSA-2023-12068 ELSA-2023-12067 ELSA-2023-0192 ELSA-2023-12073 ELSA-2023-12071 ELSA-2023-12076 ELSA-2023-12069 View more

Oracle Linux: CVE-2023-21835: ELSA-2023-0200:java-11-openjdk security and bug fix update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/17/2023 Created 01/20/2023 Added 01/19/2023 Modified 01/08/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) oracle-linux-upgrade-graalvm22-ce-11 oracle-linux-upgrade-graalvm22-ce-11-devel oracle-linux-upgrade-graalvm22-ce-11-espresso oracle-linux-upgrade-graalvm22-ce-11-espresso-llvm oracle-linux-upgrade-graalvm22-ce-11-fastr oracle-linux-upgrade-graalvm22-ce-11-javascript oracle-linux-upgrade-graalvm22-ce-11-jdk oracle-linux-upgrade-graalvm22-ce-11-libpolyglot oracle-linux-upgrade-graalvm22-ce-11-llvm oracle-linux-upgrade-graalvm22-ce-11-llvm-toolchain oracle-linux-upgrade-graalvm22-ce-11-native-image oracle-linux-upgrade-graalvm22-ce-11-native-image-llvm-backend oracle-linux-upgrade-graalvm22-ce-11-nodejs oracle-linux-upgrade-graalvm22-ce-11-nodejs-devel oracle-linux-upgrade-graalvm22-ce-11-polyglot oracle-linux-upgrade-graalvm22-ce-11-python oracle-linux-upgrade-graalvm22-ce-11-python-devel oracle-linux-upgrade-graalvm22-ce-11-ruby oracle-linux-upgrade-graalvm22-ce-11-ruby-devel oracle-linux-upgrade-graalvm22-ce-11-tools oracle-linux-upgrade-graalvm22-ce-11-wasm oracle-linux-upgrade-graalvm22-ce-17 oracle-linux-upgrade-graalvm22-ce-17-devel oracle-linux-upgrade-graalvm22-ce-17-espresso oracle-linux-upgrade-graalvm22-ce-17-espresso-llvm oracle-linux-upgrade-graalvm22-ce-17-fastr oracle-linux-upgrade-graalvm22-ce-17-javascript oracle-linux-upgrade-graalvm22-ce-17-jdk oracle-linux-upgrade-graalvm22-ce-17-libpolyglot oracle-linux-upgrade-graalvm22-ce-17-llvm oracle-linux-upgrade-graalvm22-ce-17-llvm-toolchain oracle-linux-upgrade-graalvm22-ce-17-native-image oracle-linux-upgrade-graalvm22-ce-17-native-image-llvm-backend oracle-linux-upgrade-graalvm22-ce-17-nodejs oracle-linux-upgrade-graalvm22-ce-17-nodejs-devel oracle-linux-upgrade-graalvm22-ce-17-polyglot oracle-linux-upgrade-graalvm22-ce-17-python oracle-linux-upgrade-graalvm22-ce-17-python-devel oracle-linux-upgrade-graalvm22-ce-17-ruby oracle-linux-upgrade-graalvm22-ce-17-ruby-devel oracle-linux-upgrade-graalvm22-ce-17-tools oracle-linux-upgrade-graalvm22-ce-17-wasm oracle-linux-upgrade-java-11-openjdk oracle-linux-upgrade-java-11-openjdk-demo oracle-linux-upgrade-java-11-openjdk-demo-fastdebug oracle-linux-upgrade-java-11-openjdk-demo-slowdebug oracle-linux-upgrade-java-11-openjdk-devel oracle-linux-upgrade-java-11-openjdk-devel-fastdebug oracle-linux-upgrade-java-11-openjdk-devel-slowdebug oracle-linux-upgrade-java-11-openjdk-fastdebug oracle-linux-upgrade-java-11-openjdk-headless oracle-linux-upgrade-java-11-openjdk-headless-fastdebug oracle-linux-upgrade-java-11-openjdk-headless-slowdebug oracle-linux-upgrade-java-11-openjdk-javadoc oracle-linux-upgrade-java-11-openjdk-javadoc-zip oracle-linux-upgrade-java-11-openjdk-jmods oracle-linux-upgrade-java-11-openjdk-jmods-fastdebug oracle-linux-upgrade-java-11-openjdk-jmods-slowdebug oracle-linux-upgrade-java-11-openjdk-slowdebug oracle-linux-upgrade-java-11-openjdk-src oracle-linux-upgrade-java-11-openjdk-src-fastdebug oracle-linux-upgrade-java-11-openjdk-src-slowdebug oracle-linux-upgrade-java-11-openjdk-static-libs oracle-linux-upgrade-java-11-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-11-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-17-openjdk oracle-linux-upgrade-java-17-openjdk-demo oracle-linux-upgrade-java-17-openjdk-demo-fastdebug oracle-linux-upgrade-java-17-openjdk-demo-slowdebug oracle-linux-upgrade-java-17-openjdk-devel oracle-linux-upgrade-java-17-openjdk-devel-fastdebug oracle-linux-upgrade-java-17-openjdk-devel-slowdebug oracle-linux-upgrade-java-17-openjdk-fastdebug oracle-linux-upgrade-java-17-openjdk-headless oracle-linux-upgrade-java-17-openjdk-headless-fastdebug oracle-linux-upgrade-java-17-openjdk-headless-slowdebug oracle-linux-upgrade-java-17-openjdk-javadoc oracle-linux-upgrade-java-17-openjdk-javadoc-zip oracle-linux-upgrade-java-17-openjdk-jmods oracle-linux-upgrade-java-17-openjdk-jmods-fastdebug oracle-linux-upgrade-java-17-openjdk-jmods-slowdebug oracle-linux-upgrade-java-17-openjdk-slowdebug oracle-linux-upgrade-java-17-openjdk-src oracle-linux-upgrade-java-17-openjdk-src-fastdebug oracle-linux-upgrade-java-17-openjdk-src-slowdebug oracle-linux-upgrade-java-17-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-17-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2023-21835 CVE - 2023-21835 ELSA-2023-0200 ELSA-2023-12072 ELSA-2023-12075 ELSA-2023-0194 ELSA-2023-12066 ELSA-2023-12070 ELSA-2023-12077 ELSA-2023-12074 ELSA-2023-0202 ELSA-2023-0195 ELSA-2023-12068 ELSA-2023-12067 ELSA-2023-0192 ELSA-2023-12073 ELSA-2023-12071 ELSA-2023-12076 ELSA-2023-12069 View more

Oracle Linux: CVE-2023-21880: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21880 CVE - 2023-21880 ELSA-2023-2621 ELSA-2023-3087

Oracle Linux: CVE-2022-41903: ELSA-2023-0610:git security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 02/08/2023 Added 02/07/2023 Modified 01/07/2025 Description Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`. A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in `pretty.c::format_and_pad_commit()`, where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution. Solution(s) oracle-linux-upgrade-emacs-git oracle-linux-upgrade-emacs-git-el oracle-linux-upgrade-git oracle-linux-upgrade-git-all oracle-linux-upgrade-git-bzr oracle-linux-upgrade-git-core oracle-linux-upgrade-git-core-doc oracle-linux-upgrade-git-credential-libsecret oracle-linux-upgrade-git-cvs oracle-linux-upgrade-git-daemon oracle-linux-upgrade-git-email oracle-linux-upgrade-git-gnome-keyring oracle-linux-upgrade-git-gui oracle-linux-upgrade-git-hg oracle-linux-upgrade-git-instaweb oracle-linux-upgrade-gitk oracle-linux-upgrade-git-p4 oracle-linux-upgrade-git-subtree oracle-linux-upgrade-git-svn oracle-linux-upgrade-gitweb oracle-linux-upgrade-perl-git oracle-linux-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2022-41903 CVE - 2022-41903 ELSA-2023-0610 ELSA-2023-0611 ELSA-2023-0978

Oracle Linux: CVE-2022-37436: ELSA-2023-0852:httpd:2.4 security and bug fix update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/17/2023 Created 02/24/2023 Added 02/23/2023 Modified 01/07/2025 Description Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client. Solution(s) oracle-linux-upgrade-httpd oracle-linux-upgrade-httpd-core oracle-linux-upgrade-httpd-devel oracle-linux-upgrade-httpd-filesystem oracle-linux-upgrade-httpd-manual oracle-linux-upgrade-httpd-tools oracle-linux-upgrade-mod-http2 oracle-linux-upgrade-mod-ldap oracle-linux-upgrade-mod-lua oracle-linux-upgrade-mod-md oracle-linux-upgrade-mod-proxy-html oracle-linux-upgrade-mod-session oracle-linux-upgrade-mod-ssl References https://attackerkb.com/topics/cve-2022-37436 CVE - 2022-37436 ELSA-2023-0852 ELSA-2023-0970

Oracle Linux: CVE-2023-23605: ELSA-2023-0476:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/07/2025 Description Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-23605 CVE - 2023-23605 ELSA-2023-0476 ELSA-2023-0463 ELSA-2023-0456 ELSA-2023-0285 ELSA-2023-0296 ELSA-2023-0288 View more

Oracle Linux: CVE-2023-23603: ELSA-2023-0476:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/17/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/07/2025 Description Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-23603 CVE - 2023-23603 ELSA-2023-0476 ELSA-2023-0463 ELSA-2023-0456 ELSA-2023-0285 ELSA-2023-0296 ELSA-2023-0288 View more

Oracle Linux: CVE-2023-21871: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21871 CVE - 2023-21871 ELSA-2023-2621 ELSA-2023-3087

Alma Linux: CVE-2022-47929: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/17/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/30/2025 Description In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2022-47929 CVE - 2022-47929 https://errata.almalinux.org/8/ALSA-2023-2736.html https://errata.almalinux.org/8/ALSA-2023-2951.html https://errata.almalinux.org/9/ALSA-2023-2148.html https://errata.almalinux.org/9/ALSA-2023-2458.html

Oracle Linux: CVE-2023-21873: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21873 CVE - 2023-21873 ELSA-2023-2621 ELSA-2023-3087

Oracle Linux: CVE-2023-1073: ELSA-2023-12232: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/17/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/23/2025 Description A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-1073 CVE - 2023-1073 ELSA-2023-12232 ELSA-2024-12169 ELSA-2023-7077 ELSA-2024-0897 ELSA-2023-6583

Oracle Linux: CVE-2023-21865: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21865 CVE - 2023-21865 ELSA-2023-2621 ELSA-2023-3087

Gentoo Linux: CVE-2006-20001: Apache HTTPD: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Solution(s) gentoo-linux-upgrade-www-servers-apache References https://attackerkb.com/topics/cve-2006-20001 CVE - 2006-20001 202309-01

Debian: CVE-2022-47929: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/17/2023 Created 01/25/2023 Added 01/25/2023 Modified 01/30/2025 Description In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-47929 CVE - 2022-47929 DSA-5324 DSA-5324-1

VMware Photon OS: CVE-2023-21887 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21887 CVE - 2023-21887

VMware Photon OS: CVE-2023-21835 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21835 CVE - 2023-21835

Amazon Linux AMI: CVE-2022-36760: Security patch for httpd24 (ALAS-2023-1711) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. Solution(s) amazon-linux-upgrade-httpd24 References ALAS-2023-1711 CVE-2022-36760