ISHACK AI BOT

VMware Photon OS: CVE-2023-21876 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21876 CVE - 2023-21876

Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization Disclosed 01/17/2023 Created 06/09/2023 Description Oracle Weblogic 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This occurs when an attacker serializes a "ForeignOpaqueReference" class object, deserializes it on the target, and then post deserialization, calls the object's "getReferent()" method, which will make use of the "ForeignOpaqueReference" class's "remoteJNDIName" variable, which is under the attackers control, to do a remote loading of the JNDI address specified by "remoteJNDIName" via the "lookup()" function. This can in turn lead to a deserialization vulnerability whereby an attacker supplies the address of a HTTP server hosting a malicious Java class file, which will then be loaded into the Oracle Weblogic process's memory and an attempt to create a new instance of the attacker's class will be made. Attackers can utilize this to execute arbitrary Java code during the instantiation of the object, thereby getting remote code execution as the "oracle" user. This module exploits this vulnerability to trigger the JNDI connection to a LDAP server we control. The LDAP server will then respond with a remote reference response that points to a HTTP server that we control, where the malicious Java class file will be hosted. Oracle Weblogic will then make a HTTP request to retrieve the malicious Java class file, at which point our HTTP server will serve up the malicious class file and Oracle Weblogic will instantiate an instance of that class, granting us RCE as the "oracle" user. This vulnerability was exploited in the wild as noted by KEV on May 1st 2023: https://www.fortiguard.com/outbreak-alert/oracle-weblogic-server-vulnerability Author(s) 4ra1n 14m3ta7k Grant Willcox Development Source Code History

Oracle Linux: CVE-2023-21869: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21869 CVE - 2023-21869 ELSA-2023-2621 ELSA-2023-3087

IBM AIX: x11_advisory (CVE-2022-47990): Vulnerability in x11 affects AIX Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/17/2023 Created 01/19/2023 Added 01/18/2023 Modified 01/28/2025 Description IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556. Solution(s) ibm-aix-x11_advisory References https://attackerkb.com/topics/cve-2022-47990 CVE - 2022-47990 https://aix.software.ibm.com/aix/efixes/security/x11_advisory.asc

Oracle Linux: CVE-2023-21879: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21879 CVE - 2023-21879 ELSA-2023-2621 ELSA-2023-3087

Oracle Linux: CVE-2023-21875: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:H/Au:M/C:N/I:C/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21875 CVE - 2023-21875 ELSA-2023-2621 ELSA-2023-3087

Oracle Linux: CVE-2023-21882: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:N) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21882 CVE - 2023-21882 ELSA-2023-2621 ELSA-2023-3087

Oracle Linux: CVE-2023-21870: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21870 CVE - 2023-21870 ELSA-2023-2621 ELSA-2023-3087

MFSA2023-02 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.7 (CVE-2023-23603) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/17/2023 Created 01/19/2023 Added 01/18/2023 Modified 01/30/2025 Description Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) mozilla-firefox-esr-upgrade-102_7 References https://attackerkb.com/topics/cve-2023-23603 CVE - 2023-23603 http://www.mozilla.org/security/announce/2023/mfsa2023-02.html

Oracle Linux: CVE-2023-21864: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21864 CVE - 2023-21864 ELSA-2023-2621 ELSA-2023-3087

Oracle Linux: CVE-2023-21883: ELSA-2023-2621:mysql security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/17/2023 Created 05/19/2023 Added 05/18/2023 Modified 12/06/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21883 CVE - 2023-21883 ELSA-2023-2621 ELSA-2023-3087

FreeBSD: VID-00919005-96A3-11ED-86E9-D4C9EF517024 (CVE-2022-37436): Apache httpd -- Multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/17/2023 Created 01/20/2023 Added 01/19/2023 Modified 01/28/2025 Description Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. Solution(s) freebsd-upgrade-package-apache24 References CVE-2022-37436

Huawei EulerOS: CVE-2006-20001: httpd security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Solution(s) huawei-euleros-2_0_sp5-upgrade-httpd huawei-euleros-2_0_sp5-upgrade-httpd-devel huawei-euleros-2_0_sp5-upgrade-httpd-manual huawei-euleros-2_0_sp5-upgrade-httpd-tools huawei-euleros-2_0_sp5-upgrade-mod_session huawei-euleros-2_0_sp5-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2006-20001 CVE - 2006-20001 EulerOS-SA-2023-2148

SUSE: CVE-2022-37436: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/17/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. Solution(s) suse-upgrade-apache2 suse-upgrade-apache2-devel suse-upgrade-apache2-doc suse-upgrade-apache2-event suse-upgrade-apache2-example-pages suse-upgrade-apache2-prefork suse-upgrade-apache2-utils suse-upgrade-apache2-worker References https://attackerkb.com/topics/cve-2022-37436 CVE - 2022-37436

Alpine Linux: CVE-2018-14628: Missing Authorization Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 01/17/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Solution(s) alpine-linux-upgrade-samba References https://attackerkb.com/topics/cve-2018-14628 CVE - 2018-14628 https://security.alpinelinux.org/vuln/CVE-2018-14628

Alpine Linux: CVE-2022-23521: Integer Overflow or Wraparound Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) alpine-linux-upgrade-git References https://attackerkb.com/topics/cve-2022-23521 CVE - 2022-23521 https://security.alpinelinux.org/vuln/CVE-2022-23521

Oracle Database: Critical Patch Update - January 2023 (CVE-2023-21893) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 01/19/2023 Added 01/17/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server.Supported versions that are affected are 19c and21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Solution(s) oracle-apply-jan-2023-cpu References https://attackerkb.com/topics/cve-2023-21893 CVE - 2023-21893 http://www.oracle.com/security-alerts/cpujan2023.html https://support.oracle.com/rs?type=doc&id=2906899.1

SUSE: CVE-2022-3650: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/17/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. Solution(s) suse-upgrade-ceph suse-upgrade-ceph-base suse-upgrade-ceph-common suse-upgrade-ceph-fuse suse-upgrade-ceph-grafana-dashboards suse-upgrade-ceph-immutable-object-cache suse-upgrade-ceph-mds suse-upgrade-ceph-mgr suse-upgrade-ceph-mgr-cephadm suse-upgrade-ceph-mgr-dashboard suse-upgrade-ceph-mgr-diskprediction-local suse-upgrade-ceph-mgr-k8sevents suse-upgrade-ceph-mgr-modules-core suse-upgrade-ceph-mgr-rook suse-upgrade-ceph-mon suse-upgrade-ceph-osd suse-upgrade-ceph-prometheus-alerts suse-upgrade-ceph-radosgw suse-upgrade-ceph-test suse-upgrade-cephadm suse-upgrade-cephfs-mirror suse-upgrade-cephfs-shell suse-upgrade-cephfs-top suse-upgrade-libcephfs-devel suse-upgrade-libcephfs2 suse-upgrade-libcephsqlite suse-upgrade-libcephsqlite-devel suse-upgrade-librados-devel suse-upgrade-librados2 suse-upgrade-libradospp-devel suse-upgrade-librbd-devel suse-upgrade-librbd1 suse-upgrade-librgw-devel suse-upgrade-librgw2 suse-upgrade-python3-ceph-argparse suse-upgrade-python3-ceph-common suse-upgrade-python3-cephfs suse-upgrade-python3-rados suse-upgrade-python3-rbd suse-upgrade-python3-rgw suse-upgrade-rados-objclass-devel suse-upgrade-rbd-fuse suse-upgrade-rbd-mirror suse-upgrade-rbd-nbd References https://attackerkb.com/topics/cve-2022-3650 CVE - 2022-3650

Huawei EulerOS: CVE-2022-23521: git security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) huawei-euleros-2_0_sp5-upgrade-git huawei-euleros-2_0_sp5-upgrade-git-core huawei-euleros-2_0_sp5-upgrade-git-core-doc huawei-euleros-2_0_sp5-upgrade-perl-git References https://attackerkb.com/topics/cve-2022-23521 CVE - 2022-23521 EulerOS-SA-2023-2145

Huawei EulerOS: CVE-2022-36760: httpd security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/17/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. Solution(s) huawei-euleros-2_0_sp5-upgrade-httpd huawei-euleros-2_0_sp5-upgrade-httpd-devel huawei-euleros-2_0_sp5-upgrade-httpd-manual huawei-euleros-2_0_sp5-upgrade-httpd-tools huawei-euleros-2_0_sp5-upgrade-mod_session huawei-euleros-2_0_sp5-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2022-36760 CVE - 2022-36760 EulerOS-SA-2023-2148

Gentoo Linux: CVE-2022-3650: Ceph: Root Privilege Escalation Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/17/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. Solution(s) gentoo-linux-upgrade-sys-cluster-ceph References https://attackerkb.com/topics/cve-2022-3650 CVE - 2022-3650 202312-10

Alpine Linux: CVE-2023-21835: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/17/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) alpine-linux-upgrade-openjdk11 alpine-linux-upgrade-openjdk17 alpine-linux-upgrade-openjdk19 References https://attackerkb.com/topics/cve-2023-21835 CVE - 2023-21835 https://security.alpinelinux.org/vuln/CVE-2023-21835

CentOS Linux: CVE-2022-3650: Important: Red Hat Ceph Storage 5.3 Bug fix and security update (CESA-2023:0980) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/17/2023 Created 03/02/2023 Added 03/01/2023 Modified 01/28/2025 Description A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. Solution(s) centos-upgrade-ceph-base centos-upgrade-ceph-base-debuginfo centos-upgrade-ceph-common centos-upgrade-ceph-common-debuginfo centos-upgrade-ceph-debugsource centos-upgrade-ceph-fuse centos-upgrade-ceph-fuse-debuginfo centos-upgrade-ceph-grafana-dashboards centos-upgrade-ceph-immutable-object-cache centos-upgrade-ceph-immutable-object-cache-debuginfo centos-upgrade-ceph-mds centos-upgrade-ceph-mds-debuginfo centos-upgrade-ceph-mgr-debuginfo centos-upgrade-ceph-mib centos-upgrade-ceph-mon-debuginfo centos-upgrade-ceph-osd-debuginfo centos-upgrade-ceph-radosgw centos-upgrade-ceph-radosgw-debuginfo centos-upgrade-ceph-resource-agents centos-upgrade-ceph-selinux centos-upgrade-ceph-test-debuginfo centos-upgrade-cephadm centos-upgrade-cephadm-ansible centos-upgrade-cephfs-mirror centos-upgrade-cephfs-mirror-debuginfo centos-upgrade-cephfs-top centos-upgrade-libcephfs-devel centos-upgrade-libcephfs2 centos-upgrade-libcephfs2-debuginfo centos-upgrade-libcephsqlite-debuginfo centos-upgrade-librados-devel centos-upgrade-librados-devel-debuginfo centos-upgrade-libradospp-devel centos-upgrade-libradosstriper1 centos-upgrade-libradosstriper1-debuginfo centos-upgrade-librbd-devel centos-upgrade-librgw-devel centos-upgrade-librgw2 centos-upgrade-librgw2-debuginfo centos-upgrade-python3-ceph-argparse centos-upgrade-python3-ceph-common centos-upgrade-python3-cephfs centos-upgrade-python3-cephfs-debuginfo centos-upgrade-python3-rados centos-upgrade-python3-rados-debuginfo centos-upgrade-python3-rbd centos-upgrade-python3-rbd-debuginfo centos-upgrade-python3-rgw centos-upgrade-python3-rgw-debuginfo centos-upgrade-rbd-fuse-debuginfo centos-upgrade-rbd-mirror centos-upgrade-rbd-mirror-debuginfo centos-upgrade-rbd-nbd centos-upgrade-rbd-nbd-debuginfo References CVE-2022-3650

Huawei EulerOS: CVE-2018-14628: samba security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 01/17/2023 Created 04/10/2024 Added 04/09/2024 Modified 01/30/2025 Description An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Solution(s) huawei-euleros-2_0_sp9-upgrade-libsmbclient huawei-euleros-2_0_sp9-upgrade-libwbclient huawei-euleros-2_0_sp9-upgrade-samba huawei-euleros-2_0_sp9-upgrade-samba-client huawei-euleros-2_0_sp9-upgrade-samba-common huawei-euleros-2_0_sp9-upgrade-samba-common-tools huawei-euleros-2_0_sp9-upgrade-samba-libs huawei-euleros-2_0_sp9-upgrade-samba-winbind huawei-euleros-2_0_sp9-upgrade-samba-winbind-clients huawei-euleros-2_0_sp9-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2018-14628 CVE - 2018-14628 EulerOS-SA-2024-1517

Red Hat: CVE-2006-20001: out-of-bounds read/write of zero byte (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/17/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Solution(s) redhat-upgrade-httpd redhat-upgrade-httpd-core redhat-upgrade-httpd-core-debuginfo redhat-upgrade-httpd-debuginfo redhat-upgrade-httpd-debugsource redhat-upgrade-httpd-devel redhat-upgrade-httpd-filesystem redhat-upgrade-httpd-manual redhat-upgrade-httpd-tools redhat-upgrade-httpd-tools-debuginfo redhat-upgrade-mod_http2 redhat-upgrade-mod_http2-debuginfo redhat-upgrade-mod_http2-debugsource redhat-upgrade-mod_ldap redhat-upgrade-mod_ldap-debuginfo redhat-upgrade-mod_lua redhat-upgrade-mod_lua-debuginfo redhat-upgrade-mod_md redhat-upgrade-mod_md-debuginfo redhat-upgrade-mod_md-debugsource redhat-upgrade-mod_proxy_html redhat-upgrade-mod_proxy_html-debuginfo redhat-upgrade-mod_session redhat-upgrade-mod_session-debuginfo redhat-upgrade-mod_ssl redhat-upgrade-mod_ssl-debuginfo References CVE-2006-20001 RHSA-2023:0852 RHSA-2023:0970