ISHACK AI BOT

OS X update for Core Bluetooth (CVE-2022-3437) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 01/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alpine Linux: CVE-2023-23456: Out-of-bounds Write Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 01/12/2023 Created 08/23/2024 Added 08/22/2024 Modified 01/28/2025 Description A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. Solution(s) alpine-linux-upgrade-upx References https://attackerkb.com/topics/cve-2023-23456 CVE - 2023-23456 https://security.alpinelinux.org/vuln/CVE-2023-23456

VMware Photon OS: CVE-2022-3628 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/12/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-3628 CVE - 2022-3628

Alpine Linux: CVE-2023-23457: Improper Restriction of Operations within the Bounds of a Memory Buffer Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 01/12/2023 Created 08/23/2024 Added 08/22/2024 Modified 01/28/2025 Description A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Solution(s) alpine-linux-upgrade-upx References https://attackerkb.com/topics/cve-2023-23457 CVE - 2023-23457 https://security.alpinelinux.org/vuln/CVE-2023-23457

Ubuntu: (Multiple Advisories) (CVE-2023-23455): Linux kernel (OEM) vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/12/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). Solution(s) ubuntu-upgrade-linux-image-4-15-0-1062-dell300x ubuntu-upgrade-linux-image-4-15-0-1116-oracle ubuntu-upgrade-linux-image-4-15-0-1129-raspi2 ubuntu-upgrade-linux-image-4-15-0-1137-kvm ubuntu-upgrade-linux-image-4-15-0-1147-gcp ubuntu-upgrade-linux-image-4-15-0-1148-snapdragon ubuntu-upgrade-linux-image-4-15-0-1153-aws ubuntu-upgrade-linux-image-4-15-0-1162-azure ubuntu-upgrade-linux-image-4-15-0-208-generic ubuntu-upgrade-linux-image-4-15-0-208-generic-lpae ubuntu-upgrade-linux-image-4-15-0-208-lowlatency ubuntu-upgrade-linux-image-4-4-0-1117-aws ubuntu-upgrade-linux-image-4-4-0-1118-kvm ubuntu-upgrade-linux-image-4-4-0-1155-aws ubuntu-upgrade-linux-image-4-4-0-239-generic ubuntu-upgrade-linux-image-4-4-0-239-lowlatency ubuntu-upgrade-linux-image-5-15-0-1017-gkeop ubuntu-upgrade-linux-image-5-15-0-1026-raspi ubuntu-upgrade-linux-image-5-15-0-1026-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1027-ibm ubuntu-upgrade-linux-image-5-15-0-1027-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1029-gke ubuntu-upgrade-linux-image-5-15-0-1030-gke ubuntu-upgrade-linux-image-5-15-0-1030-kvm ubuntu-upgrade-linux-image-5-15-0-1031-gcp ubuntu-upgrade-linux-image-5-15-0-1032-oracle ubuntu-upgrade-linux-image-5-15-0-1033-aws ubuntu-upgrade-linux-image-5-15-0-1035-azure ubuntu-upgrade-linux-image-5-15-0-1035-azure-fde ubuntu-upgrade-linux-image-5-15-0-69-generic ubuntu-upgrade-linux-image-5-15-0-69-generic-64k ubuntu-upgrade-linux-image-5-15-0-69-generic-lpae ubuntu-upgrade-linux-image-5-15-0-69-lowlatency ubuntu-upgrade-linux-image-5-15-0-69-lowlatency-64k ubuntu-upgrade-linux-image-5-17-0-1031-oem ubuntu-upgrade-linux-image-5-19-0-1018-raspi ubuntu-upgrade-linux-image-5-19-0-1018-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1022-ibm ubuntu-upgrade-linux-image-5-19-0-1023-kvm ubuntu-upgrade-linux-image-5-19-0-1023-oracle ubuntu-upgrade-linux-image-5-19-0-1024-gcp ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1025-aws ubuntu-upgrade-linux-image-5-19-0-1026-azure ubuntu-upgrade-linux-image-5-19-0-42-generic ubuntu-upgrade-linux-image-5-19-0-42-generic-64k ubuntu-upgrade-linux-image-5-19-0-42-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1045-ibm ubuntu-upgrade-linux-image-5-4-0-1059-bluefield ubuntu-upgrade-linux-image-5-4-0-1065-gkeop ubuntu-upgrade-linux-image-5-4-0-1081-raspi ubuntu-upgrade-linux-image-5-4-0-1087-kvm ubuntu-upgrade-linux-image-5-4-0-1094-oracle ubuntu-upgrade-linux-image-5-4-0-1095-gke ubuntu-upgrade-linux-image-5-4-0-1097-aws ubuntu-upgrade-linux-image-5-4-0-1101-gcp ubuntu-upgrade-linux-image-5-4-0-1104-azure ubuntu-upgrade-linux-image-5-4-0-144-generic ubuntu-upgrade-linux-image-5-4-0-144-generic-lpae ubuntu-upgrade-linux-image-5-4-0-144-lowlatency ubuntu-upgrade-linux-image-6-0-0-1015-oem ubuntu-upgrade-linux-image-6-1-0-1007-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-dell300x ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial References https://attackerkb.com/topics/cve-2023-23455 CVE - 2023-23455 DSA-5324 USN-5915-1 USN-5917-1 USN-5924-1 USN-5927-1 USN-5934-1 USN-5939-1 USN-5940-1 USN-5951-1 USN-5975-1 USN-5981-1 USN-5982-1 USN-5984-1 USN-5987-1 USN-5991-1 USN-6000-1 USN-6001-1 USN-6004-1 USN-6009-1 USN-6013-1 USN-6014-1 USN-6030-1 USN-6071-1 USN-6072-1 USN-6079-1 USN-6091-1 USN-6096-1 View more

Red Hat: CVE-2022-4139: Incorrect GPU TLB flush can lead to random memory access (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/12/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-4139 RHSA-2023:0101 RHSA-2023:0114 RHSA-2023:0123 RHSA-2023:0300 RHSA-2023:0334 RHSA-2023:0348 RHSA-2023:0440 RHSA-2023:0441 RHSA-2023:0496 RHSA-2023:0499 RHSA-2023:0512 RHSA-2023:0526 RHSA-2023:0531 RHSA-2023:0536 View more

Ubuntu: (Multiple Advisories) (CVE-2023-23454): Linux kernel (OEM) vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/12/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). Solution(s) ubuntu-upgrade-linux-image-5-15-0-1017-gkeop ubuntu-upgrade-linux-image-5-15-0-1026-raspi ubuntu-upgrade-linux-image-5-15-0-1026-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1027-ibm ubuntu-upgrade-linux-image-5-15-0-1027-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1029-gke ubuntu-upgrade-linux-image-5-15-0-1030-gke ubuntu-upgrade-linux-image-5-15-0-1030-kvm ubuntu-upgrade-linux-image-5-15-0-1031-gcp ubuntu-upgrade-linux-image-5-15-0-1032-oracle ubuntu-upgrade-linux-image-5-15-0-1033-aws ubuntu-upgrade-linux-image-5-15-0-1035-azure ubuntu-upgrade-linux-image-5-15-0-1035-azure-fde ubuntu-upgrade-linux-image-5-15-0-69-generic ubuntu-upgrade-linux-image-5-15-0-69-generic-64k ubuntu-upgrade-linux-image-5-15-0-69-generic-lpae ubuntu-upgrade-linux-image-5-15-0-69-lowlatency ubuntu-upgrade-linux-image-5-15-0-69-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1018-raspi ubuntu-upgrade-linux-image-5-19-0-1018-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1022-ibm ubuntu-upgrade-linux-image-5-19-0-1023-kvm ubuntu-upgrade-linux-image-5-19-0-1023-oracle ubuntu-upgrade-linux-image-5-19-0-1024-gcp ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1025-aws ubuntu-upgrade-linux-image-5-19-0-1026-azure ubuntu-upgrade-linux-image-5-19-0-42-generic ubuntu-upgrade-linux-image-5-19-0-42-generic-64k ubuntu-upgrade-linux-image-5-19-0-42-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1045-ibm ubuntu-upgrade-linux-image-5-4-0-1059-bluefield ubuntu-upgrade-linux-image-5-4-0-1065-gkeop ubuntu-upgrade-linux-image-5-4-0-1081-raspi ubuntu-upgrade-linux-image-5-4-0-1087-kvm ubuntu-upgrade-linux-image-5-4-0-1094-oracle ubuntu-upgrade-linux-image-5-4-0-1095-gke ubuntu-upgrade-linux-image-5-4-0-1097-aws ubuntu-upgrade-linux-image-5-4-0-1101-gcp ubuntu-upgrade-linux-image-5-4-0-1104-azure ubuntu-upgrade-linux-image-5-4-0-144-generic ubuntu-upgrade-linux-image-5-4-0-144-generic-lpae ubuntu-upgrade-linux-image-5-4-0-144-lowlatency ubuntu-upgrade-linux-image-6-1-0-1007-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-23454 CVE - 2023-23454 DSA-5324 USN-5915-1 USN-5917-1 USN-5934-1 USN-5939-1 USN-5940-1 USN-5951-1 USN-5982-1 USN-5987-1 USN-6000-1 USN-6004-1 USN-6079-1 USN-6091-1 USN-6096-1 View more

OS X update for DriverKit (CVE-2022-3437) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 01/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2022-3515 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/12/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-3515 CVE - 2022-3515

FFmpeg: CVE-2022-3341: NULL Pointer Dereference Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/12/2023 Created 01/24/2023 Added 01/23/2023 Modified 01/30/2025 Description A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. Solution(s) ffmpeg-upgrade-4_3_7 ffmpeg-upgrade-4_4_4 ffmpeg-upgrade-5_0_3 ffmpeg-upgrade-5_1 References https://attackerkb.com/topics/cve-2022-3341 CVE - 2022-3341

FreeBSD: VID-847F16E5-9406-11ED-A925-3065EC8FD3EC: security/tor -- SOCKS4(a) inversion bug Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/12/2023 Created 01/17/2023 Added 01/15/2023 Modified 01/15/2023 Description The Tor Project reports: TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through This is a report from hackerone: We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a). Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected. Solution(s) freebsd-upgrade-package-tor

Gentoo Linux: CVE-2022-4743: libsdl2: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/12/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. Solution(s) gentoo-linux-upgrade-media-libs-libsdl2 References https://attackerkb.com/topics/cve-2022-4743 CVE - 2022-4743 202305-18

Google Chrome Vulnerability: CVE-2023-0133 Inappropriate implementation in Permission prompts Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/11/2023 Created 01/14/2023 Added 01/11/2023 Modified 01/28/2025 Description Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-0133 CVE - 2023-0133 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1375132

SUSE: CVE-2022-4743: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/11/2023 Created 01/13/2023 Added 01/12/2023 Modified 01/28/2025 Description A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. Solution(s) suse-upgrade-libsdl2-2_0-0 suse-upgrade-libsdl2-2_0-0-32bit suse-upgrade-libsdl2-devel suse-upgrade-libsdl2-devel-32bit References https://attackerkb.com/topics/cve-2022-4743 CVE - 2022-4743

Google Chrome Vulnerability: CVE-2023-0139 Insufficient validation of untrusted input in Downloads Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/11/2023 Created 01/14/2023 Added 01/11/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-0139 CVE - 2023-0139 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1367632

Gentoo Linux: CVE-2022-4415: systemd: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) gentoo-linux-upgrade-sys-apps-systemd References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 202405-04

Gentoo Linux: CVE-2022-46176: Rust: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/11/2023 Created 09/24/2024 Added 09/23/2024 Modified 01/30/2025 Description Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible. Solution(s) gentoo-linux-upgrade-dev-lang-rust gentoo-linux-upgrade-dev-lang-rust-bin References https://attackerkb.com/topics/cve-2022-46176 CVE - 2022-46176 202409-07

Alpine Linux: CVE-2022-46176: Improper Verification of Cryptographic Signature Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible. Solution(s) alpine-linux-upgrade-rust References https://attackerkb.com/topics/cve-2022-46176 CVE - 2022-46176 https://security.alpinelinux.org/vuln/CVE-2022-46176

Amazon Linux 2023: CVE-2023-45863: Important priority package update for kernel Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 01/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel&apos;s kobject functionality, potentially triggering a race condition in the kobject_get_path function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-19-30-43 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-45863 CVE - 2023-45863 https://alas.aws.amazon.com/AL2023/ALAS-2023-138.html

F5 BIG-IQ: K94221585: iControl SOAP vulnerability CVE-2022-41622 Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 01/11/2023 Created 01/13/2023 Added 01/11/2023 Modified 08/29/2024 Description BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Solution(s) f5-big-iq-upgrade-latest References https://support.f5.com/csp/article/K94221585 http://blog.rapid7.com/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures

Debian: CVE-2020-36649: mediawiki -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/11/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004. Solution(s) debian-upgrade-mediawiki References https://attackerkb.com/topics/cve-2020-36649 CVE - 2020-36649

Oracle Linux: CVE-2023-1579: ELSA-2024-2353:mingw components security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/11/2023 Created 05/22/2024 Added 05/07/2024 Modified 12/20/2024 Description Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. A heap based buffer overflow was found in binutils-gdb/bfd/libbfd.c in bfd_getl64 in binutils. Solution(s) oracle-linux-upgrade-mingw32-binutils oracle-linux-upgrade-mingw32-cpp oracle-linux-upgrade-mingw32-crt oracle-linux-upgrade-mingw32-filesystem oracle-linux-upgrade-mingw32-gcc oracle-linux-upgrade-mingw32-gcc-c oracle-linux-upgrade-mingw32-headers oracle-linux-upgrade-mingw32-libffi oracle-linux-upgrade-mingw32-libgcc oracle-linux-upgrade-mingw32-libstdc oracle-linux-upgrade-mingw32-winpthreads oracle-linux-upgrade-mingw32-winpthreads-static oracle-linux-upgrade-mingw32-zlib oracle-linux-upgrade-mingw32-zlib-static oracle-linux-upgrade-mingw64-binutils oracle-linux-upgrade-mingw64-cpp oracle-linux-upgrade-mingw64-crt oracle-linux-upgrade-mingw64-filesystem oracle-linux-upgrade-mingw64-gcc oracle-linux-upgrade-mingw64-gcc-c oracle-linux-upgrade-mingw64-headers oracle-linux-upgrade-mingw64-libffi oracle-linux-upgrade-mingw64-libgcc oracle-linux-upgrade-mingw64-libstdc oracle-linux-upgrade-mingw64-winpthreads oracle-linux-upgrade-mingw64-winpthreads-static oracle-linux-upgrade-mingw64-zlib oracle-linux-upgrade-mingw64-zlib-static oracle-linux-upgrade-mingw-binutils-generic oracle-linux-upgrade-mingw-filesystem-base oracle-linux-upgrade-mingw-w64-tools References https://attackerkb.com/topics/cve-2023-1579 CVE - 2023-1579 ELSA-2024-2353

Ubuntu: (CVE-2022-46176): cargo vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/11/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/30/2025 Description Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible. Solution(s) ubuntu-upgrade-cargo ubuntu-upgrade-rust-cargo References https://attackerkb.com/topics/cve-2022-46176 CVE - 2022-46176 https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176 https://www.cve.org/CVERecord?id=CVE-2022-46176 https://www.openwall.com/lists/oss-security/2023/01/10/3

Ubuntu: USN-5928-1 (CVE-2022-4415): systemd vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) ubuntu-upgrade-systemd References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 USN-5928-1

MediaWiki: Incorrect Authorization (CVE-2023-22945) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 01/11/2023 Created 01/20/2023 Added 01/20/2023 Modified 01/28/2025 Description In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. Solution(s) mediawiki-upgrade-latest References https://attackerkb.com/topics/cve-2023-22945 CVE - 2023-22945 https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/ https://phabricator.wikimedia.org/T321733