ISHACK AI BOT

Red Hat: CVE-2022-4415: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) redhat-upgrade-systemd redhat-upgrade-systemd-container redhat-upgrade-systemd-container-debuginfo redhat-upgrade-systemd-debuginfo redhat-upgrade-systemd-debugsource redhat-upgrade-systemd-devel redhat-upgrade-systemd-devel-debuginfo redhat-upgrade-systemd-journal-remote redhat-upgrade-systemd-journal-remote-debuginfo redhat-upgrade-systemd-libs redhat-upgrade-systemd-libs-debuginfo redhat-upgrade-systemd-oomd redhat-upgrade-systemd-oomd-debuginfo redhat-upgrade-systemd-pam redhat-upgrade-systemd-pam-debuginfo redhat-upgrade-systemd-resolved redhat-upgrade-systemd-resolved-debuginfo redhat-upgrade-systemd-rpm-macros redhat-upgrade-systemd-standalone-sysusers-debuginfo redhat-upgrade-systemd-standalone-tmpfiles-debuginfo redhat-upgrade-systemd-tests redhat-upgrade-systemd-tests-debuginfo redhat-upgrade-systemd-udev redhat-upgrade-systemd-udev-debuginfo References CVE-2022-4415 RHSA-2023:0837 RHSA-2023:0954 RHSA-2024:1105

Huawei EulerOS: CVE-2022-4415: systemd security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) huawei-euleros-2_0_sp8-upgrade-systemd huawei-euleros-2_0_sp8-upgrade-systemd-container huawei-euleros-2_0_sp8-upgrade-systemd-devel huawei-euleros-2_0_sp8-upgrade-systemd-journal-remote huawei-euleros-2_0_sp8-upgrade-systemd-libs huawei-euleros-2_0_sp8-upgrade-systemd-pam huawei-euleros-2_0_sp8-upgrade-systemd-udev huawei-euleros-2_0_sp8-upgrade-systemd-udev-compat References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 EulerOS-SA-2023-3162

VMware Photon OS: CVE-2022-46176 Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:C/A:N) Published 01/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-46176 CVE - 2022-46176

Oracle Linux: CVE-2023-45863: ELSA-2024-2394:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 01/11/2023 Created 02/14/2024 Added 02/13/2024 Modified 01/23/2025 Description An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel&apos;s kobject functionality, potentially triggering a race condition in the kobject_get_path function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-45863 CVE - 2023-45863 ELSA-2024-2394 ELSA-2024-12150 ELSA-2024-12258 ELSA-2024-12151 ELSA-2024-12153 ELSA-2024-12154 ELSA-2024-3138 View more

Debian: CVE-2022-4415: systemd -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) debian-upgrade-systemd References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415

Ubuntu: (Multiple Advisories) (CVE-2022-31631): PHP vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/11/2023 Created 01/25/2023 Added 01/24/2023 Modified 02/14/2025 Description In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. Solution(s) ubuntu-pro-upgrade-libapache2-mod-php7-0 ubuntu-pro-upgrade-libapache2-mod-php7-2 ubuntu-pro-upgrade-libapache2-mod-php7-4 ubuntu-pro-upgrade-libapache2-mod-php8-0 ubuntu-pro-upgrade-libapache2-mod-php8-1 ubuntu-pro-upgrade-php7-0 ubuntu-pro-upgrade-php7-0-cgi ubuntu-pro-upgrade-php7-0-cli ubuntu-pro-upgrade-php7-0-fpm ubuntu-pro-upgrade-php7-0-sqlite3 ubuntu-pro-upgrade-php7-0-zip ubuntu-pro-upgrade-php7-2 ubuntu-pro-upgrade-php7-2-cgi ubuntu-pro-upgrade-php7-2-cli ubuntu-pro-upgrade-php7-2-sqlite3 ubuntu-pro-upgrade-php7-4 ubuntu-pro-upgrade-php7-4-cgi ubuntu-pro-upgrade-php7-4-cli ubuntu-pro-upgrade-php7-4-sqlite3 ubuntu-pro-upgrade-php8-1 ubuntu-pro-upgrade-php8-1-cgi ubuntu-pro-upgrade-php8-1-cli ubuntu-pro-upgrade-php8-1-sqlite3 References https://attackerkb.com/topics/cve-2022-31631 CVE - 2022-31631 CVE-2022-31631 USN-5818-1 USN-5905-1

Debian: CVE-2022-4696: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/11/2023 Created 01/25/2023 Added 01/25/2023 Modified 01/30/2025 Description There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-4696 CVE - 2022-4696 DSA-5324-1

Microsoft CVE-2023-21744: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21744: Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) msft-kb5002336-32b2ec76-aba3-4234-813f-659d1c71a578 References https://attackerkb.com/topics/cve-2023-21744 CVE - 2023-21744 5002329 5002331 5002336 5002338

Microsoft CVE-2023-21741: Microsoft Office Visio Information Disclosure Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:P) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21741: Microsoft Office Visio Information Disclosure Vulnerability Solution(s) msft-kb5002332-9d578e32-656d-4b56-a634-bb0c66c5732a msft-kb5002332-dda8c9ad-f5db-496f-a1e3-ad67cc273bbf References https://attackerkb.com/topics/cve-2023-21741 CVE - 2023-21741 5002332 5002337

Microsoft Windows: CVE-2023-21739: Windows Bluetooth Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Bluetooth Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 References https://attackerkb.com/topics/cve-2023-21739 CVE - 2023-21739 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 View more

Microsoft CVE-2023-21737: Microsoft Office Visio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21737: Microsoft Office Visio Remote Code Execution Vulnerability Solution(s) msft-kb5002332-9d578e32-656d-4b56-a634-bb0c66c5732a msft-kb5002332-dda8c9ad-f5db-496f-a1e3-ad67cc273bbf References https://attackerkb.com/topics/cve-2023-21737 CVE - 2023-21737 5002332 5002337

Microsoft Windows: CVE-2023-21733: Windows Bind Filter Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Bind Filter Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 References https://attackerkb.com/topics/cve-2023-21733 CVE - 2023-21733 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022303

Microsoft Windows: CVE-2023-21732: Microsoft ODBC Driver Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft ODBC Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21732 CVE - 2023-21732 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

VMware Photon OS: CVE-2022-4696 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-4696 CVE - 2022-4696

CentOS Linux: CVE-2022-4415: Moderate: systemd security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) centos-upgrade-systemd centos-upgrade-systemd-container centos-upgrade-systemd-container-debuginfo centos-upgrade-systemd-debuginfo centos-upgrade-systemd-debugsource centos-upgrade-systemd-devel centos-upgrade-systemd-devel-debuginfo centos-upgrade-systemd-journal-remote centos-upgrade-systemd-journal-remote-debuginfo centos-upgrade-systemd-libs centos-upgrade-systemd-libs-debuginfo centos-upgrade-systemd-oomd centos-upgrade-systemd-oomd-debuginfo centos-upgrade-systemd-pam centos-upgrade-systemd-pam-debuginfo centos-upgrade-systemd-resolved centos-upgrade-systemd-resolved-debuginfo centos-upgrade-systemd-rpm-macros centos-upgrade-systemd-standalone-sysusers-debuginfo centos-upgrade-systemd-standalone-tmpfiles-debuginfo centos-upgrade-systemd-tests centos-upgrade-systemd-tests-debuginfo centos-upgrade-systemd-udev centos-upgrade-systemd-udev-debuginfo References CVE-2022-4415

Google Chrome Vulnerability: CVE-2023-0128 Use after free in Overview Mode Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/11/2023 Created 01/14/2023 Added 01/11/2023 Modified 01/28/2025 Description Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-0128 CVE - 2023-0128 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html

Cisco TelePresence Endpoint Software (TC/CE): CVE-2023-20002: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities Severity 3 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:N) Published 01/11/2023 Created 10/05/2024 Added 09/30/2024 Modified 02/14/2025 Description A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system. Solution(s) cisco-telepresence-ce-upgrade-latest References https://attackerkb.com/topics/cve-2023-20002 CVE - 2023-20002 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK cisco-sa-roomos-dkjGFgRK

Cisco TelePresence Endpoint Software (TC/CE): CVE-2023-20008: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:C/A:N) Published 01/11/2023 Created 10/05/2024 Added 09/30/2024 Modified 02/14/2025 Description A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. Solution(s) cisco-telepresence-ce-upgrade-latest References https://attackerkb.com/topics/cve-2023-20008 CVE - 2023-20008 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK cisco-sa-roomos-dkjGFgRK

Amazon Linux 2023: CVE-2023-1579: Medium priority package update for binutils Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. A heap based buffer overflow was found in binutils-gdb/bfd/libbfd.c in bfd_getl64 in binutils. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2023-1579 CVE - 2023-1579 https://alas.aws.amazon.com/AL2023/ALAS-2023-425.html

Alma Linux: CVE-2022-4415: Moderate: systemd security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) alma-upgrade-systemd alma-upgrade-systemd-container alma-upgrade-systemd-devel alma-upgrade-systemd-journal-remote alma-upgrade-systemd-libs alma-upgrade-systemd-oomd alma-upgrade-systemd-pam alma-upgrade-systemd-resolved alma-upgrade-systemd-rpm-macros alma-upgrade-systemd-tests alma-upgrade-systemd-udev References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 https://errata.almalinux.org/8/ALSA-2023-0837.html https://errata.almalinux.org/9/ALSA-2023-0954.html

Rocky Linux: CVE-2022-4415: systemd (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) rocky-upgrade-systemd rocky-upgrade-systemd-container rocky-upgrade-systemd-container-debuginfo rocky-upgrade-systemd-debuginfo rocky-upgrade-systemd-debugsource rocky-upgrade-systemd-devel rocky-upgrade-systemd-devel-debuginfo rocky-upgrade-systemd-journal-remote rocky-upgrade-systemd-journal-remote-debuginfo rocky-upgrade-systemd-libs rocky-upgrade-systemd-libs-debuginfo rocky-upgrade-systemd-oomd rocky-upgrade-systemd-oomd-debuginfo rocky-upgrade-systemd-pam rocky-upgrade-systemd-pam-debuginfo rocky-upgrade-systemd-resolved rocky-upgrade-systemd-resolved-debuginfo rocky-upgrade-systemd-tests rocky-upgrade-systemd-tests-debuginfo rocky-upgrade-systemd-udev rocky-upgrade-systemd-udev-debuginfo References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 https://errata.rockylinux.org/RLSA-2023:0837 https://errata.rockylinux.org/RLSA-2023:0954

Huawei EulerOS: CVE-2022-4415: systemd security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/11/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) huawei-euleros-2_0_sp10-upgrade-systemd huawei-euleros-2_0_sp10-upgrade-systemd-container huawei-euleros-2_0_sp10-upgrade-systemd-libs huawei-euleros-2_0_sp10-upgrade-systemd-networkd huawei-euleros-2_0_sp10-upgrade-systemd-nspawn huawei-euleros-2_0_sp10-upgrade-systemd-pam huawei-euleros-2_0_sp10-upgrade-systemd-resolved huawei-euleros-2_0_sp10-upgrade-systemd-timesyncd huawei-euleros-2_0_sp10-upgrade-systemd-udev huawei-euleros-2_0_sp10-upgrade-systemd-udev-compat References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 EulerOS-SA-2023-1567

Microsoft Office: CVE-2023-21736: Microsoft Office Visio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft Office Visio Remote Code Execution Vulnerability Solution(s) microsoft-visio_2016-kb5002337 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-21736 CVE - 2023-21736 https://support.microsoft.com/help/5002337

Huawei EulerOS: CVE-2022-4696: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/11/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/30/2025 Description There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-4696 CVE - 2022-4696 EulerOS-SA-2023-1781

Microsoft Office: CVE-2023-21734: Microsoft Office Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft Office Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-21734 CVE - 2023-21734