ISHACK AI BOT

Ubuntu: (CVE-2022-4025): chromium-browser vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/02/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2022-4025 CVE - 2022-4025 https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html https://crbug.com/1260250 https://www.cve.org/CVERecord?id=CVE-2022-4025

Gentoo Linux: CVE-2022-4198: OpenImageIO: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 01/02/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Solution(s) gentoo-linux-upgrade-media-libs-openimageio References https://attackerkb.com/topics/cve-2022-4198 CVE - 2022-4198 202305-33

Debian: CVE-2022-3863: chromium -- security update Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 01/02/2023 Created 01/06/2023 Added 01/05/2023 Modified 01/28/2025 Description Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2022-3863 CVE - 2022-3863 DSA-5114-1

Debian: CVE-2022-3842: chromium -- security update Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/02/2023 Created 01/06/2023 Added 01/05/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2022-3842 CVE - 2022-3842 DSA-5230-1

Ubuntu: (CVE-2022-3842): chromium-browser vulnerability Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/02/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2022-3842 CVE - 2022-3842 https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html https://crbug.com/1352445 https://www.cve.org/CVERecord?id=CVE-2022-3842

Ubuntu: (CVE-2022-3863): chromium-browser vulnerability Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 01/02/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2022-3863 CVE - 2022-3863 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html https://crbug.com/1306507 https://www.cve.org/CVERecord?id=CVE-2022-3863

Ubuntu: (CVE-2022-2742): chromium-browser vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/02/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2022-2742 CVE - 2022-2742 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1319172 https://www.cve.org/CVERecord?id=CVE-2022-2742

Debian: CVE-2019-13768: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/02/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2019-13768 CVE - 2019-13768 DSA-4395-1

Amazon Linux AMI: CVE-2023-0054: Security patch for vim (ALAS-2023-1716) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. Solution(s) amazon-linux-upgrade-vim References ALAS-2023-1716 CVE-2023-0054

SUSE: CVE-2022-45153: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/02/2023 Created 01/04/2023 Added 01/04/2023 Modified 01/28/2025 Description An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. Solution(s) suse-upgrade-saphanabootstrap-formula References https://attackerkb.com/topics/cve-2022-45153 CVE - 2022-45153

Huawei EulerOS: CVE-2023-0051: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. Solution(s) huawei-euleros-2_0_sp10-upgrade-vim-common huawei-euleros-2_0_sp10-upgrade-vim-enhanced huawei-euleros-2_0_sp10-upgrade-vim-filesystem huawei-euleros-2_0_sp10-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-0051 CVE - 2023-0051 EulerOS-SA-2023-1568

Huawei EulerOS: CVE-2023-0054: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. Solution(s) huawei-euleros-2_0_sp10-upgrade-vim-common huawei-euleros-2_0_sp10-upgrade-vim-enhanced huawei-euleros-2_0_sp10-upgrade-vim-filesystem huawei-euleros-2_0_sp10-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-0054 CVE - 2023-0054 EulerOS-SA-2023-1568

Alpine Linux: CVE-2023-0049: Out-of-bounds Read Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-0049 CVE - 2023-0049 https://security.alpinelinux.org/vuln/CVE-2023-0049

OS X update for AppleMobileFileIntegrity (CVE-2023-0051) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2023-0054 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/04/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0054 CVE - 2023-0054

OS X update for Find My (CVE-2023-0054) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for System Settings (CVE-2023-0049) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for ColorSync (CVE-2023-0049) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreServices (CVE-2023-0054) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for FaceTime (CVE-2023-0054) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2022-46457: Security patch for nasm (ALAS-2023-2277) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 01/04/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. Solution(s) amazon-linux-ami-2-upgrade-nasm amazon-linux-ami-2-upgrade-nasm-debuginfo amazon-linux-ami-2-upgrade-nasm-doc amazon-linux-ami-2-upgrade-nasm-rdoff References https://attackerkb.com/topics/cve-2022-46457 AL2/ALAS-2023-2277 CVE - 2022-46457

OS X update for FaceTime (CVE-2023-0049) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/04/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: (CVE-2022-0801): chromium-browser vulnerability Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 01/02/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2022-0801 CVE - 2022-0801 https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html https://www.cve.org/CVERecord?id=CVE-2022-0801

Ubuntu: (CVE-2021-21200): chromium-browser vulnerability Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:P) Published 01/02/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2021-21200 CVE - 2021-21200 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html https://crbug.com/1164816 https://www.cve.org/CVERecord?id=CVE-2021-21200

Debian: CVE-2021-21200: chromium -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:P) Published 01/02/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2021-21200 CVE - 2021-21200 DSA-4886-1