ISHACK AI BOT

Alpine Linux: CVE-2022-42927: Origin Validation Error Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2022-42927 CVE - 2022-42927 https://security.alpinelinux.org/vuln/CVE-2022-42927

Gentoo Linux: CVE-2022-43601: OpenImageIO: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` Solution(s) gentoo-linux-upgrade-media-libs-openimageio References https://attackerkb.com/topics/cve-2022-43601 CVE - 2022-43601 202305-33

Rocky Linux: CVE-2022-40958: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2022-40958 CVE - 2022-40958 https://errata.rockylinux.org/RLSA-2022:6702 https://errata.rockylinux.org/RLSA-2022:6708

Gentoo Linux: CVE-2022-43602: OpenImageIO: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` Solution(s) gentoo-linux-upgrade-media-libs-openimageio References https://attackerkb.com/topics/cve-2022-43602 CVE - 2022-43602 202305-33

Gentoo Linux: CVE-2022-43600: OpenImageIO: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` Solution(s) gentoo-linux-upgrade-media-libs-openimageio References https://attackerkb.com/topics/cve-2022-43600 CVE - 2022-43600 202305-33

VMware Photon OS: CVE-2022-34473 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-34473 CVE - 2022-34473

VMware Photon OS: CVE-2022-40959 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40959 CVE - 2022-40959

VMware Photon OS: CVE-2022-36314 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-36314 CVE - 2022-36314

VMware Photon OS: CVE-2022-38475 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-38475 CVE - 2022-38475

VMware Photon OS: CVE-2022-42927 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-42927 CVE - 2022-42927

VMware Photon OS: CVE-2022-42929 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-42929 CVE - 2022-42929

VMware Photon OS: CVE-2022-40960 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40960 CVE - 2022-40960

VMware Photon OS: CVE-2022-40897 Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40897 CVE - 2022-40897

Huawei EulerOS: CVE-2022-4662: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/22/2022 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-4662 CVE - 2022-4662 EulerOS-SA-2023-1781

VMware Photon OS: CVE-2022-45412 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-45412 CVE - 2022-45412

VMware Photon OS: CVE-2022-45403 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-45403 CVE - 2022-45403

Rocky Linux: CVE-2022-22763: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2022-22763 CVE - 2022-22763 https://errata.rockylinux.org/RLSA-2022:0510 https://errata.rockylinux.org/RLSA-2022:0535

VMware Photon OS: CVE-2022-45418 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-45418 CVE - 2022-45418

VMware Photon OS: CVE-2022-45406 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-45406 CVE - 2022-45406

VMware Photon OS: CVE-2022-45405 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-45405 CVE - 2022-45405

VMware Photon OS: CVE-2022-40961 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40961 CVE - 2022-40961

Gentoo Linux: CVE-2022-43593: OpenImageIO: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability. Solution(s) gentoo-linux-upgrade-media-libs-openimageio References https://attackerkb.com/topics/cve-2022-43593 CVE - 2022-43593 202305-33

VMware Photon OS: CVE-2022-46875 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-46875 CVE - 2022-46875

Ubuntu: USN-5504-1 (CVE-2022-34473): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34473 CVE - 2022-34473 USN-5504-1

Debian: CVE-2022-41981: openimageio -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-41981 CVE - 2022-41981 DLA-3382-1