ISHACK AI BOT

Rocky Linux: CVE-2022-38473: firefox (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/30/2025 Description A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2022-38473 CVE - 2022-38473 https://errata.rockylinux.org/RLSA-2022:6164 https://errata.rockylinux.org/RLSA-2022:6175

Alpine Linux: CVE-2022-34475: Cross-site Scripting Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102. Solution(s) alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34475 CVE - 2022-34475 https://security.alpinelinux.org/vuln/CVE-2022-34475

Rocky Linux: CVE-2022-46878: firefox (RLSA-2022-9067) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource References https://attackerkb.com/topics/cve-2022-46878 CVE - 2022-46878 https://errata.rockylinux.org/RLSA-2022:9067

VMware Photon OS: CVE-2022-40958 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40958 CVE - 2022-40958

VMware Photon OS: CVE-2022-40956 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40956 CVE - 2022-40956

VMware Photon OS: CVE-2022-40957 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40957 CVE - 2022-40957

VMware Photon OS: CVE-2022-45420 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-45420 CVE - 2022-45420

Oracle Linux: CVE-2022-40897: ELSA-2023-12348:python3-setuptools security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 02/23/2023 Added 02/22/2023 Modified 01/08/2025 Description Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page. Solution(s) oracle-linux-upgrade-babel oracle-linux-upgrade-platform-python-setuptools oracle-linux-upgrade-python2 oracle-linux-upgrade-python2-attrs oracle-linux-upgrade-python2-babel oracle-linux-upgrade-python2-backports oracle-linux-upgrade-python2-backports-ssl-match-hostname oracle-linux-upgrade-python2-bson oracle-linux-upgrade-python2-chardet oracle-linux-upgrade-python2-coverage oracle-linux-upgrade-python2-cython oracle-linux-upgrade-python2-debug oracle-linux-upgrade-python2-devel oracle-linux-upgrade-python2-dns oracle-linux-upgrade-python2-docs oracle-linux-upgrade-python2-docs-info oracle-linux-upgrade-python2-docutils oracle-linux-upgrade-python2-funcsigs oracle-linux-upgrade-python2-idna oracle-linux-upgrade-python2-ipaddress oracle-linux-upgrade-python2-jinja2 oracle-linux-upgrade-python2-libs oracle-linux-upgrade-python2-lxml oracle-linux-upgrade-python2-markupsafe oracle-linux-upgrade-python2-mock oracle-linux-upgrade-python2-nose oracle-linux-upgrade-python2-numpy oracle-linux-upgrade-python2-numpy-doc oracle-linux-upgrade-python2-numpy-f2py oracle-linux-upgrade-python2-pip oracle-linux-upgrade-python2-pip-wheel oracle-linux-upgrade-python2-pluggy oracle-linux-upgrade-python2-psycopg2 oracle-linux-upgrade-python2-psycopg2-debug oracle-linux-upgrade-python2-psycopg2-tests oracle-linux-upgrade-python2-py oracle-linux-upgrade-python2-pygments oracle-linux-upgrade-python2-pymongo oracle-linux-upgrade-python2-pymongo-gridfs oracle-linux-upgrade-python2-pymysql oracle-linux-upgrade-python2-pysocks oracle-linux-upgrade-python2-pytest oracle-linux-upgrade-python2-pytest-mock oracle-linux-upgrade-python2-pytz oracle-linux-upgrade-python2-pyyaml oracle-linux-upgrade-python2-requests oracle-linux-upgrade-python2-rpm-macros oracle-linux-upgrade-python2-scipy oracle-linux-upgrade-python2-setuptools oracle-linux-upgrade-python2-setuptools-scm oracle-linux-upgrade-python2-setuptools-wheel oracle-linux-upgrade-python2-six oracle-linux-upgrade-python2-sqlalchemy oracle-linux-upgrade-python2-test oracle-linux-upgrade-python2-tkinter oracle-linux-upgrade-python2-tools oracle-linux-upgrade-python2-urllib3 oracle-linux-upgrade-python2-virtualenv oracle-linux-upgrade-python2-wheel oracle-linux-upgrade-python2-wheel-wheel oracle-linux-upgrade-python39 oracle-linux-upgrade-python39-attrs oracle-linux-upgrade-python39-cffi oracle-linux-upgrade-python39-chardet oracle-linux-upgrade-python39-cryptography oracle-linux-upgrade-python39-cython oracle-linux-upgrade-python39-debug oracle-linux-upgrade-python39-devel oracle-linux-upgrade-python39-idle oracle-linux-upgrade-python39-idna oracle-linux-upgrade-python39-iniconfig oracle-linux-upgrade-python39-libs oracle-linux-upgrade-python39-lxml oracle-linux-upgrade-python39-mod-wsgi oracle-linux-upgrade-python39-more-itertools oracle-linux-upgrade-python39-numpy oracle-linux-upgrade-python39-numpy-doc oracle-linux-upgrade-python39-numpy-f2py oracle-linux-upgrade-python39-packaging oracle-linux-upgrade-python39-pip oracle-linux-upgrade-python39-pip-wheel oracle-linux-upgrade-python39-pluggy oracle-linux-upgrade-python39-ply oracle-linux-upgrade-python39-psutil oracle-linux-upgrade-python39-psycopg2 oracle-linux-upgrade-python39-psycopg2-doc oracle-linux-upgrade-python39-psycopg2-tests oracle-linux-upgrade-python39-py oracle-linux-upgrade-python39-pybind11 oracle-linux-upgrade-python39-pybind11-devel oracle-linux-upgrade-python39-pycparser oracle-linux-upgrade-python39-pymysql oracle-linux-upgrade-python39-pyparsing oracle-linux-upgrade-python39-pysocks oracle-linux-upgrade-python39-pytest oracle-linux-upgrade-python39-pyyaml oracle-linux-upgrade-python39-requests oracle-linux-upgrade-python39-rpm-macros oracle-linux-upgrade-python39-scipy oracle-linux-upgrade-python39-setuptools oracle-linux-upgrade-python39-setuptools-wheel oracle-linux-upgrade-python39-six oracle-linux-upgrade-python39-test oracle-linux-upgrade-python39-tkinter oracle-linux-upgrade-python39-toml oracle-linux-upgrade-python39-urllib3 oracle-linux-upgrade-python39-wcwidth oracle-linux-upgrade-python39-wheel oracle-linux-upgrade-python39-wheel-wheel oracle-linux-upgrade-python3-setuptools oracle-linux-upgrade-python3-setuptools-wheel oracle-linux-upgrade-python-nose-docs oracle-linux-upgrade-python-psycopg2-doc oracle-linux-upgrade-python-sqlalchemy-doc References https://attackerkb.com/topics/cve-2022-40897 CVE - 2022-40897 ELSA-2023-12348 ELSA-2023-0952 ELSA-2023-0835 ELSA-2024-2987 ELSA-2024-2985

VMware Photon OS: CVE-2022-40962 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-40962 CVE - 2022-40962

Gentoo Linux: CVE-2022-41838: OpenImageIO: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) gentoo-linux-upgrade-media-libs-openimageio References https://attackerkb.com/topics/cve-2022-41838 CVE - 2022-41838 202305-33

Alpine Linux: CVE-2022-22754: Incorrect Authorization Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-22754 CVE - 2022-22754 https://security.alpinelinux.org/vuln/CVE-2022-22754

Gentoo Linux: CVE-2022-41649: OpenImageIO: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 12/22/2022 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) gentoo-linux-upgrade-media-libs-openimageio References https://attackerkb.com/topics/cve-2022-41649 CVE - 2022-41649 202305-33

Alpine Linux: CVE-2022-22746: Race Condition Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-22746 CVE - 2022-22746 https://security.alpinelinux.org/vuln/CVE-2022-22746

MFSA2023-03 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.7 (CVE-2022-46871) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. Solution(s) mozilla-thunderbird-upgrade-102_7 References https://attackerkb.com/topics/cve-2022-46871 CVE - 2022-46871 http://www.mozilla.org/security/announce/2023/mfsa2023-03.html

Alpine Linux: CVE-2022-22753: Time-of-check Time-of-use (TOCTOU) Race Condition Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Solution(s) alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-22753 CVE - 2022-22753 https://security.alpinelinux.org/vuln/CVE-2022-22753

Amazon Linux AMI 2: CVE-2022-29913: Security patch for firefox (ALASFIREFOX-2023-011) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 04/26/2024 Added 04/26/2024 Modified 01/28/2025 Description The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2022-29913 AL2/ALASFIREFOX-2023-011 CVE - 2022-29913

Amazon Linux AMI 2: CVE-2022-3266: Security patch for firefox, thunderbird (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2022-3266 AL2/ALAS-2023-1951 AL2/ALASFIREFOX-2023-013 CVE - 2022-3266

MFSA2023-03 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.7 (CVE-2022-46877) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. Solution(s) mozilla-thunderbird-upgrade-102_7 References https://attackerkb.com/topics/cve-2022-46877 CVE - 2022-46877 http://www.mozilla.org/security/announce/2023/mfsa2023-03.html

Red Hat: CVE-2022-46877: CVE-2022-46877 Mozilla: Fullscreen notification bypass (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2022-46877 RHSA-2023:0285 RHSA-2023:0286 RHSA-2023:0288 RHSA-2023:0289 RHSA-2023:0295 RHSA-2023:0296 RHSA-2023:0456 RHSA-2023:0460 RHSA-2023:0461 RHSA-2023:0462 RHSA-2023:0463 RHSA-2023:0476 View more

Ubuntu: USN-5788-1 (CVE-2022-43551): curl vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/21/2022 Created 01/10/2023 Added 01/06/2023 Modified 01/28/2025 Description A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. Solution(s) ubuntu-upgrade-curl ubuntu-upgrade-libcurl3-gnutls ubuntu-upgrade-libcurl3-nss ubuntu-upgrade-libcurl4 References https://attackerkb.com/topics/cve-2022-43551 CVE - 2022-43551 CVE-2022-43551 USN-5788-1

Oracle Linux: CVE-2022-40898: ELSA-2023-6712: python-wheel security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/21/2022 Created 11/18/2023 Added 11/16/2023 Modified 11/29/2024 Description An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Solution(s) oracle-linux-upgrade-python3-wheel oracle-linux-upgrade-python3-wheel-wheel References https://attackerkb.com/topics/cve-2022-40898 CVE - 2022-40898 ELSA-2023-6712

Oracle Linux: CVE-2023-0056: ELSA-2023-1696:haproxy security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:P) Published 12/21/2022 Created 05/05/2023 Added 04/12/2023 Modified 11/27/2024 Description An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Solution(s) oracle-linux-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-0056 CVE - 2023-0056 ELSA-2023-1696

Amazon Linux 2023: CVE-2022-43552: Medium priority package update for curl Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 12/21/2022 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A use after free vulnerability exists in curl &lt;7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer. Solution(s) amazon-linux-2023-upgrade-curl amazon-linux-2023-upgrade-curl-debuginfo amazon-linux-2023-upgrade-curl-debugsource amazon-linux-2023-upgrade-curl-minimal amazon-linux-2023-upgrade-curl-minimal-debuginfo amazon-linux-2023-upgrade-libcurl amazon-linux-2023-upgrade-libcurl-debuginfo amazon-linux-2023-upgrade-libcurl-devel amazon-linux-2023-upgrade-libcurl-minimal amazon-linux-2023-upgrade-libcurl-minimal-debuginfo References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552 https://alas.aws.amazon.com/AL2023/ALAS-2023-083.html

SUSE: CVE-2022-43552: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/21/2022 Created 12/23/2022 Added 12/22/2022 Modified 01/28/2025 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552

Oracle Linux: CVE-2022-4415: ELSA-2023-0837:systemd security and bug fix update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 12/21/2022 Created 02/23/2023 Added 02/22/2023 Modified 12/20/2024 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) oracle-linux-upgrade-systemd oracle-linux-upgrade-systemd-container oracle-linux-upgrade-systemd-devel oracle-linux-upgrade-systemd-journal-remote oracle-linux-upgrade-systemd-libs oracle-linux-upgrade-systemd-oomd oracle-linux-upgrade-systemd-pam oracle-linux-upgrade-systemd-resolved oracle-linux-upgrade-systemd-rpm-macros oracle-linux-upgrade-systemd-tests oracle-linux-upgrade-systemd-udev References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 ELSA-2023-0837 ELSA-2023-0954