ISHACK AI BOT

Alma Linux: CVE-2022-4515: Moderate: ctags security update (ALSA-2023-2863) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 05/23/2023 Added 05/23/2023 Modified 01/30/2025 Description A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. Solution(s) alma-upgrade-ctags alma-upgrade-ctags-etags References https://attackerkb.com/topics/cve-2022-4515 CVE - 2022-4515 https://errata.almalinux.org/8/ALSA-2023-2863.html

Huawei EulerOS: CVE-2022-47629: libksba security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) huawei-euleros-2_0_sp10-upgrade-libksba References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629 EulerOS-SA-2023-1553

Huawei EulerOS: CVE-2022-47629: libksba security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) huawei-euleros-2_0_sp11-upgrade-libksba References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629 EulerOS-SA-2023-1782

Rocky Linux: CVE-2022-47629: libksba (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) rocky-upgrade-libksba rocky-upgrade-libksba-debuginfo rocky-upgrade-libksba-debugsource rocky-upgrade-libksba-devel References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629 https://errata.rockylinux.org/RLSA-2023:0625 https://errata.rockylinux.org/RLSA-2023:0626

Amazon Linux AMI 2: CVE-2022-4515: Security patch for ctags (ALAS-2023-2343) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. Solution(s) amazon-linux-ami-2-upgrade-ctags amazon-linux-ami-2-upgrade-ctags-debuginfo amazon-linux-ami-2-upgrade-ctags-etags References https://attackerkb.com/topics/cve-2022-4515 AL2/ALAS-2023-2343 CVE - 2022-4515

Alpine Linux: CVE-2022-47629: Integer Overflow or Wraparound Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) alpine-linux-upgrade-libksba References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629 https://security.alpinelinux.org/vuln/CVE-2022-47629

Amazon Linux 2023: CVE-2023-3357: Important priority package update for kernel Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 12/20/2022 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-10-15-42 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-3357 CVE - 2023-3357 https://alas.aws.amazon.com/AL2023/ALAS-2023-070.html

Ubuntu: USN-6422-1 (CVE-2022-23537): Ring vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). Solution(s) ubuntu-pro-upgrade-jami ubuntu-pro-upgrade-jami-daemon ubuntu-pro-upgrade-ring ubuntu-pro-upgrade-ring-daemon References https://attackerkb.com/topics/cve-2022-23537 CVE - 2022-23537 USN-6422-1

Alma Linux: CVE-2022-3775: Moderate: grub2 security update (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 01/13/2023 Added 01/12/2023 Modified 01/30/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) alma-upgrade-grub2-common alma-upgrade-grub2-efi-aa64 alma-upgrade-grub2-efi-aa64-cdboot alma-upgrade-grub2-efi-aa64-modules alma-upgrade-grub2-efi-ia32 alma-upgrade-grub2-efi-ia32-cdboot alma-upgrade-grub2-efi-ia32-modules alma-upgrade-grub2-efi-x64 alma-upgrade-grub2-efi-x64-cdboot alma-upgrade-grub2-efi-x64-modules alma-upgrade-grub2-pc alma-upgrade-grub2-pc-modules alma-upgrade-grub2-ppc64le alma-upgrade-grub2-ppc64le-modules alma-upgrade-grub2-tools alma-upgrade-grub2-tools-efi alma-upgrade-grub2-tools-extra alma-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2022-3775 CVE - 2022-3775 https://errata.almalinux.org/8/ALSA-2023-0049.html https://errata.almalinux.org/9/ALSA-2023-0752.html

Red Hat: CVE-2022-4515: arbitrary command execution via a tag file with a crafted filename (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 05/17/2023 Added 05/17/2023 Modified 01/30/2025 Description A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. Solution(s) redhat-upgrade-ctags redhat-upgrade-ctags-debuginfo redhat-upgrade-ctags-debugsource redhat-upgrade-ctags-etags References CVE-2022-4515 RHSA-2023:2863

Debian: CVE-2022-47629: libksba -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 12/24/2022 Added 12/23/2022 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) debian-upgrade-libksba References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629 DSA-5305 DSA-5305-1

Amazon Linux AMI: CVE-2022-47629: Security patch for libksba (ALAS-2023-1752) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) amazon-linux-upgrade-libksba References ALAS-2023-1752 CVE-2022-47629 USN-5787-1 USN-5787-2

Debian: CVE-2022-23537: asterisk, ring -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 02/24/2023 Added 02/24/2023 Modified 01/28/2025 Description PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). Solution(s) debian-upgrade-asterisk debian-upgrade-ring References https://attackerkb.com/topics/cve-2022-23537 CVE - 2022-23537 DLA-3335-1 DSA-5358-1

SUSE: CVE-2022-47629: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 01/06/2023 Added 01/06/2023 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) suse-upgrade-libksba-devel suse-upgrade-libksba8 References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629

Debian: CVE-2022-40743: trafficserver -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 12/19/2022 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. Solution(s) debian-upgrade-trafficserver References https://attackerkb.com/topics/cve-2022-40743 CVE - 2022-40743

Rocky Linux: CVE-2022-3775: grub2 (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/30/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) rocky-upgrade-grub2-debuginfo rocky-upgrade-grub2-debugsource rocky-upgrade-grub2-efi-ia32 rocky-upgrade-grub2-efi-ia32-cdboot rocky-upgrade-grub2-efi-x64 rocky-upgrade-grub2-efi-x64-cdboot rocky-upgrade-grub2-pc rocky-upgrade-grub2-tools rocky-upgrade-grub2-tools-debuginfo rocky-upgrade-grub2-tools-efi rocky-upgrade-grub2-tools-efi-debuginfo rocky-upgrade-grub2-tools-extra rocky-upgrade-grub2-tools-extra-debuginfo rocky-upgrade-grub2-tools-minimal rocky-upgrade-grub2-tools-minimal-debuginfo References https://attackerkb.com/topics/cve-2022-3775 CVE - 2022-3775 https://errata.rockylinux.org/RLSA-2023:0049 https://errata.rockylinux.org/RLSA-2023:0752

Debian: CVE-2020-36619: multimon-ng -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/19/2022 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability. Solution(s) debian-upgrade-multimon-ng References https://attackerkb.com/topics/cve-2020-36619 CVE - 2020-36619

CentOS Linux: CVE-2022-3775: Moderate: grub2 security update (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 01/13/2023 Added 01/12/2023 Modified 01/28/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) centos-upgrade-grub2-common centos-upgrade-grub2-debuginfo centos-upgrade-grub2-debugsource centos-upgrade-grub2-efi-aa64-modules centos-upgrade-grub2-efi-ia32 centos-upgrade-grub2-efi-ia32-cdboot centos-upgrade-grub2-efi-ia32-modules centos-upgrade-grub2-efi-x64 centos-upgrade-grub2-efi-x64-cdboot centos-upgrade-grub2-efi-x64-modules centos-upgrade-grub2-emu-debuginfo centos-upgrade-grub2-pc centos-upgrade-grub2-pc-modules centos-upgrade-grub2-ppc64le-modules centos-upgrade-grub2-tools centos-upgrade-grub2-tools-debuginfo centos-upgrade-grub2-tools-efi centos-upgrade-grub2-tools-efi-debuginfo centos-upgrade-grub2-tools-extra centos-upgrade-grub2-tools-extra-debuginfo centos-upgrade-grub2-tools-minimal centos-upgrade-grub2-tools-minimal-debuginfo References CVE-2022-3775

Huawei EulerOS: CVE-2022-3775: grub2 security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 03/09/2023 Added 03/08/2023 Modified 01/30/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) huawei-euleros-2_0_sp11-upgrade-grub2-common huawei-euleros-2_0_sp11-upgrade-grub2-efi-x64 huawei-euleros-2_0_sp11-upgrade-grub2-efi-x64-modules huawei-euleros-2_0_sp11-upgrade-grub2-pc huawei-euleros-2_0_sp11-upgrade-grub2-pc-modules huawei-euleros-2_0_sp11-upgrade-grub2-tools huawei-euleros-2_0_sp11-upgrade-grub2-tools-efi huawei-euleros-2_0_sp11-upgrade-grub2-tools-extra huawei-euleros-2_0_sp11-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2022-3775 CVE - 2022-3775 EulerOS-SA-2023-1422

Huawei EulerOS: CVE-2021-33640: libtar security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/19/2022 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). Solution(s) huawei-euleros-2_0_sp10-upgrade-libtar-help References https://attackerkb.com/topics/cve-2021-33640 CVE - 2021-33640 EulerOS-SA-2023-1554

Huawei EulerOS: CVE-2022-3775: grub2 security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 05/05/2023 Added 04/13/2023 Modified 01/30/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) huawei-euleros-2_0_sp8-upgrade-grub2-common huawei-euleros-2_0_sp8-upgrade-grub2-efi-aa64 huawei-euleros-2_0_sp8-upgrade-grub2-efi-aa64-cdboot huawei-euleros-2_0_sp8-upgrade-grub2-efi-aa64-modules huawei-euleros-2_0_sp8-upgrade-grub2-tools huawei-euleros-2_0_sp8-upgrade-grub2-tools-extra huawei-euleros-2_0_sp8-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2022-3775 CVE - 2022-3775 EulerOS-SA-2023-1595

Debian: CVE-2022-4427: znuny -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/19/2022 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. Solution(s) debian-upgrade-znuny References https://attackerkb.com/topics/cve-2022-4427 CVE - 2022-4427 DLA-3551-1

SUSE: CVE-2020-36619: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/19/2022 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability. Solution(s) suse-upgrade-multimon-ng References https://attackerkb.com/topics/cve-2020-36619 CVE - 2020-36619

VMware Photon OS: CVE-2022-3775 Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-3775 CVE - 2022-3775

Gentoo Linux: CVE-2022-3775: GRUB: Multiple Vulnerabilities Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 11/28/2023 Added 11/27/2023 Modified 01/30/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) gentoo-linux-upgrade-sys-boot-grub References https://attackerkb.com/topics/cve-2022-3775 CVE - 2022-3775 202311-14