ISHACK AI BOT

Amazon Linux 2023: CVE-2023-48235: Low priority package update for vim Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo amazon-linux-2023-upgrade-xxd amazon-linux-2023-upgrade-xxd-debuginfo References https://attackerkb.com/topics/cve-2023-48235 CVE - 2023-48235 https://alas.aws.amazon.com/AL2023/ALAS-2023-447.html

Amazon Linux 2023: CVE-2023-48233: Low priority package update for vim Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo amazon-linux-2023-upgrade-xxd amazon-linux-2023-upgrade-xxd-debuginfo References https://attackerkb.com/topics/cve-2023-48233 CVE - 2023-48233 https://alas.aws.amazon.com/AL2023/ALAS-2023-447.html

Huawei EulerOS: CVE-2023-6121: kernel security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 06/01/2024 Added 05/31/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121 EulerOS-SA-2024-1764

Amazon Linux AMI 2: CVE-2023-48237: Security patch for vim (ALAS-2023-2353) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 12/06/2023 Added 12/05/2023 Modified 01/28/2025 Description Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 amazon-linux-ami-2-upgrade-xxd References https://attackerkb.com/topics/cve-2023-48237 AL2/ALAS-2023-2353 CVE - 2023-48237

Amazon Linux AMI 2: CVE-2023-48236: Security patch for vim (ALAS-2023-2353) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 12/06/2023 Added 12/05/2023 Modified 01/28/2025 Description Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 amazon-linux-ami-2-upgrade-xxd References https://attackerkb.com/topics/cve-2023-48236 AL2/ALAS-2023-2353 CVE - 2023-48236

Ubuntu: (Multiple Advisories) (CVE-2023-6121): Linux kernel (OEM) vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 02/17/2024 Added 02/16/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) ubuntu-upgrade-linux-image-4-15-0-1129-oracle ubuntu-upgrade-linux-image-4-15-0-1150-kvm ubuntu-upgrade-linux-image-4-15-0-1160-gcp ubuntu-upgrade-linux-image-4-15-0-1166-aws ubuntu-upgrade-linux-image-4-15-0-1175-azure ubuntu-upgrade-linux-image-4-15-0-223-generic ubuntu-upgrade-linux-image-4-15-0-223-lowlatency ubuntu-upgrade-linux-image-5-15-0-100-generic ubuntu-upgrade-linux-image-5-15-0-100-generic-64k ubuntu-upgrade-linux-image-5-15-0-100-generic-lpae ubuntu-upgrade-linux-image-5-15-0-100-lowlatency ubuntu-upgrade-linux-image-5-15-0-100-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1038-gkeop ubuntu-upgrade-linux-image-5-15-0-1046-nvidia ubuntu-upgrade-linux-image-5-15-0-1046-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1048-ibm ubuntu-upgrade-linux-image-5-15-0-1048-raspi ubuntu-upgrade-linux-image-5-15-0-1050-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1052-gke ubuntu-upgrade-linux-image-5-15-0-1052-kvm ubuntu-upgrade-linux-image-5-15-0-1053-gcp ubuntu-upgrade-linux-image-5-15-0-1053-oracle ubuntu-upgrade-linux-image-5-15-0-1056-aws ubuntu-upgrade-linux-image-5-15-0-1058-azure ubuntu-upgrade-linux-image-5-15-0-1058-azure-fde ubuntu-upgrade-linux-image-5-4-0-1032-iot ubuntu-upgrade-linux-image-5-4-0-1039-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1067-ibm ubuntu-upgrade-linux-image-5-4-0-1080-bluefield ubuntu-upgrade-linux-image-5-4-0-1087-gkeop ubuntu-upgrade-linux-image-5-4-0-1104-raspi ubuntu-upgrade-linux-image-5-4-0-1108-kvm ubuntu-upgrade-linux-image-5-4-0-1119-oracle ubuntu-upgrade-linux-image-5-4-0-1120-aws ubuntu-upgrade-linux-image-5-4-0-1124-gcp ubuntu-upgrade-linux-image-5-4-0-1126-azure ubuntu-upgrade-linux-image-5-4-0-173-generic ubuntu-upgrade-linux-image-5-4-0-173-generic-lpae ubuntu-upgrade-linux-image-5-4-0-173-lowlatency ubuntu-upgrade-linux-image-6-1-0-1033-oem ubuntu-upgrade-linux-image-6-5-0-1009-starfive ubuntu-upgrade-linux-image-6-5-0-1011-laptop ubuntu-upgrade-linux-image-6-5-0-1012-raspi ubuntu-upgrade-linux-image-6-5-0-1015-aws ubuntu-upgrade-linux-image-6-5-0-1015-gcp ubuntu-upgrade-linux-image-6-5-0-1016-azure ubuntu-upgrade-linux-image-6-5-0-1016-azure-fde ubuntu-upgrade-linux-image-6-5-0-1016-oem ubuntu-upgrade-linux-image-6-5-0-1018-oracle ubuntu-upgrade-linux-image-6-5-0-1018-oracle-64k ubuntu-upgrade-linux-image-6-5-0-25-generic ubuntu-upgrade-linux-image-6-5-0-25-generic-64k ubuntu-upgrade-linux-image-6-5-0-25-lowlatency ubuntu-upgrade-linux-image-6-5-0-25-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-laptop-23-10 ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121 USN-6639-1 USN-6680-1 USN-6680-2 USN-6680-3 USN-6681-1 USN-6681-2 USN-6681-3 USN-6681-4 USN-6686-1 USN-6686-2 USN-6686-3 USN-6686-4 USN-6686-5 USN-6701-1 USN-6701-2 USN-6701-3 USN-6701-4 USN-6705-1 USN-6716-1 View more

Ubuntu: (Multiple Advisories) (CVE-2023-6176): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 11/16/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/28/2025 Description A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1036-gkeop ubuntu-upgrade-linux-image-5-15-0-1044-nvidia ubuntu-upgrade-linux-image-5-15-0-1044-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1046-ibm ubuntu-upgrade-linux-image-5-15-0-1046-raspi ubuntu-upgrade-linux-image-5-15-0-1047-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1048-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1050-gke ubuntu-upgrade-linux-image-5-15-0-1050-kvm ubuntu-upgrade-linux-image-5-15-0-1051-gcp ubuntu-upgrade-linux-image-5-15-0-1051-oracle ubuntu-upgrade-linux-image-5-15-0-1053-aws ubuntu-upgrade-linux-image-5-15-0-1056-azure ubuntu-upgrade-linux-image-5-15-0-1056-azure-fde ubuntu-upgrade-linux-image-5-15-0-94-generic ubuntu-upgrade-linux-image-5-15-0-94-generic-64k ubuntu-upgrade-linux-image-5-15-0-94-generic-lpae ubuntu-upgrade-linux-image-5-15-0-94-lowlatency ubuntu-upgrade-linux-image-5-15-0-94-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1028-iot ubuntu-upgrade-linux-image-5-4-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1063-ibm ubuntu-upgrade-linux-image-5-4-0-1076-bluefield ubuntu-upgrade-linux-image-5-4-0-1083-gkeop ubuntu-upgrade-linux-image-5-4-0-1100-raspi ubuntu-upgrade-linux-image-5-4-0-1104-kvm ubuntu-upgrade-linux-image-5-4-0-1115-oracle ubuntu-upgrade-linux-image-5-4-0-1116-aws ubuntu-upgrade-linux-image-5-4-0-1120-gcp ubuntu-upgrade-linux-image-5-4-0-1121-azure ubuntu-upgrade-linux-image-5-4-0-169-generic ubuntu-upgrade-linux-image-5-4-0-169-generic-lpae ubuntu-upgrade-linux-image-5-4-0-169-lowlatency ubuntu-upgrade-linux-image-6-5-0-1007-starfive ubuntu-upgrade-linux-image-6-5-0-1009-laptop ubuntu-upgrade-linux-image-6-5-0-1010-raspi ubuntu-upgrade-linux-image-6-5-0-1013-aws ubuntu-upgrade-linux-image-6-5-0-1013-gcp ubuntu-upgrade-linux-image-6-5-0-1014-oem ubuntu-upgrade-linux-image-6-5-0-1015-azure ubuntu-upgrade-linux-image-6-5-0-1015-azure-fde ubuntu-upgrade-linux-image-6-5-0-1015-oracle ubuntu-upgrade-linux-image-6-5-0-17-generic ubuntu-upgrade-linux-image-6-5-0-17-generic-64k ubuntu-upgrade-linux-image-6-5-0-17-lowlatency ubuntu-upgrade-linux-image-6-5-0-17-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-laptop-23-10 ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-6176 CVE - 2023-6176 USN-6548-1 USN-6548-2 USN-6548-3 USN-6548-4 USN-6548-5 USN-6624-1 USN-6626-1 USN-6626-2 USN-6626-3 USN-6628-1 USN-6628-2 USN-6652-1 View more

VMware Photon OS: CVE-2023-6174 Severity 7 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-6174 CVE - 2023-6174

VMware Photon OS: CVE-2023-6176 Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-6176 CVE - 2023-6176

VMware Photon OS: CVE-2023-48234 Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-48234 CVE - 2023-48234

VMware Photon OS: CVE-2023-48233 Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-48233 CVE - 2023-48233

VMware Photon OS: CVE-2023-48237 Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-48237 CVE - 2023-48237

Ubuntu: USN-6557-1 (CVE-2023-48235): Vim vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-vim ubuntu-pro-upgrade-vim-athena ubuntu-pro-upgrade-vim-gtk ubuntu-pro-upgrade-vim-gtk3 ubuntu-pro-upgrade-vim-nox ubuntu-pro-upgrade-vim-tiny ubuntu-pro-upgrade-xxd References https://attackerkb.com/topics/cve-2023-48235 CVE - 2023-48235 USN-6557-1

Rocky Linux: CVE-2023-6121: kernel (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Huawei EulerOS: CVE-2023-48236: vim security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp8-upgrade-vim-common huawei-euleros-2_0_sp8-upgrade-vim-enhanced huawei-euleros-2_0_sp8-upgrade-vim-filesystem huawei-euleros-2_0_sp8-upgrade-vim-minimal huawei-euleros-2_0_sp8-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2023-48236 CVE - 2023-48236 EulerOS-SA-2024-1306

Alpine Linux: CVE-2023-48234: Integer Overflow or Wraparound Severity 2 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:P) Published 11/16/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-48234 CVE - 2023-48234 https://security.alpinelinux.org/vuln/CVE-2023-48234

Huawei EulerOS: CVE-2023-6121: kernel security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121 EulerOS-SA-2024-1337

Alpine Linux: CVE-2023-48236: Integer Overflow or Wraparound Severity 2 CVSS (AV:L/AC:M/Au:S/C:N/I:P/A:N) Published 11/16/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-48236 CVE - 2023-48236 https://security.alpinelinux.org/vuln/CVE-2023-48236

Alpine Linux: CVE-2023-48231: Use After Free Severity 3 CVSS (AV:L/AC:M/Au:S/C:N/I:P/A:P) Published 11/16/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/14/2024 Description Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-48231 CVE - 2023-48231 https://security.alpinelinux.org/vuln/CVE-2023-48231

Alpine Linux: CVE-2023-48235: Integer Overflow or Wraparound Severity 2 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:P) Published 11/16/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-48235 CVE - 2023-48235 https://security.alpinelinux.org/vuln/CVE-2023-48235

SUSE: CVE-2023-6121: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 01/18/2024 Added 01/17/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121

SUSE: CVE-2023-48237: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 03/08/2024 Added 03/07/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-48237 CVE - 2023-48237

SUSE: CVE-2023-5871: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. Solution(s) suse-upgrade-libnbd suse-upgrade-libnbd-bash-completion suse-upgrade-libnbd-devel suse-upgrade-libnbd0 suse-upgrade-nbdfuse suse-upgrade-python3-libnbd References https://attackerkb.com/topics/cve-2023-5871 CVE - 2023-5871

Debian: CVE-2023-6121: linux -- security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121 DSA-5594-1

Ubuntu: USN-6677-1 (CVE-2023-47471): libde265 vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/16/2023 Created 03/07/2024 Added 03/06/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. Solution(s) ubuntu-pro-upgrade-libde265-0 References https://attackerkb.com/topics/cve-2023-47471 CVE - 2023-47471 USN-6677-1