ISHACK AI BOT

Huawei EulerOS: CVE-2023-42756: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 09/28/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-42756 CVE - 2023-42756 EulerOS-SA-2023-3275

OS X update for XProtectFramework (CVE-2023-41979) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41979 CVE - 2023-41979 https://support.apple.com/kb/HT213940

Amazon Linux 2023: CVE-2023-5090: Important priority package update for kernel Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 09/28/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-61-85-141 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-5090 CVE - 2023-5090 https://alas.aws.amazon.com/AL2023/ALAS-2023-430.html

OS X update for Kernel (CVE-2023-40429) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40429 CVE - 2023-40429 https://support.apple.com/kb/HT213940

OS X update for Kernel (CVE-2023-41995) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41995 CVE - 2023-41995 https://support.apple.com/kb/HT213940

Alpine Linux: CVE-2023-5217: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-libvpx alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-5217 CVE - 2023-5217 https://security.alpinelinux.org/vuln/CVE-2023-5217

OS X update for NetFSFramework (CVE-2023-40455) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40455 CVE - 2023-40455 https://support.apple.com/kb/HT213940

OS X update for FileProvider (CVE-2023-41980) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41980 CVE - 2023-41980 https://support.apple.com/kb/HT213940

FreeBSD: VID-6E0EBB4A-5E75-11EE-A365-001B217B3468 (CVE-2023-0989): Gitlab -- vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:S/C:C/I:N/A:N) Published 09/28/2023 Created 10/03/2023 Added 09/29/2023 Modified 01/28/2025 Description An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0989

OS X update for Screen Sharing (CVE-2023-41078) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41078 CVE - 2023-41078 https://support.apple.com/kb/HT213940

Gentoo Linux: CVE-2023-5187: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5187 CVE - 2023-5187 202401-34

OS X update for Safari (CVE-2023-40388) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40388 CVE - 2023-40388 https://support.apple.com/kb/HT213940

Gentoo Linux: CVE-2023-5217: libvpx: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/05/2023 Added 10/05/2023 Modified 01/28/2025 Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-media-libs-libvpx gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5217 CVE - 2023-5217 202310-04 202401-34

Gentoo Linux: CVE-2023-5186: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5186 CVE - 2023-5186 202401-34

OS X update for App Store (CVE-2023-40448) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40448 CVE - 2023-40448 https://support.apple.com/kb/HT213940

OS X update for Safari (CVE-2023-40417) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40417 CVE - 2023-40417 https://support.apple.com/kb/HT213940

Oracle Linux: CVE-2023-39434: ELSA-2023-6535:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. A use-after-free vulnerability was found in WebKitGTK. This issue could allow an attacker to cause memory corruption and execute Remote Code Execution. The victim needs to visit a malicious web page in order for a successful attack to be accomplished. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-39434 CVE - 2023-39434 ELSA-2023-6535 ELSA-2023-7055

Alma Linux: CVE-2023-5217: Important: libvpx security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-libvpx alma-upgrade-libvpx-devel alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5217 CVE - 2023-5217 https://errata.almalinux.org/8/ALSA-2023-5537.html https://errata.almalinux.org/9/ALSA-2023-5434.html https://errata.almalinux.org/9/ALSA-2023-5435.html https://errata.almalinux.org/9/ALSA-2023-5539.html

Rocky Linux: CVE-2023-5217: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Apple Neural Engine (CVE-2023-40399) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40399 CVE - 2023-40399 https://support.apple.com/kb/HT213940

Debian: CVE-2023-5217: Multiple Affected Packages Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium debian-upgrade-firefox-esr debian-upgrade-libvpx debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-5217 CVE - 2023-5217 DLA-3591-1 DSA-5508-1 DSA-5509-1 DSA-5510-1

OS X update for WebKit (CVE-2023-41074) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41074 CVE - 2023-41074 https://support.apple.com/kb/HT213940

OS X update for WebKit (CVE-2023-35074) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-35074 CVE - 2023-35074 https://support.apple.com/kb/HT213940

OS X update for Bluetooth (CVE-2023-40402) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40402 CVE - 2023-40402 https://support.apple.com/kb/HT213940

Debian: CVE-2023-5186: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5186 CVE - 2023-5186 DSA-5508-1