ISHACK AI BOT

OS X update for Core Data (CVE-2023-40400) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Screen Sharing (CVE-2023-35074) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Image (CVE-2023-41063) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-41979) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Data (CVE-2023-41995) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Data (CVE-2023-41979) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-41981) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-41063) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-40427) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-40388) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-41984) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-41986) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-35990) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-41995) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-37448) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-41996) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Cisco XE: CVE-2023-20202: Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability Severity 5 CVSS (AV:A/AC:H/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/22/2025 Description A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2023-20202 CVE - 2023-20202 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD cisco-sa-wlc-wncd-HFGMsfSD

Cisco XE: CVE-2023-20231: Cisco IOS XE Software Web UI Command Injection Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 09/27/2023 Created 09/28/2023 Added 09/28/2023 Modified 11/08/2024 Description A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2023-20231 CVE - 2023-20231 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy cisco-sa-webui-cmdij-FzZAeXAy

OS X update for IOAcceleratorFamily (CVE-2023-41074) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Cisco XE: CVE-2023-20187: Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 09/28/2023 Added 09/28/2023 Modified 11/08/2024 Description A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2023-20187 CVE - 2023-20187 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlre-H93FswRz cisco-sa-mlre-H93FswRz

Debian: CVE-2023-35074: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-35074 CVE - 2023-35074 DSA-5396-1

OS X update for IOAcceleratorFamily (CVE-2023-40443) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOAcceleratorFamily (CVE-2023-41070) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOAcceleratorFamily (CVE-2023-40455) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alpine Linux: CVE-2023-5176: Out-of-bounds Write Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-5176 CVE - 2023-5176 https://security.alpinelinux.org/vuln/CVE-2023-5176