ISHACK AI BOT

OS X update for Clock (CVE-2023-35074) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AuthKit (CVE-2023-40427) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for NetFSFramework (CVE-2023-40386) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2023-40403) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Power Management (CVE-2023-35074) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2023-40454) Severity 6 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Data (CVE-2023-41078) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Data (CVE-2023-40386) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Data (CVE-2023-41968) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2023-38586) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreMedia (CVE-2023-41995) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Printing (CVE-2023-40452) Severity 6 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2023-40455) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2023-41995) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Graphics Drivers (CVE-2023-40454) Severity 6 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2023-39434) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for TCC (CVE-2023-41066) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Power Management (CVE-2023-35990) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Airport (CVE-2023-40388) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Cisco XE: CVE-2023-20109: Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability Severity 7 CVSS (AV:N/AC:H/Au:M/C:C/I:C/A:C) Published 09/27/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/22/2025 Description A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2023-20109 CVE - 2023-20109 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx cisco-sa-getvpn-rce-g8qR68sx

Cisco XE: CVE-2023-20033: Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 09/28/2023 Added 09/28/2023 Modified 02/13/2025 Description A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2023-20033 CVE - 2023-20033 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat3k-dos-ZZA4Gb3r cisco-sa-cat3k-dos-ZZA4Gb3r

Amazon Linux AMI: CVE-2023-39192: Security patch for kernel (ALAS-2023-1838) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 09/27/2023 Created 10/18/2023 Added 10/17/2023 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1838 CVE-2023-39192

Rocky Linux: CVE-2023-5157: mariadb-10.5 (RLSA-2023-5683) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux 2023: CVE-2024-0641: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-59-84-139 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-0641 CVE - 2024-0641 https://alas.aws.amazon.com/AL2023/ALAS-2023-422.html

Amazon Linux AMI: CVE-2023-41175: Security patch for libtiff (ALAS-2023-1839) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1839 CVE-2023-41175