ISHACK AI BOT

OS X update for BOM (CVE-2023-40429) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Progress WS_FTP Server: CVE-2023-42657: Improper Limitation of a Pathname to a Restricted Directory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 09/27/2023 Created 09/30/2023 Added 09/29/2023 Modified 10/02/2023 Description In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. Solution(s) progress-wsftp-sep-2023-critical-advisory References https://attackerkb.com/topics/cve-2023-42657 CVE - 2023-42657 https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

OS X update for ColorSync (CVE-2023-38586) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Bluetooth (CVE-2023-40455) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Progress WS_FTP Server: CVE-2022-27665: Cross-site Scripting Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 09/30/2023 Added 09/29/2023 Modified 10/05/2023 Description Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. Solution(s) progress-wsftp-sep-2023-critical-advisory References https://attackerkb.com/topics/cve-2022-27665 CVE - 2022-27665 https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

Red Hat JBoss EAP: Unspecified Security Vulnerability (CVE-2023-3223) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 10/04/2023 Added 10/03/2023 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Model I/O (CVE-2023-40386) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for NetFSFramework (CVE-2023-41078) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Passkeys (CVE-2023-35990) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for libxslt (CVE-2023-35074) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for libxslt (CVE-2023-37448) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Music (CVE-2023-40455) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Model I/O (CVE-2023-37448) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Messages (CVE-2023-40452) Severity 6 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Notes (CVE-2023-41979) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for libxslt (CVE-2023-41979) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for NetFSFramework (CVE-2023-41996) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Maps (CVE-2023-37448) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AuthKit (CVE-2023-32421) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Airport (CVE-2023-32361) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Messages (CVE-2023-39434) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Progress WS_FTP Server: CVE-2023-40046: SQL Injection Severity 7 CVSS (AV:N/AC:L/Au:M/C:C/I:P/A:P) Published 09/27/2023 Created 09/30/2023 Added 09/29/2023 Modified 10/02/2023 Description In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. Solution(s) progress-wsftp-sep-2023-critical-advisory References https://attackerkb.com/topics/cve-2023-40046 CVE - 2023-40046 https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

OS X update for Calendar (CVE-2023-40403) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleMobileFileIntegrity (CVE-2023-40395) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Calendar (CVE-2023-40422) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)