ISHACK AI BOT

OS X update for bootp (CVE-2023-40407) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Calendar (CVE-2023-39233) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleMobileFileIntegrity (CVE-2023-32396) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for BOM (CVE-2023-37448) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppSandbox (CVE-2023-40402) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2023-40443) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AMD (CVE-2023-40400) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Maps (CVE-2023-35990) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Model I/O (CVE-2023-41986) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2023-5197 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/26/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5197 CVE - 2023-5197

Alpine Linux: CVE-2023-42453: Vulnerability in Multiple Components Severity 3 CVSS (AV:N/AC:M/Au:S/C:N/I:P/A:N) Published 09/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) alpine-linux-upgrade-synapse References https://attackerkb.com/topics/cve-2023-42453 CVE - 2023-42453 https://security.alpinelinux.org/vuln/CVE-2023-42453

MFSA2023-43 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.3 (CVE-2023-5171) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-thunderbird-upgrade-115_3 References https://attackerkb.com/topics/cve-2023-5171 CVE - 2023-5171 http://www.mozilla.org/security/announce/2023/mfsa2023-43.html

Alpine Linux: CVE-2023-41335: Cleartext Storage of Sensitive Information Severity 2 CVSS (AV:L/AC:H/Au:M/C:P/I:P/A:N) Published 09/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) alpine-linux-upgrade-synapse References https://attackerkb.com/topics/cve-2023-41335 CVE - 2023-41335 https://security.alpinelinux.org/vuln/CVE-2023-41335

Oracle Linux: CVE-2023-46728: ELSA-2024-0046:squid:4 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/26/2023 Created 01/06/2024 Added 01/04/2024 Modified 01/07/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid&apos;s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid&apos;s Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests. Solution(s) oracle-linux-upgrade-libecap oracle-linux-upgrade-libecap-devel oracle-linux-upgrade-squid oracle-linux-upgrade-squid-migration-script oracle-linux-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-46728 CVE - 2023-46728 ELSA-2024-0046 ELSA-2024-1787 ELSA-2024-0071

MFSA2023-41 Firefox: Security Vulnerabilities fixed in Firefox 118 (CVE-2023-5175) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. Solution(s) mozilla-firefox-upgrade-118_0 References https://attackerkb.com/topics/cve-2023-5175 CVE - 2023-5175 http://www.mozilla.org/security/announce/2023/mfsa2023-41.html

MFSA2023-41 Firefox: Security Vulnerabilities fixed in Firefox 118 (CVE-2023-5172) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description A hashtablein the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. Solution(s) mozilla-firefox-upgrade-118_0 References https://attackerkb.com/topics/cve-2023-5172 CVE - 2023-5172 http://www.mozilla.org/security/announce/2023/mfsa2023-41.html

MFSA2023-42 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.3 (CVE-2023-5176) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-firefox-esr-upgrade-115_3 References https://attackerkb.com/topics/cve-2023-5176 CVE - 2023-5176 http://www.mozilla.org/security/announce/2023/mfsa2023-42.html

Amazon Linux 2023: CVE-2023-46728: Important priority package update for squid Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/26/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid&apos;s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid&apos;s Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests. Solution(s) amazon-linux-2023-upgrade-squid amazon-linux-2023-upgrade-squid-debuginfo amazon-linux-2023-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-46728 CVE - 2023-46728 https://alas.aws.amazon.com/AL2023/ALAS-2023-429.html

MFSA2023-41 Firefox: Security Vulnerabilities fixed in Firefox 118 (CVE-2023-5169) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-firefox-upgrade-118_0 References https://attackerkb.com/topics/cve-2023-5169 CVE - 2023-5169 http://www.mozilla.org/security/announce/2023/mfsa2023-41.html

MFSA2023-41 Firefox: Security Vulnerabilities fixed in Firefox 118 (CVE-2023-5168) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-firefox-upgrade-118_0 References https://attackerkb.com/topics/cve-2023-5168 CVE - 2023-5168 http://www.mozilla.org/security/announce/2023/mfsa2023-41.html

MFSA2023-42 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.3 (CVE-2023-5174) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-firefox-esr-upgrade-115_3 References https://attackerkb.com/topics/cve-2023-5174 CVE - 2023-5174 http://www.mozilla.org/security/announce/2023/mfsa2023-42.html

MFSA2023-42 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.3 (CVE-2023-5169) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-firefox-esr-upgrade-115_3 References https://attackerkb.com/topics/cve-2023-5169 CVE - 2023-5169 http://www.mozilla.org/security/announce/2023/mfsa2023-42.html

MFSA2023-41 Firefox: Security Vulnerabilities fixed in Firefox 118 (CVE-2023-5171) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-firefox-upgrade-118_0 References https://attackerkb.com/topics/cve-2023-5171 CVE - 2023-5171 http://www.mozilla.org/security/announce/2023/mfsa2023-41.html

MFSA2023-42 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.3 (CVE-2023-5168) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/26/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Solution(s) mozilla-firefox-esr-upgrade-115_3 References https://attackerkb.com/topics/cve-2023-5168 CVE - 2023-5168 http://www.mozilla.org/security/announce/2023/mfsa2023-42.html

OS X update for BOM (CVE-2023-38596) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)