ISHACK AI BOT

Ivanti EPMM/MobileIron Core: CVE-2023-35078: Authentication Bypass Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/25/2023 Created 07/26/2023 Added 07/26/2023 Modified 07/16/2024 Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. Solution(s) ivantiepmm-cve-2023-35078 References https://attackerkb.com/topics/cve-2023-35078 CVE - 2023-35078 https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability

Oracle Linux: CVE-2023-20593: ELSA-2023-12654:linux-firmware security update (CRITICAL) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/25/2023 Created 07/27/2023 Added 07/26/2023 Modified 01/07/2025 Description An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-20593 CVE - 2023-20593 ELSA-2023-12654 ELSA-2023-12692 ELSA-2023-5068 ELSA-2023-12656 ELSA-2023-12657 ELSA-2023-12836 ELSA-2023-12839 ELSA-2023-4819 ELSA-2023-12690 ELSA-2023-12689 ELSA-2023-12655 ELSA-2023-12691 View more

OS X update for Assets (CVE-2023-35983) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 07/25/2023 Created 07/25/2023 Added 07/25/2023 Modified 01/28/2025 Description This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-35983 CVE - 2023-35983 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

OS X update for Model I/O (CVE-2023-38421) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/25/2023 Created 07/25/2023 Added 07/25/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. Solution(s) apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38421 CVE - 2023-38421 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844

OS X update for Model I/O (CVE-2023-38258) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/25/2023 Created 07/25/2023 Added 07/25/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. Solution(s) apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38258 CVE - 2023-38258 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844

Ubuntu: USN-6842-1 (CVE-2023-39128): gdb vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/25/2023 Created 06/21/2024 Added 06/21/2024 Modified 01/28/2025 Description GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. Solution(s) ubuntu-pro-upgrade-gdb ubuntu-pro-upgrade-gdbserver References https://attackerkb.com/topics/cve-2023-39128 CVE - 2023-39128 USN-6842-1

Jenkins Advisory 2023-07-26: CVE-2023-3414: CVE-2023-3442: CSRF vulnerability and missing permission check in ServiceNow DevOps Plugin allow capturing credentials Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/27/2023 Created 07/27/2023 Added 07/27/2023 Modified 07/28/2023 Description A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server.No changes are required on your instances of the Now Platform. Solution(s) jenkins-lts-upgrade-2_401_3 jenkins-upgrade-2_416 References https://attackerkb.com/topics/cve-2023-3414 CVE - 2023-3414 CVE - 2023-3442 https://jenkins.io/security/advisory/2023-07-26/

Debian: CVE-2023-38595: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-38595 CVE - 2023-38595 DSA-5468-1

Debian: CVE-2023-38600: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-38600 CVE - 2023-38600 DSA-5468-1

Debian: CVE-2023-38597: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-38597 CVE - 2023-38597 DSA-5468-1

OS X update for WebKit (CVE-2023-38595) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38595 CVE - 2023-38595 https://support.apple.com/kb/HT213843

CentOS Linux: CVE-2023-38595: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-38595

OS X update for PackageKit (CVE-2023-38564) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/27/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38564 CVE - 2023-38564 https://support.apple.com/kb/HT213843

Red Hat: CVE-2023-32393: webkitgtk: arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-32393 RHSA-2023:6535 RHSA-2023:7055

CentOS Linux: CVE-2023-38572: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-38572

OS X update for MallocStackLogging (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Apple Neural Engine (CVE-2023-38580) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38580 CVE - 2023-38580 https://support.apple.com/kb/HT213843

Alma Linux: CVE-2023-38595: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38595 CVE - 2023-38595 https://errata.almalinux.org/8/ALSA-2023-7055.html https://errata.almalinux.org/9/ALSA-2023-6535.html

OS X update for NetworkExtension (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2023-3576: Security patch for compat-libtiff3, libtiff (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/27/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/30/2025 Description A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Solution(s) amazon-linux-ami-2-upgrade-compat-libtiff3 amazon-linux-ami-2-upgrade-compat-libtiff3-debuginfo amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-3576 AL2/ALAS-2023-2157 AL2/ALAS-2023-2158 CVE - 2023-3576

OS X update for Core Location (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-38611: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-38611 CVE - 2023-38611 DSA-5468-1

SUSE: CVE-2023-3735: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/26/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3735 CVE - 2023-3735

Amazon Linux AMI 2: CVE-2023-3773: Security patch for kernel (ALASKERNEL-5.15-2023-026) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 07/25/2023 Created 12/06/2023 Added 12/05/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-128-80-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-3773 AL2/ALASKERNEL-5.15-2023-026 CVE - 2023-3773

Amazon Linux AMI 2: CVE-2023-39130: Security patch for gdb (ALAS-2024-2685) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/25/2023 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. Solution(s) amazon-linux-ami-2-upgrade-gdb amazon-linux-ami-2-upgrade-gdb-debuginfo amazon-linux-ami-2-upgrade-gdb-doc amazon-linux-ami-2-upgrade-gdb-gdbserver References https://attackerkb.com/topics/cve-2023-39130 AL2/ALAS-2024-2685 CVE - 2023-39130