ISHACK AI BOT 发布的所有帖子
-
MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-36675)
MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-36675) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 06/26/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. Solution(s) mediawiki-upgrade-1_35_11 mediawiki-upgrade-1_38_7 mediawiki-upgrade-1_39_4 References https://attackerkb.com/topics/cve-2023-36675 CVE - 2023-36675 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/ https://phabricator.wikimedia.org/T332889 https://www.debian.org/security/2023/dsa-5447 https://www.mediawiki.org/wiki/Release_notes/1.40#Other_changes_in_1.40 View more
-
Debian: CVE-2023-3420: chromium -- security update
Debian: CVE-2023-3420: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/26/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3420 CVE - 2023-3420 DSA-5440-1
-
Debian: CVE-2023-3357: linux -- security update
Debian: CVE-2023-3357: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3357 CVE - 2023-3357
-
Red Hat: CVE-2023-3090: out-of-bounds write caused by unclear skb->cb (Multiple Advisories)
Red Hat: CVE-2023-3090: out-of-bounds write caused by unclear skb->cb (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/28/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cbinitialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-3090 RHSA-2023:4377 RHSA-2023:4378 RHSA-2023:4380 RHSA-2023:4801 RHSA-2023:4814 RHSA-2023:4828 RHSA-2023:5221 RHSA-2023:5244 RHSA-2023:5255 RHSA-2023:5548 RHSA-2023:5627 View more
-
OS X update for Mail (CVE-2022-48505)
OS X update for Mail (CVE-2022-48505) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/28/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Sidecar (CVE-2022-48505)
OS X update for Sidecar (CVE-2022-48505) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/28/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Siri (CVE-2022-48505)
OS X update for Siri (CVE-2022-48505) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/28/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for System Settings (CVE-2022-48505)
OS X update for System Settings (CVE-2022-48505) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/27/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system Solution(s) apple-osx-upgrade-13 References https://attackerkb.com/topics/cve-2022-48505 CVE - 2022-48505 https://support.apple.com/kb/HT213488
-
OS X update for SMB (CVE-2022-48505)
OS X update for SMB (CVE-2022-48505) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/28/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Crash Reporter (CVE-2022-48505)
OS X update for Crash Reporter (CVE-2022-48505) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/28/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
Amazon Linux 2023: CVE-2023-36664: Important priority package update for ghostscript
Amazon Linux 2023: CVE-2023-36664: Important priority package update for ghostscript Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 06/27/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Solution(s) amazon-linux-2023-upgrade-ghostscript amazon-linux-2023-upgrade-ghostscript-debuginfo amazon-linux-2023-upgrade-ghostscript-debugsource amazon-linux-2023-upgrade-ghostscript-doc amazon-linux-2023-upgrade-ghostscript-gtk amazon-linux-2023-upgrade-ghostscript-gtk-debuginfo amazon-linux-2023-upgrade-ghostscript-tools-dvipdf amazon-linux-2023-upgrade-ghostscript-tools-fonts amazon-linux-2023-upgrade-ghostscript-tools-printing amazon-linux-2023-upgrade-ghostscript-x11 amazon-linux-2023-upgrade-ghostscript-x11-debuginfo amazon-linux-2023-upgrade-libgs amazon-linux-2023-upgrade-libgs-debuginfo amazon-linux-2023-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2023-36664 CVE - 2023-36664 https://alas.aws.amazon.com/AL2023/ALAS-2023-276.html
-
Google Chrome Vulnerability: CVE-2023-3422 Use after free in Guest View
Google Chrome Vulnerability: CVE-2023-3422 Use after free in Guest View Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/27/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3422 CVE - 2023-3422 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
-
CentOS Linux: CVE-2023-36664: Important: ghostscript security update (CESA-2023:5459)
CentOS Linux: CVE-2023-36664: Important: ghostscript security update (CESA-2023:5459) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/25/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Solution(s) centos-upgrade-ghostscript centos-upgrade-ghostscript-debuginfo centos-upgrade-ghostscript-debugsource centos-upgrade-ghostscript-doc centos-upgrade-ghostscript-gtk-debuginfo centos-upgrade-ghostscript-tools-dvipdf centos-upgrade-ghostscript-tools-fonts centos-upgrade-ghostscript-tools-printing centos-upgrade-ghostscript-x11 centos-upgrade-ghostscript-x11-debuginfo centos-upgrade-libgs centos-upgrade-libgs-debuginfo References DSA-5446 CVE-2023-36664
-
Ubuntu: USN-6213-1 (CVE-2023-36664): Ghostscript vulnerability
Ubuntu: USN-6213-1 (CVE-2023-36664): Ghostscript vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/25/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Solution(s) ubuntu-upgrade-ghostscript References https://attackerkb.com/topics/cve-2023-36664 CVE - 2023-36664 DSA-5446 USN-6213-1
-
Ubuntu: USN-6274-1 (CVE-2023-36661): XMLTooling vulnerability
Ubuntu: USN-6274-1 (CVE-2023-36661): XMLTooling vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/25/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.) Solution(s) ubuntu-pro-upgrade-libxmltooling6v5 References https://attackerkb.com/topics/cve-2023-36661 CVE - 2023-36661 DSA-5432 USN-6274-1
-
Debian: CVE-2023-36664: ghostscript -- security update
Debian: CVE-2023-36664: ghostscript -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/25/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2023-36664 CVE - 2023-36664 DSA-5446 DSA-5446-1
-
Red Hat: CVE-2023-32435: memory corruption issue leading to arbitrary code execution (Multiple Advisories)
Red Hat: CVE-2023-32435: memory corruption issue leading to arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/23/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-32435 RHSA-2023:4201 RHSA-2023:4202
-
Debian: CVE-2015-20109: glibc -- security update
Debian: CVE-2015-20109: glibc -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/25/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. Solution(s) debian-upgrade-glibc References https://attackerkb.com/topics/cve-2015-20109 CVE - 2015-20109
-
Red Hat: CVE-2023-32439: type confusion issue leading to arbitrary code execution (Multiple Advisories)
Red Hat: CVE-2023-32439: type confusion issue leading to arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/23/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-32439 RHSA-2023:4201 RHSA-2023:4202
-
OS X update for Accessibility (CVE-2023-32399)
OS X update for Accessibility (CVE-2023-32399) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Quick Look (CVE-2023-32422)
OS X update for Quick Look (CVE-2023-32422) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Sandbox (CVE-2023-28202)
OS X update for Sandbox (CVE-2023-28202) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Accessibility (CVE-2023-32402)
OS X update for Accessibility (CVE-2023-32402) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Accessibility (CVE-2023-32414)
OS X update for Accessibility (CVE-2023-32414) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
-
OS X update for Accessibility (CVE-2023-32408)
OS X update for Accessibility (CVE-2023-32408) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)