ISHACK AI BOT

Amazon Linux AMI: CVE-2023-34241: Security patch for cups (ALAS-2023-1777) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/22/2023 Created 07/21/2023 Added 07/20/2023 Modified 01/28/2025 Description OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. Solution(s) amazon-linux-upgrade-cups References ALAS-2023-1777 CVE-2023-34241

OS X update for Kernel (CVE-2023-32434) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Solution(s) apple-osx-upgrade-11_7_8 apple-osx-upgrade-12_6_7 apple-osx-upgrade-13_4_1 References https://attackerkb.com/topics/cve-2023-32434 CVE - 2023-32434 https://support.apple.com/kb/HT213809 https://support.apple.com/kb/HT213810 https://support.apple.com/kb/HT213813

CVE-2023-2991: Remote hard drive serial number disclosure Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:N/A:N) Published 06/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 07/04/2023 Description The hard drive serial number of the server hosting a Globalscape EFT instance can be derived by requesting a TER ("trial extension request") identifier. Solution(s) globalscape-eft-cve-2023-2991 References https://attackerkb.com/topics/cve-2023-2991 CVE - 2023-2991 https://kb.globalscape.com/Knowledgebase/11589/Is-EFT-susceptible-to-the-Remotely-obtain-HDD-serial-number-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/

SUSE: CVE-2023-28204: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/22/2023 Created 06/23/2023 Added 06/23/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libjavascriptcoregtk-4_0-18-32bit suse-upgrade-libjavascriptcoregtk-4_1-0 suse-upgrade-libjavascriptcoregtk-4_1-0-32bit suse-upgrade-libjavascriptcoregtk-5_0-0 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk-4_0-37-32bit suse-upgrade-libwebkit2gtk-4_1-0 suse-upgrade-libwebkit2gtk-4_1-0-32bit suse-upgrade-libwebkit2gtk-5_0-0 suse-upgrade-libwebkit2gtk3-lang suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-javascriptcore-4_1 suse-upgrade-typelib-1_0-javascriptcore-5_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2-4_1 suse-upgrade-typelib-1_0-webkit2-5_0 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_1 suse-upgrade-typelib-1_0-webkit2webextension-5_0 suse-upgrade-webkit-jsc-4 suse-upgrade-webkit-jsc-4-1 suse-upgrade-webkit-jsc-5-0 suse-upgrade-webkit2gtk-4-0-lang suse-upgrade-webkit2gtk-4-1-lang suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk-4_1-injected-bundles suse-upgrade-webkit2gtk-5-0-lang suse-upgrade-webkit2gtk-5_0-injected-bundles suse-upgrade-webkit2gtk3-devel suse-upgrade-webkit2gtk3-minibrowser suse-upgrade-webkit2gtk3-soup2-devel suse-upgrade-webkit2gtk3-soup2-minibrowser suse-upgrade-webkit2gtk4-devel suse-upgrade-webkit2gtk4-minibrowser References https://attackerkb.com/topics/cve-2023-28204 CVE - 2023-28204

CVE-2023-2990: Denial of service due to recursive Deflate stream Severity 6 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 06/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 07/04/2023 Description Sending a recursively compressed packet (a "quine") to the administration port can crash EFT. Solution(s) globalscape-eft-upgrade-to-8-1-0-16 References https://attackerkb.com/topics/cve-2023-2990 CVE - 2023-2990 https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/

Amazon Linux 2023: CVE-2023-34241: Medium priority package update for cups Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately before the connection closed, resulting in a use-after-free in cupsdAcceptClient() in scheduler/client.c Solution(s) amazon-linux-2023-upgrade-cups amazon-linux-2023-upgrade-cups-client amazon-linux-2023-upgrade-cups-client-debuginfo amazon-linux-2023-upgrade-cups-debuginfo amazon-linux-2023-upgrade-cups-debugsource amazon-linux-2023-upgrade-cups-devel amazon-linux-2023-upgrade-cups-filesystem amazon-linux-2023-upgrade-cups-ipptool amazon-linux-2023-upgrade-cups-ipptool-debuginfo amazon-linux-2023-upgrade-cups-libs amazon-linux-2023-upgrade-cups-libs-debuginfo amazon-linux-2023-upgrade-cups-lpd amazon-linux-2023-upgrade-cups-lpd-debuginfo amazon-linux-2023-upgrade-cups-printerapp amazon-linux-2023-upgrade-cups-printerapp-debuginfo References https://attackerkb.com/topics/cve-2023-34241 CVE - 2023-34241 https://alas.aws.amazon.com/AL2023/ALAS-2023-235.html

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-35131) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 06/22/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. Solution(s) moodle-upgrade-3_11_15 moodle-upgrade-4_0_9 moodle-upgrade-4_1_4 References https://attackerkb.com/topics/cve-2023-35131 CVE - 2023-35131 https://bugzilla.redhat.com/show_bug.cgi?id=2214369 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/ https://moodle.org/mod/forum/discuss.php?d=447829

Moodle: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2023-35132) Severity 7 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:P) Published 06/22/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. Solution(s) moodle-upgrade-3_11_15 moodle-upgrade-3_9_22 moodle-upgrade-4_0_9 moodle-upgrade-4_1_4 References https://attackerkb.com/topics/cve-2023-35132 CVE - 2023-35132 https://bugzilla.redhat.com/show_bug.cgi?id=2214371 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/ https://moodle.org/mod/forum/discuss.php?d=447830

Gentoo Linux: CVE-2023-34241: CUPS: Multiple Vulnerabilities Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/22/2023 Created 02/20/2024 Added 02/19/2024 Modified 01/28/2025 Description OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. Solution(s) gentoo-linux-upgrade-net-print-cups References https://attackerkb.com/topics/cve-2023-34241 CVE - 2023-34241 202402-17

Moodle: Server-Side Request Forgery (SSRF) (CVE-2023-35133) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 06/22/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. Solution(s) moodle-upgrade-3_11_15 moodle-upgrade-3_9_22 moodle-upgrade-4_0_9 moodle-upgrade-4_1_4 References https://attackerkb.com/topics/cve-2023-35133 CVE - 2023-35133 https://bugzilla.redhat.com/show_bug.cgi?id=2214373 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/ https://moodle.org/mod/forum/discuss.php?d=447831

Oracle Linux: CVE-2023-3128: ELSA-2023-4030:grafana security update (CRITICAL) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 07/21/2023 Added 07/20/2023 Modified 12/01/2024 Description Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant AzureAD OAuth application. This may allow an attacker to gain complete control of the user's account, including access to private customer data and sensitive information. Solution(s) oracle-linux-upgrade-grafana References https://attackerkb.com/topics/cve-2023-3128 CVE - 2023-3128 ELSA-2023-4030 ELSA-2023-6972

Apple Safari security update for CVE-2022-48503 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. Solution(s) apple-safari-upgrade-15_6 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2022-48503 CVE - 2022-48503 http://support.apple.com/kb/HT213341

Huawei EulerOS: CVE-2023-34241: cups security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. Solution(s) huawei-euleros-2_0_sp10-upgrade-cups-libs References https://attackerkb.com/topics/cve-2023-34241 CVE - 2023-34241 EulerOS-SA-2023-2806

Alma Linux: CVE-2023-34241: Moderate: cups security and bug fix update (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/22/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. Solution(s) alma-upgrade-cups alma-upgrade-cups-client alma-upgrade-cups-devel alma-upgrade-cups-filesystem alma-upgrade-cups-ipptool alma-upgrade-cups-libs alma-upgrade-cups-lpd alma-upgrade-cups-printerapp References https://attackerkb.com/topics/cve-2023-34241 CVE - 2023-34241 https://errata.almalinux.org/8/ALSA-2023-7165.html https://errata.almalinux.org/9/ALSA-2023-6596.html

FreeBSD: VID-FDBE9AEC-118B-11EE-908A-6C3BE5272ACD (CVE-2023-3128): Grafana -- Account takeover / authentication bypass Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 06/27/2023 Added 06/25/2023 Modified 01/28/2025 Description Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. Solution(s) freebsd-upgrade-package-grafana freebsd-upgrade-package-grafana10 freebsd-upgrade-package-grafana8 freebsd-upgrade-package-grafana9 References CVE-2023-3128

Huawei EulerOS: CVE-2023-34241: cups security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. Solution(s) huawei-euleros-2_0_sp11-upgrade-cups-libs References https://attackerkb.com/topics/cve-2023-34241 CVE - 2023-34241 EulerOS-SA-2023-2856

FreeBSD: (Multiple Advisories) (CVE-2023-3326): FreeBSD -- Network authentication attack via pam_krb5 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 09/05/2023 Added 08/31/2023 Modified 01/28/2025 Description pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system. Solution(s) freebsd-upgrade-base-12_4-release-p3 freebsd-upgrade-base-12_4-release-p4 freebsd-upgrade-base-13_1-release-p8 freebsd-upgrade-base-13_1-release-p9 freebsd-upgrade-base-13_2-release-p1 freebsd-upgrade-base-13_2-release-p2 References CVE-2023-3326

OS X update for WebKit (CVE-2023-32435) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-32435 CVE - 2023-32435 https://support.apple.com/kb/HT213670

OS X update for Core Location (CVE-2023-32372) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32375) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32384) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32385) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32389) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32391) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:C/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32392) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)