ISHACK AI BOT

Red Hat: CVE-2023-30086: Heap buffer overflow in tiffcp() at tiffcp.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/09/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-30086 RHSA-2023:2340

Red Hat: CVE-2023-27954: webkitgtk: Website may be able to track sensitive user information (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-27954 RHSA-2023:6535 RHSA-2023:7055

OS X update for LaunchServices (CVE-2023-27954) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-30551: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/08/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds. Solution(s) suse-upgrade-rekor References https://attackerkb.com/topics/cve-2023-30551 CVE - 2023-30551

Red Hat: CVE-2023-27932: webkitgtk: Same Origin Policy bypass via crafted web content (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-27932 RHSA-2023:6535 RHSA-2023:7055

OS X update for libxml2 (CVE-2022-46708) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

Amazon Linux AMI: CVE-2023-32233: Security patch for kernel (ALAS-2023-1750) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/08/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1750 CVE-2023-32233

OS X update for Messages (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Messages (CVE-2023-27966) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Model I/O (CVE-2023-27931) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: (Multiple Advisories) (CVE-2023-32233): Linux kernel (OEM) vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/08/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1120-oracle ubuntu-upgrade-linux-image-4-15-0-1141-kvm ubuntu-upgrade-linux-image-4-15-0-1151-gcp ubuntu-upgrade-linux-image-4-15-0-1151-snapdragon ubuntu-upgrade-linux-image-4-15-0-1157-aws ubuntu-upgrade-linux-image-4-15-0-1166-azure ubuntu-upgrade-linux-image-4-15-0-212-generic ubuntu-upgrade-linux-image-4-15-0-212-generic-lpae ubuntu-upgrade-linux-image-4-15-0-212-lowlatency ubuntu-upgrade-linux-image-4-4-0-1119-aws ubuntu-upgrade-linux-image-4-4-0-1120-kvm ubuntu-upgrade-linux-image-4-4-0-1157-aws ubuntu-upgrade-linux-image-4-4-0-241-generic ubuntu-upgrade-linux-image-4-4-0-241-lowlatency ubuntu-upgrade-linux-image-5-15-0-1021-gkeop ubuntu-upgrade-linux-image-5-15-0-1030-raspi ubuntu-upgrade-linux-image-5-15-0-1030-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1031-ibm ubuntu-upgrade-linux-image-5-15-0-1031-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1034-gke ubuntu-upgrade-linux-image-5-15-0-1034-kvm ubuntu-upgrade-linux-image-5-15-0-1035-gcp ubuntu-upgrade-linux-image-5-15-0-1036-oracle ubuntu-upgrade-linux-image-5-15-0-1037-aws ubuntu-upgrade-linux-image-5-15-0-1039-azure ubuntu-upgrade-linux-image-5-15-0-1039-azure-fde ubuntu-upgrade-linux-image-5-15-0-73-generic ubuntu-upgrade-linux-image-5-15-0-73-generic-64k ubuntu-upgrade-linux-image-5-15-0-73-generic-lpae ubuntu-upgrade-linux-image-5-15-0-73-lowlatency ubuntu-upgrade-linux-image-5-15-0-73-lowlatency-64k ubuntu-upgrade-linux-image-5-17-0-1032-oem ubuntu-upgrade-linux-image-5-19-0-1019-raspi ubuntu-upgrade-linux-image-5-19-0-1019-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1023-ibm ubuntu-upgrade-linux-image-5-19-0-1024-kvm ubuntu-upgrade-linux-image-5-19-0-1024-oracle ubuntu-upgrade-linux-image-5-19-0-1025-gcp ubuntu-upgrade-linux-image-5-19-0-1025-lowlatency ubuntu-upgrade-linux-image-5-19-0-1025-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1026-aws ubuntu-upgrade-linux-image-5-19-0-1027-azure ubuntu-upgrade-linux-image-5-19-0-43-generic ubuntu-upgrade-linux-image-5-19-0-43-generic-64k ubuntu-upgrade-linux-image-5-19-0-43-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1017-iot ubuntu-upgrade-linux-image-5-4-0-1024-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1050-ibm ubuntu-upgrade-linux-image-5-4-0-1064-bluefield ubuntu-upgrade-linux-image-5-4-0-1070-gkeop ubuntu-upgrade-linux-image-5-4-0-1086-raspi ubuntu-upgrade-linux-image-5-4-0-1092-kvm ubuntu-upgrade-linux-image-5-4-0-1100-gke ubuntu-upgrade-linux-image-5-4-0-1102-oracle ubuntu-upgrade-linux-image-5-4-0-1103-aws ubuntu-upgrade-linux-image-5-4-0-1106-gcp ubuntu-upgrade-linux-image-5-4-0-1109-azure ubuntu-upgrade-linux-image-5-4-0-150-generic ubuntu-upgrade-linux-image-5-4-0-150-generic-lpae ubuntu-upgrade-linux-image-5-4-0-150-lowlatency ubuntu-upgrade-linux-image-6-0-0-1017-oem ubuntu-upgrade-linux-image-6-1-0-1013-oem ubuntu-upgrade-linux-image-6-2-0-1003-ibm ubuntu-upgrade-linux-image-6-2-0-1005-aws ubuntu-upgrade-linux-image-6-2-0-1005-azure ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1005-oracle ubuntu-upgrade-linux-image-6-2-0-1006-kvm ubuntu-upgrade-linux-image-6-2-0-1006-raspi ubuntu-upgrade-linux-image-6-2-0-1006-raspi-nolpae ubuntu-upgrade-linux-image-6-2-0-1007-gcp ubuntu-upgrade-linux-image-6-2-0-23-generic ubuntu-upgrade-linux-image-6-2-0-23-generic-64k ubuntu-upgrade-linux-image-6-2-0-23-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-32233 CVE - 2023-32233 DSA-5402 USN-6122-1 USN-6123-1 USN-6124-1 USN-6127-1 USN-6130-1 USN-6131-1 USN-6132-1 USN-6135-1 USN-6149-1 USN-6150-1 USN-6162-1 USN-6175-1 USN-6186-1 USN-6222-1 USN-6256-1 View more

OS X update for CoreCapture (CVE-2023-27969) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-28178) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-27963) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-27962) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-27957) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-27954) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-27953) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleAVD (CVE-2022-32885) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for PackageKit (CVE-2023-27944) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for PackageKit (CVE-2023-23533) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleMobileFileIntegrity (CVE-2023-28190) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleMobileFileIntegrity (CVE-2023-28181) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Photos (CVE-2023-28201) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Photos (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)