ISHACK AI BOT

OS X update for Model I/O (CVE-2023-27932) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2022-46708) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2023-27944) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 12/23/2023 Added 12/22/2023 Modified 01/28/2025 Description This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27944 CVE - 2023-27944 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677 https://support.apple.com/kb/HT213843

OS X update for libc (CVE-2023-27954) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2023-28182) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 05/08/2023 Created 12/23/2023 Added 12/22/2023 Modified 01/28/2025 Description The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28182 CVE - 2023-28182 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677 https://support.apple.com/kb/HT213843

OS X update for libc (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 12/23/2023 Added 12/22/2023 Modified 01/28/2025 Description A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28192 CVE - 2023-28192 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677 https://support.apple.com/kb/HT213843

OS X update for libc (CVE-2023-28189) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for libc (CVE-2023-23533) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Foundation (CVE-2023-27943) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Foundation (CVE-2023-28200) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for ImageIO (CVE-2023-23525) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

CentOS Linux: CVE-2023-2513: Important: kernel-rt security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/08/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-2513

OS X update for libpthread (CVE-2023-27942) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-27928) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Intel Graphics Driver (CVE-2022-42857) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for libpthread (CVE-2023-27932) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

CentOS Linux: CVE-2023-32233: Important: kpatch-patch security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/08/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-3_10_0-1160_88_1 centos-upgrade-kpatch-patch-3_10_0-1160_88_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_90_1 centos-upgrade-kpatch-patch-3_10_0-1160_90_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_92_1 centos-upgrade-kpatch-patch-3_10_0-1160_92_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_95_1 centos-upgrade-kpatch-patch-3_10_0-1160_95_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_99_1 centos-upgrade-kpatch-patch-3_10_0-1160_99_1-debuginfo References DSA-5402 CVE-2023-32233

OS X update for CoreCapture (CVE-2023-27944) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreServices (CVE-2023-27942) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreCapture (CVE-2023-27958) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

CentOS Linux: CVE-2023-27954: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-27954

CentOS Linux: CVE-2023-27932: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-27932

OS X update for CoreServices (CVE-2023-23525) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)