ISHACK AI BOT

OS X update for apache (CVE-2022-42857) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for Apple Neural Engine (CVE-2023-27953) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleAVD (CVE-2023-27946) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Mail (CVE-2023-27963) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Mail (CVE-2023-27944) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2023-2513: kernel: ext4: use-after-free in ext4_xattr_set_entry() (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/08/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/30/2025 Description A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-2513 RHSA-2023:2148 RHSA-2023:2458 RHSA-2023:6901 RHSA-2023:7077 RHSA-2024:0412

Alma Linux: CVE-2023-32233: Important: kernel security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/08/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2023-32233 CVE - 2023-32233 https://errata.almalinux.org/8/ALSA-2023-3349.html https://errata.almalinux.org/8/ALSA-2023-3350.html https://errata.almalinux.org/9/ALSA-2023-3708.html https://errata.almalinux.org/9/ALSA-2023-3723.html

OS X update for Apple Neural Engine (CVE-2023-27955) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Apple Neural Engine (CVE-2023-27951) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2023-27932: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-27932 CVE - 2023-27932 https://errata.almalinux.org/8/ALSA-2023-7055.html https://errata.almalinux.org/9/ALSA-2023-6535.html

OS X update for Apple Neural Engine (CVE-2023-27937) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for FaceTime (CVE-2023-27949) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for ImageIO (CVE-2023-23542) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2023-2513 Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/08/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2513 CVE - 2023-2513

OS X update for FaceTime (CVE-2023-27956) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Podcasts (CVE-2023-28201) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Gentoo Linux: CVE-2023-27932: WebKitGTK+: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/08/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-27932 CVE - 2023-27932 202305-32

OS X update for Printing (CVE-2022-42857) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for PackageKit (CVE-2023-23523) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Podcasts (CVE-2023-27944) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for PackageKit (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Podcasts (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/08/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-31047: Satellite-6.14 (RLSA-2023-6818) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/07/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. Solution(s) rocky-upgrade-libdb-cxx rocky-upgrade-libdb-cxx-debuginfo rocky-upgrade-libdb-debuginfo rocky-upgrade-libdb-debugsource rocky-upgrade-libdb-sql-debuginfo rocky-upgrade-libdb-sql-devel-debuginfo rocky-upgrade-libdb-utils-debuginfo References https://attackerkb.com/topics/cve-2023-31047 CVE - 2023-31047 https://errata.rockylinux.org/RLSA-2023:6818

SUSE: CVE-2023-31047: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/07/2023 Created 07/17/2023 Added 07/17/2023 Modified 01/28/2025 Description In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. Solution(s) suse-upgrade-python3-django References https://attackerkb.com/topics/cve-2023-31047 CVE - 2023-31047

Debian: CVE-2023-31047: python-django -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/07/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/30/2025 Description In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. Solution(s) debian-upgrade-python-django References https://attackerkb.com/topics/cve-2023-31047 CVE - 2023-31047 DLA-3415-1