ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-29537): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 04/12/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-29537 CVE - 2023-29537 USN-6010-1 USN-6010-2 USN-6010-3

SUSE: CVE-2023-1992: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/12/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-1992 CVE - 2023-1992 DSA-5429

Ubuntu: (Multiple Advisories) (CVE-2023-29540): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-29540 CVE - 2023-29540 USN-6010-1 USN-6010-2 USN-6010-3

OS X update for WebKit (CVE-2023-27932) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27932 CVE - 2023-27932 https://support.apple.com/kb/HT213670

OS X update for TCC (CVE-2023-27931) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-11_7_3 apple-osx-upgrade-12_6_3 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27931 CVE - 2023-27931 https://support.apple.com/kb/HT213603 https://support.apple.com/kb/HT213604 https://support.apple.com/kb/HT213670

Amazon Linux 2023: CVE-2023-2124: Important priority package update for kernel Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 04/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-25-37-47 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2124 CVE - 2023-2124 https://alas.aws.amazon.com/AL2023/ALAS-2023-169.html

OS X update for AMD (CVE-2023-27968) Severity 6 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:C) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27968 CVE - 2023-27968 https://support.apple.com/kb/HT213670

Amazon Linux 2023: CVE-2023-1993: Medium priority package update for wireshark Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 04/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-1993 CVE - 2023-1993 https://alas.aws.amazon.com/AL2023/ALAS-2023-199.html

Amazon Linux 2023: CVE-2023-29491: Important priority package update for ncurses Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) amazon-linux-2023-upgrade-ncurses amazon-linux-2023-upgrade-ncurses-base amazon-linux-2023-upgrade-ncurses-c-libs amazon-linux-2023-upgrade-ncurses-c-libs-debuginfo amazon-linux-2023-upgrade-ncurses-compat-libs amazon-linux-2023-upgrade-ncurses-compat-libs-debuginfo amazon-linux-2023-upgrade-ncurses-debuginfo amazon-linux-2023-upgrade-ncurses-debugsource amazon-linux-2023-upgrade-ncurses-devel amazon-linux-2023-upgrade-ncurses-libs amazon-linux-2023-upgrade-ncurses-libs-debuginfo amazon-linux-2023-upgrade-ncurses-static amazon-linux-2023-upgrade-ncurses-term References https://attackerkb.com/topics/cve-2023-29491 CVE - 2023-29491 https://alas.aws.amazon.com/AL2023/ALAS-2023-220.html

Amazon Linux 2023: CVE-2023-1992: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-1992 CVE - 2023-1992 https://alas.aws.amazon.com/AL2023/ALAS-2023-199.html

OS X update for FontParser (CVE-2023-27956) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27956 CVE - 2023-27956 https://support.apple.com/kb/HT213670

SUSE: CVE-2023-1829: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/12/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt suse-upgrade-suse-module-tools suse-upgrade-suse-module-tools-legacy References https://attackerkb.com/topics/cve-2023-1829 CVE - 2023-1829

SUSE: CVE-2023-1990: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 04/12/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-1990 CVE - 2023-1990

Oracle Linux: CVE-2023-1998: ELSA-2023-4377:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 04/12/2023 Created 08/04/2023 Added 08/03/2023 Modified 01/07/2025 Description The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes running on the same physical core in another hyperthread. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-1998 CVE - 2023-1998 ELSA-2023-4377 ELSA-2023-7077

OS X update for FaceTime (CVE-2023-28190) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28190 CVE - 2023-28190 https://support.apple.com/kb/HT213670

OS X update for Photos (CVE-2023-23523) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-23523 CVE - 2023-23523 https://support.apple.com/kb/HT213670

Amazon Linux AMI 2: CVE-2023-1993: Security patch for wireshark (ALAS-2023-2276) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/12/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file Solution(s) amazon-linux-ami-2-upgrade-wireshark amazon-linux-ami-2-upgrade-wireshark-cli amazon-linux-ami-2-upgrade-wireshark-debuginfo amazon-linux-ami-2-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-1993 AL2/ALAS-2023-2276 CVE - 2023-1993

OS X update for WebKit (CVE-2023-27954) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27954 CVE - 2023-27954 https://support.apple.com/kb/HT213670

OS X update for ImageIO (CVE-2023-27957) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/12/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27957 CVE - 2023-27957 https://support.apple.com/kb/HT213670

Ubuntu: (Multiple Advisories) (CVE-2023-1829): Linux kernel (OEM) vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/12/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1118-oracle ubuntu-upgrade-linux-image-4-15-0-1131-raspi2 ubuntu-upgrade-linux-image-4-15-0-1139-kvm ubuntu-upgrade-linux-image-4-15-0-1149-gcp ubuntu-upgrade-linux-image-4-15-0-1149-snapdragon ubuntu-upgrade-linux-image-4-15-0-1155-aws ubuntu-upgrade-linux-image-4-15-0-1164-azure ubuntu-upgrade-linux-image-4-15-0-210-generic ubuntu-upgrade-linux-image-4-15-0-210-generic-lpae ubuntu-upgrade-linux-image-4-15-0-210-lowlatency ubuntu-upgrade-linux-image-4-4-0-1118-aws ubuntu-upgrade-linux-image-4-4-0-1119-kvm ubuntu-upgrade-linux-image-4-4-0-1156-aws ubuntu-upgrade-linux-image-4-4-0-240-generic ubuntu-upgrade-linux-image-4-4-0-240-lowlatency ubuntu-upgrade-linux-image-5-15-0-1019-gkeop ubuntu-upgrade-linux-image-5-15-0-1028-raspi ubuntu-upgrade-linux-image-5-15-0-1028-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1029-ibm ubuntu-upgrade-linux-image-5-15-0-1030-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1032-gke ubuntu-upgrade-linux-image-5-15-0-1032-kvm ubuntu-upgrade-linux-image-5-15-0-1033-gcp ubuntu-upgrade-linux-image-5-15-0-1034-oracle ubuntu-upgrade-linux-image-5-15-0-1035-aws ubuntu-upgrade-linux-image-5-15-0-1037-azure ubuntu-upgrade-linux-image-5-15-0-1037-azure-fde ubuntu-upgrade-linux-image-5-15-0-71-generic ubuntu-upgrade-linux-image-5-15-0-71-generic-64k ubuntu-upgrade-linux-image-5-15-0-71-generic-lpae ubuntu-upgrade-linux-image-5-15-0-71-lowlatency ubuntu-upgrade-linux-image-5-15-0-71-lowlatency-64k ubuntu-upgrade-linux-image-5-17-0-1031-oem ubuntu-upgrade-linux-image-5-19-0-1017-raspi ubuntu-upgrade-linux-image-5-19-0-1017-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1021-ibm ubuntu-upgrade-linux-image-5-19-0-1022-gcp ubuntu-upgrade-linux-image-5-19-0-1022-kvm ubuntu-upgrade-linux-image-5-19-0-1022-oracle ubuntu-upgrade-linux-image-5-19-0-1023-lowlatency ubuntu-upgrade-linux-image-5-19-0-1023-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1024-aws ubuntu-upgrade-linux-image-5-19-0-1025-azure ubuntu-upgrade-linux-image-5-19-0-41-generic ubuntu-upgrade-linux-image-5-19-0-41-generic-64k ubuntu-upgrade-linux-image-5-19-0-41-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1017-iot ubuntu-upgrade-linux-image-5-4-0-1024-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1048-ibm ubuntu-upgrade-linux-image-5-4-0-1062-bluefield ubuntu-upgrade-linux-image-5-4-0-1068-gkeop ubuntu-upgrade-linux-image-5-4-0-1084-raspi ubuntu-upgrade-linux-image-5-4-0-1090-kvm ubuntu-upgrade-linux-image-5-4-0-1098-gke ubuntu-upgrade-linux-image-5-4-0-1100-oracle ubuntu-upgrade-linux-image-5-4-0-1101-aws ubuntu-upgrade-linux-image-5-4-0-1104-gcp ubuntu-upgrade-linux-image-5-4-0-1107-azure ubuntu-upgrade-linux-image-5-4-0-148-generic ubuntu-upgrade-linux-image-5-4-0-148-generic-lpae ubuntu-upgrade-linux-image-5-4-0-148-lowlatency ubuntu-upgrade-linux-image-6-0-0-1015-oem ubuntu-upgrade-linux-image-6-1-0-1009-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-18-04-edge ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04-edge ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-1829 CVE - 2023-1829 USN-6033-1 USN-6043-1 USN-6044-1 USN-6045-1 USN-6047-1 USN-6051-1 USN-6052-1 USN-6058-1 USN-6069-1 USN-6070-1 USN-6071-1 USN-6072-1 USN-6093-1 USN-6107-1 USN-6133-1 USN-6134-1 USN-6222-1 USN-6256-1 View more

Ubuntu: (Multiple Advisories) (CVE-2023-29547): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-29547 CVE - 2023-29547 USN-6010-1 USN-6010-2 USN-6010-3

Ubuntu: (Multiple Advisories) (CVE-2023-29549): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-29549 CVE - 2023-29549 USN-6010-1 USN-6010-2 USN-6010-3

VMware Photon OS: CVE-2023-1990 Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 04/12/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1990 CVE - 2023-1990

Ubuntu: (Multiple Advisories) (CVE-2023-29538): Firefox vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 04/12/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/30/2025 Description Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-29538 CVE - 2023-29538 USN-6010-1 USN-6010-2 USN-6010-3

Ubuntu: (Multiple Advisories) (CVE-2023-29536): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/12/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-libmozjs-102-0 ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29536 CVE - 2023-29536 USN-6010-1 USN-6010-2 USN-6010-3 USN-6015-1 USN-6120-1