ISHACK AI BOT

Gentoo Linux: CVE-2023-1668: Open vSwitch: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:C) Published 04/10/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. Solution(s) gentoo-linux-upgrade-net-misc-openvswitch References https://attackerkb.com/topics/cve-2023-1668 CVE - 2023-1668 202311-16

OS X update for CoreTypes (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreServices (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreServices (CVE-2022-46716) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Boot Camp (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Mail (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Notes (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOMobileFrameBuffer (CVE-2022-46716) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for iCloud Photo Library (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Model I/O (CVE-2023-1916) Severity 5 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:C) Published 04/10/2023 Created 12/23/2023 Added 12/22/2023 Modified 01/28/2025 Description A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. Solution(s) apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-1916 CVE - 2023-1916 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844

OS X update for Siri (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Wi-Fi (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges Solution(s) apple-osx-upgrade-13 References https://attackerkb.com/topics/cve-2022-46709 CVE - 2022-46709 https://support.apple.com/kb/HT213488

SUSE: CVE-2023-28205: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 05/05/2023 Added 04/28/2023 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libjavascriptcoregtk-4_0-18-32bit suse-upgrade-libjavascriptcoregtk-4_1-0 suse-upgrade-libjavascriptcoregtk-4_1-0-32bit suse-upgrade-libjavascriptcoregtk-5_0-0 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk-4_0-37-32bit suse-upgrade-libwebkit2gtk-4_1-0 suse-upgrade-libwebkit2gtk-4_1-0-32bit suse-upgrade-libwebkit2gtk-5_0-0 suse-upgrade-libwebkit2gtk3-lang suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-javascriptcore-4_1 suse-upgrade-typelib-1_0-javascriptcore-5_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2-4_1 suse-upgrade-typelib-1_0-webkit2-5_0 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_1 suse-upgrade-typelib-1_0-webkit2webextension-5_0 suse-upgrade-webkit-jsc-4 suse-upgrade-webkit-jsc-4-1 suse-upgrade-webkit-jsc-5-0 suse-upgrade-webkit2gtk-4-0-lang suse-upgrade-webkit2gtk-4-1-lang suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk-4_1-injected-bundles suse-upgrade-webkit2gtk-5-0-lang suse-upgrade-webkit2gtk-5_0-injected-bundles suse-upgrade-webkit2gtk3-devel suse-upgrade-webkit2gtk3-minibrowser suse-upgrade-webkit2gtk3-soup2-devel suse-upgrade-webkit2gtk3-soup2-minibrowser suse-upgrade-webkit2gtk4-devel suse-upgrade-webkit2gtk4-minibrowser References https://attackerkb.com/topics/cve-2023-28205 CVE - 2023-28205

OS X update for Bluetooth (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Boot Camp (CVE-2022-46716) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AVEVideoEncoder (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Sidecar (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2023-28205: use-after-free leads to arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-28205 RHSA-2023:1918 RHSA-2023:1919

Oracle Linux: CVE-2023-30456: ELSA-2023-12394: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/10/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/23/2025 Description An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. A flaw was found in the KVM's Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-30456 CVE - 2023-30456 ELSA-2023-12394 ELSA-2023-12339 ELSA-2023-7077 ELSA-2023-12413 ELSA-2023-6583 ELSA-2023-12412 View more

OS X update for dyld (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for iTunes Store (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for iTunes Store (CVE-2022-46716) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat JBoss EAP: Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-2023-1108) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/10/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Photos (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for BOM (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)