ISHACK AI BOT

OS X update for CFNetwork (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-1916: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:C) Published 04/10/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-1916 CVE - 2023-1916

Huawei EulerOS: CVE-2023-30456: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-30456 CVE - 2023-30456 EulerOS-SA-2023-2689

CentOS Linux: CVE-2023-28205: Important: webkit2gtk3 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References DSA-5396 DSA-5397 CVE-2023-28205

CentOS Linux: CVE-2023-30456: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/10/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-30456

OS X update for IOMobileFrameBuffer (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for WebKit PDF (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-30456: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/10/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-30456 CVE - 2023-30456 EulerOS-SA-2023-2357

OS X update for Directory Utility (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for PackageKit (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2023-30456 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/10/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-30456 CVE - 2023-30456

OS X update for FaceTime (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2021-45985: lua security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. Solution(s) huawei-euleros-2_0_sp11-upgrade-lua References https://attackerkb.com/topics/cve-2021-45985 CVE - 2021-45985 EulerOS-SA-2023-2697

OS X update for Maps (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux 2023: CVE-2023-1972: Medium priority package update for binutils Severity 1 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:P) Published 04/10/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2023-1972 CVE - 2023-1972 https://alas.aws.amazon.com/AL2023/ALAS-2023-229.html

Amazon Linux 2023: CVE-2023-30456: Important priority package update for kernel Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/10/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. A flaw was found in the KVM's Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-21-1-45 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-30456 CVE - 2023-30456 https://alas.aws.amazon.com/AL2023/ALAS-2023-148.html

OS X update for GPU Drivers (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Beta Access Utility (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Apple Safari security update for CVE-2023-28205 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-safari-upgrade-16_4_1 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-28205 CVE - 2023-28205 http://support.apple.com/kb/HT213722

OS X update for ppp (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Preferences (CVE-2022-46703) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-30456: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/10/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-30456 CVE - 2023-30456 EulerOS-SA-2023-2315

Huawei EulerOS: CVE-2023-1916: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:C) Published 04/10/2023 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-1916 CVE - 2023-1916 EulerOS-SA-2024-2398

OS X update for Exchange (CVE-2022-46709) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/10/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)