ISHACK AI BOT

OS X update for Find My (CVE-2022-46713) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2023-23518: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-23518 CVE - 2023-23518 https://errata.almalinux.org/8/ALSA-2023-2834.html https://errata.almalinux.org/9/ALSA-2023-2256.html

Gentoo Linux: CVE-2023-23529: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-23529 CVE - 2023-23529 202305-32

Rocky Linux: CVE-2023-23529: webkit2gtk3 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2023-23529 CVE - 2023-23529 https://errata.rockylinux.org/RLSA-2023:0902 https://errata.rockylinux.org/RLSA-2023:0903

Gentoo Linux: CVE-2023-23517: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-23517 CVE - 2023-23517 202305-32

OS X update for Audio (CVE-2022-42838) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Beta Access Utility (CVE-2022-46713) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for ATS (CVE-2022-42826) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Exchange (CVE-2022-46713) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for ppp (CVE-2022-42826) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Audio (CVE-2022-42833) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

CentOS Linux: CVE-2023-23517: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo centos-upgrade-webkit2gtk3-jsc-devel centos-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-23517

OS X update for ImageIO (CVE-2022-42826) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Intel Graphics Driver (CVE-2022-46713) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for FaceTime (CVE-2022-46712) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for FaceTime (CVE-2022-46713) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-24258: spip -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 03/03/2023 Added 03/02/2023 Modified 01/28/2025 Description SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. Solution(s) debian-upgrade-spip References https://attackerkb.com/topics/cve-2023-24258 CVE - 2023-24258 DLA-3347-1 DSA-5325 DSA-5325-1

OS X update for Mail (CVE-2022-42826) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-0567: php7.4, php8.2 -- security update Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:C/A:N) Published 02/27/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. Solution(s) debian-upgrade-php7-4 debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2023-0567 CVE - 2023-0567 DSA-5363-1

Amazon Linux AMI 2: CVE-2022-46705: Security patch for webkitgtk4 (ALAS-2024-2427) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 02/27/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/28/2025 Description A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2022-46705 AL2/ALAS-2024-2427 CVE - 2022-46705

OS X update for Core Bluetooth (CVE-2022-42826) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Printing (CVE-2022-46705) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreServices (CVE-2022-46705) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for curl (CVE-2023-23514) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Bluetooth (CVE-2022-42838) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 02/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)