ISHACK AI BOT

Ubuntu: USN-5797-1 (CVE-2022-42867): WebKitGTK vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 01/13/2023 Added 01/10/2023 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-5-0-0 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkit2gtk-5-0-0 References https://attackerkb.com/topics/cve-2022-42867 CVE - 2022-42867 CVE-2022-42867 USN-5797-1

OS X update for Accounts (CVE-2022-42867) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOHIDFamily (CVE-2022-46690) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOHIDFamily (CVE-2022-46699) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOHIDFamily (CVE-2022-32943) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for iTunes Store (CVE-2022-42863) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOHIDFamily (CVE-2022-42863) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOHIDFamily (CVE-2022-42855) Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:N) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for iTunes Store (CVE-2022-42867) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOMobileFrameBuffer (CVE-2022-32943) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOMobileFrameBuffer (CVE-2022-42867) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOMobileFrameBuffer (CVE-2022-46692) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2022-46698: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/15/2022 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2022-46698 CVE - 2022-46698 https://errata.almalinux.org/8/ALSA-2023-2834.html https://errata.almalinux.org/9/ALSA-2023-2256.html

Alma Linux: CVE-2022-46699: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2022-46699 CVE - 2022-46699 https://errata.almalinux.org/8/ALSA-2023-2834.html https://errata.almalinux.org/9/ALSA-2023-2256.html

Alma Linux: CVE-2022-46872: Important: firefox security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/15/2022 Created 12/20/2022 Added 12/19/2022 Modified 01/28/2025 Description An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46872 CVE - 2022-46872 https://errata.almalinux.org/8/ALSA-2022-9067.html https://errata.almalinux.org/8/ALSA-2022-9074.html https://errata.almalinux.org/9/ALSA-2022-9065.html https://errata.almalinux.org/9/ALSA-2022-9080.html

Alma Linux: CVE-2022-42852: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/15/2022 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2022-42852 CVE - 2022-42852 https://errata.almalinux.org/8/ALSA-2023-2834.html https://errata.almalinux.org/9/ALSA-2023-2256.html

Alma Linux: CVE-2022-46874: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 12/20/2022 Added 12/19/2022 Modified 01/28/2025 Description A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46874 CVE - 2022-46874 https://errata.almalinux.org/8/ALSA-2022-9067.html https://errata.almalinux.org/8/ALSA-2022-9074.html https://errata.almalinux.org/9/ALSA-2022-9065.html https://errata.almalinux.org/9/ALSA-2022-9080.html

Alma Linux: CVE-2022-46880: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/15/2022 Created 12/20/2022 Added 12/19/2022 Modified 01/28/2025 Description A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46880 CVE - 2022-46880 https://errata.almalinux.org/8/ALSA-2022-9067.html https://errata.almalinux.org/8/ALSA-2022-9074.html https://errata.almalinux.org/9/ALSA-2022-9065.html https://errata.almalinux.org/9/ALSA-2022-9080.html

Alma Linux: CVE-2022-46881: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 12/20/2022 Added 12/19/2022 Modified 01/28/2025 Description An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46881 CVE - 2022-46881 https://errata.almalinux.org/8/ALSA-2022-9067.html https://errata.almalinux.org/8/ALSA-2022-9074.html https://errata.almalinux.org/9/ALSA-2022-9065.html https://errata.almalinux.org/9/ALSA-2022-9080.html

OS X update for Image Processing (CVE-2022-32833) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for dyld (CVE-2022-46699) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOKit (CVE-2022-32833) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2022-42867: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2022-42867 CVE - 2022-42867 https://errata.almalinux.org/8/ALSA-2023-2834.html https://errata.almalinux.org/9/ALSA-2023-2256.html

OS X update for CoreServices (CVE-2022-42863) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2022-42863: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/15/2022 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2022-42863 CVE - 2022-42863 https://errata.almalinux.org/8/ALSA-2023-2834.html https://errata.almalinux.org/9/ALSA-2023-2256.html