ISHACK AI BOT

CentOS Linux: CVE-2024-3094: xz: Embedded Malicious Code Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/29/2024 Created 04/02/2024 Added 04/01/2024 Modified 04/15/2024 Description Deprecated Solution(s)

OS X update for Accessibility (CVE-2023-40390) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Accounts (CVE-2023-42930) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUSBDeviceFamily (CVE-2023-42913) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOKit (CVE-2023-42974) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/31/2024 Description Deprecated Solution(s)

OS X update for IOUSBDeviceFamily (CVE-2023-42956) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOKit (CVE-2023-42950) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Gentoo Linux: CVE-2023-42950: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/28/2024 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-42950 CVE - 2023-42950 202407-13

OS X update for Sandbox (CVE-2023-40390) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Automation (CVE-2023-42930) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Bluetooth (CVE-2023-42974) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/31/2024 Description Deprecated Solution(s)

OS X update for Automation (CVE-2023-42936) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2024-2947: cockpit -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/28/2024 Created 04/09/2024 Added 04/08/2024 Modified 04/08/2024 Description A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. Solution(s) debian-upgrade-cockpit References https://attackerkb.com/topics/cve-2024-2947 CVE - 2024-2947 DSA-5655-1

OS X update for AVEVideoEncoder (CVE-2023-40390) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Find My (CVE-2023-42930) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-52628: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/28/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961). Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52628 CVE - 2023-52628 EulerOS-SA-2024-2240

OS X update for Emoji (CVE-2023-42930) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

pgAdmin Binary Path API RCE Disclosed 03/28/2024 Created 08/28/2024 Description pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. Tested on pgAdmin 8.4 on Windows 10 both authenticated and unauthenticated. Author(s) M.Selim Karahan Mustafa Mutlu Ayoub Mokhtar Platform Windows Architectures x64 Development Source Code History

JetBrains TeamCity: CVE-2024-31135: Open redirect was possible on the login page (TW-87062) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 03/28/2024 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2024.03 open redirect was possible on the login page Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-31135 CVE - 2024-31135 https://www.jetbrains.com/privacy-security/issues-fixed/

OS X update for CoreMedia Playback (CVE-2023-40390) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for TCC (CVE-2023-42950) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for System Settings (CVE-2023-42956) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

JetBrains TeamCity: CVE-2024-31138: XSS was possible via Agent Distribution settings. Reported by Alex Williams from Trend Micro (TW-86535) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 03/28/2024 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-31138 CVE - 2024-31138 https://www.jetbrains.com/privacy-security/issues-fixed/

JetBrains TeamCity: CVE-2024-31137: Reflected XSS was possible via Space connection configuration. Reported by Linh Dinh (TW-86832) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 03/28/2024 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-31137 CVE - 2024-31137 https://www.jetbrains.com/privacy-security/issues-fixed/

OS X update for Accessibility (CVE-2023-42936) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)