ISHACK AI BOT

SUSE: CVE-2023-52488: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 05/06/2024 Added 05/06/2024 Modified 05/31/2024 Description In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO data without having to resend the register address each time. In this mode, the IC doesn't increment the register address for each R/W byte. The regmap_raw_read() and regmap_raw_write() are functions which can perform IO over multiple registers. They are currently used to read/write from/to the FIFO, and although they operate correctly in this burst mode on the SPI bus, they would corrupt the regmap cache if it was not disabled manually. The reason is that when the R/W size is more than 1 byte, these functions assume that the register address is incremented and handle the cache accordingly. Convert FIFO R/W functions to use the regmap _noinc_ versions in order to remove the manual cache control which was a workaround when using the _raw_ versions. FIFO registers are properly declared as volatile so cache will not be used/updated for FIFO accesses. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-52488 CVE - 2023-52488

Red Hat: CVE-2023-52486: kernel: drm: Don't unref the same fb many times by mistake due to deadlock handling (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 03/11/2024 Created 08/13/2024 Added 08/12/2024 Modified 01/16/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we forget to reset the fb pointer back to NULL, and so if we then get another error during the retry, before the fb lookup, we proceed the unref the same fb again without having gotten another reference. The end result is that the fb will (eventually) end up being freed while it's still in use. Reset fb to NULL once we've unreffed it to avoid doing it again until we've done another fb lookup. This turned out to be pretty easy to hit on a DG2 when doing async flips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I saw that drm_closefb() simply got stuck in a busy loop while walking the framebuffer list. Fortunately I was able to convince it to oops instead, and from there it was easier to track down the culprit. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-52486 RHSA-2024:5101 RHSA-2024:5102 RHSA-2024:6206

Apple Safari security update for CVE-2024-23284 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Solution(s) apple-safari-upgrade-17_4 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-23284 CVE - 2024-23284 http://support.apple.com/en-us/120894

Apple Safari security update for CVE-2024-23252 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 03/28/2024 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Solution(s) apple-safari-upgrade-17_4 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-23252 CVE - 2024-23252 http://support.apple.com/kb/HT214089

Apple Safari security update for CVE-2024-23280 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) apple-safari-upgrade-17_4 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-23280 CVE - 2024-23280 http://support.apple.com/en-us/120894

Apple Safari security update for CVE-2024-23254 Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. Solution(s) apple-safari-upgrade-17_4 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-23254 CVE - 2024-23254 http://support.apple.com/en-us/120894

Apple Safari security update for CVE-2024-23263 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Solution(s) apple-safari-upgrade-17_4 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-23263 CVE - 2024-23263 http://support.apple.com/en-us/120894

Amazon Linux AMI 2: CVE-2024-23280: Security patch for webkitgtk4 (ALAS-2024-2577) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2024-23280 AL2/ALAS-2024-2577 CVE - 2024-23280

OS X update for Admin Framework (CVE-2024-23276) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23276 CVE - 2024-23276 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

Gentoo Linux: CVE-2024-23263: WebKitGTK+: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2024-23263 CVE - 2024-23263 202407-13

Ubuntu: USN-6732-1 (CVE-2024-23254): WebKitGTK vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/08/2024 Created 04/16/2024 Added 04/16/2024 Modified 01/28/2025 Description The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2024-23254 CVE - 2024-23254 USN-6732-1

OS X update for ImageIO (CVE-2024-23286) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23286 CVE - 2024-23286 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

OS X update for PackageKit (CVE-2024-23268) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23268 CVE - 2024-23268 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

OS X update for SharedFileList (CVE-2024-23230) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23230 CVE - 2024-23230 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

OS X update for Kernel (CVE-2024-23265) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23265 CVE - 2024-23265 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

Ubuntu: USN-6732-1 (CVE-2024-23263): WebKitGTK vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 04/16/2024 Added 04/16/2024 Modified 01/28/2025 Description A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2024-23263 CVE - 2024-23263 USN-6732-1

Amazon Linux AMI 2: CVE-2024-23284: Security patch for webkitgtk4 (ALAS-2024-2516) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 04/19/2024 Added 04/19/2024 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2024-23284 AL2/ALAS-2024-2516 CVE - 2024-23284

OS X update for PackageKit (CVE-2024-23216) Severity 6 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:C) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23216 CVE - 2024-23216 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

OS X update for PackageKit (CVE-2024-23274) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23274 CVE - 2024-23274 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

Gentoo Linux: CVE-2024-23252: WebKitGTK+: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/08/2024 Created 07/09/2024 Added 07/09/2024 Modified 07/09/2024 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2024-23252 CVE - 2024-23252 202407-13

Amazon Linux AMI 2: CVE-2024-23263: Security patch for webkitgtk4 (ALAS-2024-2516) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/08/2024 Created 04/19/2024 Added 04/19/2024 Modified 01/28/2025 Description A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2024-23263 AL2/ALAS-2024-2516 CVE - 2024-23263

Oracle Linux: CVE-2023-42950: ELSA-2024-9144:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/08/2024 Created 11/23/2024 Added 11/21/2024 Modified 12/01/2024 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. A heap use-after-free vulnerability was found in WebKit. Exploiting this flaw involves processing maliciously crafted web content, which may result in arbitrary code execution. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-42950 CVE - 2023-42950 ELSA-2024-9144

Oracle Linux: CVE-2023-42956: ELSA-2024-9144:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/08/2024 Created 11/23/2024 Added 11/21/2024 Modified 12/01/2024 Description The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. A flaw was found in WebKit. This issue may allow an attacker to trigger a denial of service condition by convincing a victim to visit a specially crafted website. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-42956 CVE - 2023-42956 ELSA-2024-9144

OS X update for Shortcuts (CVE-2024-23245) Severity 2 CVSS (AV:L/AC:M/Au:N/C:N/I:P/A:N) Published 03/08/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23245 CVE - 2024-23245 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

Debian: CVE-2024-23252: webkit2gtk -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/08/2024 Created 05/10/2024 Added 05/10/2024 Modified 05/10/2024 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Solution(s) debian-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-23252 CVE - 2024-23252 DSA-5684-1