ISHACK AI BOT

Ubuntu: USN-7093-1 (CVE-2024-49767): Werkzeug vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/25/2024 Created 11/07/2024 Added 11/06/2024 Modified 01/28/2025 Description Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. Solution(s) ubuntu-upgrade-python3-werkzeug References https://attackerkb.com/topics/cve-2024-49767 CVE - 2024-49767 USN-7093-1

Debian: CVE-2024-0126: Multiple Affected Packages Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/25/2024 Created 10/26/2024 Added 10/25/2024 Modified 01/13/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Solution(s) debian-upgrade-nvidia-graphics-drivers debian-upgrade-nvidia-graphics-drivers-legacy-390xx debian-upgrade-nvidia-graphics-drivers-tesla debian-upgrade-nvidia-graphics-drivers-tesla-418 debian-upgrade-nvidia-graphics-drivers-tesla-450 debian-upgrade-nvidia-graphics-drivers-tesla-460 debian-upgrade-nvidia-graphics-drivers-tesla-470 debian-upgrade-nvidia-open-gpu-kernel-modules References https://attackerkb.com/topics/cve-2024-0126 CVE - 2024-0126

Debian: CVE-2024-49767: python-werkzeug, quart -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/25/2024 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. Solution(s) debian-upgrade-python-werkzeug debian-upgrade-quart References https://attackerkb.com/topics/cve-2024-49767 CVE - 2024-49767

Red Hat: CVE-2024-44185: webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 10/24/2024 Created 11/28/2024 Added 11/27/2024 Modified 11/27/2024 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2024-44185 RHSA-2024:9553 RHSA-2024:9636 RHSA-2024:9638 RHSA-2024:9646

Ubuntu: (CVE-2024-44185): webkit2gtk vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/24/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-44185 CVE - 2024-44185 https://webkitgtk.org/security/WSA-2024-0006.html https://www.cve.org/CVERecord?id=CVE-2024-44185

OS X update for WebKit (CVE-2024-44206) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 10/24/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions. Solution(s) apple-osx-upgrade-14_6 References https://attackerkb.com/topics/cve-2024-44206 CVE - 2024-44206 https://support.apple.com/en-us/120911

OS X update for DiskArbitration (CVE-2024-44141) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/24/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution. Solution(s) apple-osx-upgrade-14_6 References https://attackerkb.com/topics/cve-2024-44141 CVE - 2024-44141 https://support.apple.com/en-us/120911

OS X update for IOMobileFrameBuffer (CVE-2024-40810) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/24/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash. Solution(s) apple-osx-upgrade-14_6 References https://attackerkb.com/topics/cve-2024-40810 CVE - 2024-40810 https://support.apple.com/en-us/120911

Ubuntu: USN-7260-1 (CVE-2024-49760): OpenRefine vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/24/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`. But when doing so in versions prior to 3.8.3, it does not check that the resulting path is in the expected directory, which means that this command could be exploited to read other JSON files on the file system. Version 3.8.3 addresses this issue. Solution(s) ubuntu-pro-upgrade-openrefine References https://attackerkb.com/topics/cve-2024-49760 CVE - 2024-49760 USN-7260-1

Alma Linux: CVE-2024-44185: Important: webkit2gtk3 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/24/2024 Created 11/19/2024 Added 11/18/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2024-44185 CVE - 2024-44185 https://errata.almalinux.org/8/ALSA-2024-9636.html https://errata.almalinux.org/9/ALSA-2024-9553.html

OS X update for Siri (CVE-2024-44205) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/24/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs. Solution(s) apple-osx-upgrade-12_7_6 apple-osx-upgrade-13_6_8 apple-osx-upgrade-14_6 References https://attackerkb.com/topics/cve-2024-44205 CVE - 2024-44205 https://support.apple.com/en-us/120910 https://support.apple.com/en-us/120911 https://support.apple.com/en-us/120912

Rocky Linux: CVE-2024-44185: webkit2gtk3 (RLSA-2024-9636) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/24/2024 Created 11/21/2024 Added 11/20/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2024-44185 CVE - 2024-44185 https://errata.rockylinux.org/RLSA-2024:9636

Ubuntu: USN-7225-1 (CVE-2024-46478): HTMLDOC vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/24/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/24/2025 Description HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. Solution(s) ubuntu-pro-upgrade-htmldoc References https://attackerkb.com/topics/cve-2024-46478 CVE - 2024-46478 USN-7225-1

Debian: CVE-2024-44185: webkit2gtk, wpewebkit -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/24/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-44185 CVE - 2024-44185 DSA-5792-1

Ubuntu: USN-7260-1 (CVE-2024-47878): OpenRefine vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/24/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `<script>` tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing JavaScript code, which would then cause that code to be executed in the victim's browser as if it was part of OpenRefine. Version 3.8.3 fixes this issue. Solution(s) ubuntu-pro-upgrade-openrefine References https://attackerkb.com/topics/cve-2024-47878 CVE - 2024-47878 USN-7260-1

Ubuntu: USN-7260-1 (CVE-2024-47882): OpenRefine vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/24/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this code in OpenRefine itself is for an attacker to somehow convince a victim to import a malicious file, which may be difficult.However, out-of-tree extensions may add their own calls to `respondWithErrorPage`. Version 3.8.3 has a fix for this issue. Solution(s) ubuntu-pro-upgrade-openrefine References https://attackerkb.com/topics/cve-2024-47882 CVE - 2024-47882 USN-7260-1

Ubuntu: USN-7260-1 (CVE-2024-47880): OpenRefine vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/24/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that containsembedded JavaScript code. This code would then be included in the response, along with an attacker-controlled `Content-Type` header, and so potentially executed in the victim's browser as if it was part of OpenRefine. The attacker-provided code can do anything the user can do, including deleting projects, retrieving database passwords, or executing arbitrary Jython or Closure expressions, if those extensions are also present. The attacker must know a valid project ID of a project that contains at least one row. Version 3.8.3 fixes the issue. Solution(s) ubuntu-pro-upgrade-openrefine References https://attackerkb.com/topics/cve-2024-47880 CVE - 2024-47880 USN-7260-1

Ubuntu: USN-7260-1 (CVE-2024-47881): OpenRefine vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/24/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue. Solution(s) ubuntu-pro-upgrade-openrefine References https://attackerkb.com/topics/cve-2024-47881 CVE - 2024-47881 USN-7260-1

Huawei EulerOS: CVE-2024-10041: pam security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/23/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Solution(s) huawei-euleros-2_0_sp11-upgrade-pam References https://attackerkb.com/topics/cve-2024-10041 CVE - 2024-10041 EulerOS-SA-2025-1161

Cisco FTD: CVE-2024-20351: Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TCP/IP Traffic with Snort 2 and Snort 3 Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2024 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2024-20351 CVE - 2024-20351 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort-fw-BCJTZPMu cisco-sa-sa-ftd-snort-fw-BCJTZPMu

Cisco FTD: CVE-2024-20382: Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Cross-Site Scripting Vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 10/23/2024 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2024-20382 CVE - 2024-20382 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-yjj7ZjVq cisco-sa-asaftd-xss-yjj7ZjVq

Cisco FTD: CVE-2024-20260: Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2024 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2024-20260 CVE - 2024-20260 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR cisco-sa-asaftdvirtual-dos-MuenGnYR

Debian: CVE-2022-48973: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/23/2024 Created 10/24/2024 Added 10/23/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: gpio: amd8111: Fix PCI device reference count leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL input parameter, there is no problem for the 'Device not found' branch. For the normal path, add pci_dev_put() in amd_gpio_exit(). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48973 CVE - 2022-48973

Debian: CVE-2022-48974: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/23/2024 Created 10/24/2024 Added 10/23/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using __this_cpu_add in preemptible Currently in nf_conntrack_hash_check_insert(), when it fails in nf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in the preemptible context, a call trace can be triggered: BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636 caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack] Call Trace: <TASK> dump_stack_lvl+0x33/0x46 check_preemption_disabled+0xc3/0xf0 nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack] ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink] ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink] nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink] netlink_rcv_skb+0x50/0x100 nfnetlink_rcv+0x65/0x144 [nfnetlink] netlink_unicast+0x1ae/0x290 netlink_sendmsg+0x257/0x4f0 sock_sendmsg+0x5f/0x70 This patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() for nf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(), as well as nf_ct_ext_valid_post() in __nf_conntrack_confirm(). Note that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() is safe to use NF_CT_STAT_INC(), as it's under local_bh_disable(). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48974 CVE - 2022-48974

Debian: CVE-2022-48951: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/23/2024 Created 10/24/2024 Added 10/23/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48951 CVE - 2022-48951