ISHACK AI BOT

Microsoft Windows: CVE-2024-43574: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43574: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2022-21h2-kb5044281 microsoft-windows-windows_server_2022-22h2-kb5044281 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43574 CVE - 2024-43574 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044281 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044288 View more

JetBrains TeamCity: CVE-2024-47951: Stored XSS was possible via server global settings (TW-88983) Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 10/08/2024 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-47951 CVE - 2024-47951 https://www.jetbrains.com/privacy-security/issues-fixed/

FreeBSD: (Multiple Advisories) (CVE-2024-9603): electron{31,32} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron31 freebsd-upgrade-package-electron32 freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9603

FreeBSD: (Multiple Advisories) (CVE-2024-9602): electron{31,32} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron31 freebsd-upgrade-package-electron32 freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9602

Microsoft Windows: CVE-2024-43546: Windows Cryptographic Information Disclosure Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/11/2024 Description Microsoft Windows: CVE-2024-43546: Windows Cryptographic Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2022-21h2-kb5044281 microsoft-windows-windows_server_2022-22h2-kb5044281 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43546 CVE - 2024-43546 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044281 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044288 View more

Microsoft Windows: CVE-2024-43542: Windows Mobile Broadband Driver Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43542: Windows Mobile Broadband Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5044277 microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2019-1809-kb5044277 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43542 CVE - 2024-43542 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044277 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044288 View more

Microsoft Edge Chromium: CVE-2024-9602 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9602 CVE - 2024-9602 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9602

Microsoft Office: CVE-2024-43505: Microsoft Office Visio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Office: CVE-2024-43505: Microsoft Office Visio Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-43505 CVE - 2024-43505

Microsoft Windows: CVE-2024-43575: Windows Hyper-V Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43575: Windows Hyper-V Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5044293 microsoft-windows-windows_server_2019-1809-kb5044277 microsoft-windows-windows_server_2022-21h2-kb5044281 microsoft-windows-windows_server_2022-22h2-kb5044281 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43575 CVE - 2024-43575 https://support.microsoft.com/help/5044277 https://support.microsoft.com/help/5044281 https://support.microsoft.com/help/5044288 https://support.microsoft.com/help/5044293

Alma Linux: CVE-2024-9026: Moderate: php:8.2 security update (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 10/08/2024 Created 12/20/2024 Added 12/19/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-9026 CVE - 2024-9026 https://errata.almalinux.org/8/ALSA-2024-10951.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2024-10949.html https://errata.almalinux.org/9/ALSA-2024-10950.html

Red Hat: CVE-2024-43485: dotnet: Denial of Service in System.Text.Json (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 10/16/2024 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-6-0 redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-runtime-dbg-8-0 redhat-upgrade-aspnetcore-targeting-pack-6-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-6-0 redhat-upgrade-dotnet-apphost-pack-6-0-debuginfo redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-6-0 redhat-upgrade-dotnet-hostfxr-6-0-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-runtime-6-0 redhat-upgrade-dotnet-runtime-6-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-8-0 redhat-upgrade-dotnet-sdk-6-0 redhat-upgrade-dotnet-sdk-6-0-debuginfo redhat-upgrade-dotnet-sdk-6-0-source-built-artifacts redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-sdk-dbg-8-0 redhat-upgrade-dotnet-targeting-pack-6-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-templates-6-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet6-0-debuginfo redhat-upgrade-dotnet6-0-debugsource redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2024-43485 RHSA-2024:7851 RHSA-2024:7867 RHSA-2024:7868 RHSA-2024:7869 RHSA-2024:8036 RHSA-2024:8047 View more

Red Hat: CVE-2024-8925: php: Erroneous parsing of multipart form data (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:S/C:N/I:C/A:N) Published 10/08/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. Solution(s) redhat-upgrade-apcu-panel redhat-upgrade-libzip redhat-upgrade-libzip-debuginfo redhat-upgrade-libzip-debugsource redhat-upgrade-libzip-devel redhat-upgrade-libzip-tools redhat-upgrade-libzip-tools-debuginfo redhat-upgrade-php redhat-upgrade-php-bcmath redhat-upgrade-php-bcmath-debuginfo redhat-upgrade-php-cli redhat-upgrade-php-cli-debuginfo redhat-upgrade-php-common redhat-upgrade-php-common-debuginfo redhat-upgrade-php-dba redhat-upgrade-php-dba-debuginfo redhat-upgrade-php-dbg redhat-upgrade-php-dbg-debuginfo redhat-upgrade-php-debuginfo redhat-upgrade-php-debugsource redhat-upgrade-php-devel redhat-upgrade-php-embedded redhat-upgrade-php-embedded-debuginfo redhat-upgrade-php-enchant redhat-upgrade-php-enchant-debuginfo redhat-upgrade-php-ffi redhat-upgrade-php-ffi-debuginfo redhat-upgrade-php-fpm redhat-upgrade-php-fpm-debuginfo redhat-upgrade-php-gd redhat-upgrade-php-gd-debuginfo redhat-upgrade-php-gmp redhat-upgrade-php-gmp-debuginfo redhat-upgrade-php-intl redhat-upgrade-php-intl-debuginfo redhat-upgrade-php-json redhat-upgrade-php-json-debuginfo redhat-upgrade-php-ldap redhat-upgrade-php-ldap-debuginfo redhat-upgrade-php-mbstring redhat-upgrade-php-mbstring-debuginfo redhat-upgrade-php-mysqlnd redhat-upgrade-php-mysqlnd-debuginfo redhat-upgrade-php-odbc redhat-upgrade-php-odbc-debuginfo redhat-upgrade-php-opcache redhat-upgrade-php-opcache-debuginfo redhat-upgrade-php-pdo redhat-upgrade-php-pdo-debuginfo redhat-upgrade-php-pear redhat-upgrade-php-pecl-apcu redhat-upgrade-php-pecl-apcu-debuginfo redhat-upgrade-php-pecl-apcu-debugsource redhat-upgrade-php-pecl-apcu-devel redhat-upgrade-php-pecl-rrd redhat-upgrade-php-pecl-rrd-debuginfo redhat-upgrade-php-pecl-rrd-debugsource redhat-upgrade-php-pecl-xdebug redhat-upgrade-php-pecl-xdebug-debuginfo redhat-upgrade-php-pecl-xdebug-debugsource redhat-upgrade-php-pecl-xdebug3 redhat-upgrade-php-pecl-xdebug3-debuginfo redhat-upgrade-php-pecl-xdebug3-debugsource redhat-upgrade-php-pecl-zip redhat-upgrade-php-pecl-zip-debuginfo redhat-upgrade-php-pecl-zip-debugsource redhat-upgrade-php-pgsql redhat-upgrade-php-pgsql-debuginfo redhat-upgrade-php-process redhat-upgrade-php-process-debuginfo redhat-upgrade-php-snmp redhat-upgrade-php-snmp-debuginfo redhat-upgrade-php-soap redhat-upgrade-php-soap-debuginfo redhat-upgrade-php-xml redhat-upgrade-php-xml-debuginfo redhat-upgrade-php-xmlrpc redhat-upgrade-php-xmlrpc-debuginfo References CVE-2024-8925 RHSA-2024:10949 RHSA-2024:10950 RHSA-2024:10951 RHSA-2024:10952

Adobe Animate: CVE-2024-47412: Security updates available for Adobe Animate (APSB24-76) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-47412 CVE - 2024-47412 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-47414: Security updates available for Adobe Animate (APSB24-76) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-47414 CVE - 2024-47414 https://helpx.adobe.com/security/products/animate/apsb24-76.html

VMware Photon OS: CVE-2024-47814 Severity 3 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:P) Published 10/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47814 CVE - 2024-47814

VMware Photon OS: CVE-2024-31449 Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 10/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-31449 CVE - 2024-31449

Huawei EulerOS: CVE-2024-47814: vim security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/07/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2024-47814 CVE - 2024-47814 EulerOS-SA-2024-2989

Amazon Linux 2023: CVE-2024-31228: Important priority package update for redis6 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/07/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. Solution(s) amazon-linux-2023-upgrade-redis6 amazon-linux-2023-upgrade-redis6-debuginfo amazon-linux-2023-upgrade-redis6-debugsource amazon-linux-2023-upgrade-redis6-devel amazon-linux-2023-upgrade-redis6-doc References https://attackerkb.com/topics/cve-2024-31228 CVE - 2024-31228 https://alas.aws.amazon.com/AL2023/ALAS-2024-717.html

Oracle Linux: CVE-2024-8925: ELSA-2024-10951:php:8.2 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:S/C:N/I:C/A:N) Published 10/07/2024 Created 12/14/2024 Added 12/12/2024 Modified 01/07/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. A flaw was found in PHP&apos;s parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, ff a multipart form data payload contains a valid prefix &apos;X&apos; of the defined boundary B such that 5Kib &lt; |X| &lt; |B| &lt; 8Kib, the logic responsible for parsing and storing the multipart payload fails to correctly extract the contents between two boundaries. Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-json oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml oracle-linux-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-8925 CVE - 2024-8925 ELSA-2024-10951 ELSA-2024-10949 ELSA-2024-10950 ELSA-2024-10952

Oracle Linux: CVE-2024-8927: ELSA-2024-10951:php:8.2 security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/07/2024 Created 12/14/2024 Added 12/12/2024 Modified 01/07/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. A flaw was found in PHP. The configuration directive `cgi.force_redirect` prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access php-cgi directly. Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-json oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml oracle-linux-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-8927 CVE - 2024-8927 ELSA-2024-10951 ELSA-2024-10949 ELSA-2024-10950 ELSA-2024-10952

Huawei EulerOS: CVE-2024-47814: vim security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/07/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp12-upgrade-vim-common huawei-euleros-2_0_sp12-upgrade-vim-enhanced huawei-euleros-2_0_sp12-upgrade-vim-filesystem huawei-euleros-2_0_sp12-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2024-47814 CVE - 2024-47814 EulerOS-SA-2024-2960

Oracle Linux: CVE-2024-31227: ELSA-2024-10869:redis:7 security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 10/07/2024 Created 12/10/2024 Added 12/07/2024 Modified 12/13/2024 Description Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw was found in Redis. This flaw allows an authenticated attacker with sufficient privileges to create a malformed ACL selector that triggers a server panic and subsequent denial of service when accessed. Solution(s) oracle-linux-upgrade-redis oracle-linux-upgrade-redis-devel oracle-linux-upgrade-redis-doc References https://attackerkb.com/topics/cve-2024-31227 CVE - 2024-31227 ELSA-2024-10869

VMware Photon OS: CVE-2024-31228 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-31228 CVE - 2024-31228

Ubuntu: USN-7131-1 (CVE-2024-47814): Vim vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/07/2024 Created 11/29/2024 Added 11/28/2024 Modified 11/28/2024 Description Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-vim References https://attackerkb.com/topics/cve-2024-47814 CVE - 2024-47814 USN-7131-1

Red Hat: CVE-2024-31227: redis: Denial-of-service due to malformed ACL selectors in Redis (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 10/07/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) redhat-upgrade-redis redhat-upgrade-redis-debuginfo redhat-upgrade-redis-debugsource redhat-upgrade-redis-devel redhat-upgrade-redis-doc References CVE-2024-31227 RHSA-2024:10869