ISHACK AI BOT

Google Chrome Vulnerability: CVE-2024-7022 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 09/23/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-7022 CVE - 2024-7022

Google Chrome Vulnerability: CVE-2021-38023 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/23/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2021-38023 CVE - 2021-38023

Google Chrome Vulnerability: CVE-2024-7018 Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/23/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-7018 CVE - 2024-7018

Debian: CVE-2024-46544: libapache-mod-jk -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/23/2024 Created 10/18/2024 Added 10/17/2024 Modified 10/17/2024 Description Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue. Solution(s) debian-upgrade-libapache-mod-jk References https://attackerkb.com/topics/cve-2024-46544 CVE - 2024-46544 DLA-3919-1

Google Chrome Vulnerability: CVE-2024-7024 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/23/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-7024 CVE - 2024-7024

Red Hat: CVE-2024-38286: tomcat: Denial of Service in Tomcat (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/23/2024 Created 11/01/2024 Added 10/31/2024 Modified 11/11/2024 Description Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. Solution(s) redhat-upgrade-apache-commons-collections redhat-upgrade-apache-commons-lang redhat-upgrade-apache-commons-net redhat-upgrade-bea-stax-api redhat-upgrade-glassfish-fastinfoset redhat-upgrade-glassfish-jaxb-api redhat-upgrade-glassfish-jaxb-core redhat-upgrade-glassfish-jaxb-runtime redhat-upgrade-glassfish-jaxb-txw2 redhat-upgrade-idm-pki-acme redhat-upgrade-idm-pki-base redhat-upgrade-idm-pki-base-java redhat-upgrade-idm-pki-ca redhat-upgrade-idm-pki-kra redhat-upgrade-idm-pki-server redhat-upgrade-idm-pki-symkey redhat-upgrade-idm-pki-symkey-debuginfo redhat-upgrade-idm-pki-tools redhat-upgrade-idm-pki-tools-debuginfo redhat-upgrade-jackson-annotations redhat-upgrade-jackson-core redhat-upgrade-jackson-databind redhat-upgrade-jackson-jaxrs-json-provider redhat-upgrade-jackson-jaxrs-providers redhat-upgrade-jackson-module-jaxb-annotations redhat-upgrade-jakarta-commons-httpclient redhat-upgrade-javassist redhat-upgrade-javassist-javadoc redhat-upgrade-jss redhat-upgrade-jss-debuginfo redhat-upgrade-jss-debugsource redhat-upgrade-jss-javadoc redhat-upgrade-ldapjdk redhat-upgrade-ldapjdk-javadoc redhat-upgrade-pki-core-debuginfo redhat-upgrade-pki-core-debugsource redhat-upgrade-pki-servlet-4-0-api redhat-upgrade-pki-servlet-engine redhat-upgrade-python-nss-debugsource redhat-upgrade-python-nss-doc redhat-upgrade-python3-idm-pki redhat-upgrade-python3-nss redhat-upgrade-python3-nss-debuginfo redhat-upgrade-relaxngdatatype redhat-upgrade-resteasy redhat-upgrade-slf4j redhat-upgrade-slf4j-jdk14 redhat-upgrade-stax-ex redhat-upgrade-tomcatjss redhat-upgrade-velocity redhat-upgrade-xalan-j2 redhat-upgrade-xerces-j2 redhat-upgrade-xml-commons-apis redhat-upgrade-xml-commons-resolver redhat-upgrade-xmlstreambuffer redhat-upgrade-xsom References CVE-2024-38286 RHSA-2024:8494 RHSA-2024:8528 RHSA-2024:8543

Google Chrome Vulnerability: CVE-2024-7020 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/23/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-7020 CVE - 2024-7020

Gentoo Linux: CVE-2023-42619: curl: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/23/2024 Created 09/25/2024 Added 09/24/2024 Modified 09/24/2024 Description Please review the referenced CVE identifiers for details. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2023-42619 CVE - 2023-42619 202409-20

Debian: CVE-2021-38023: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/23/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2021-38023 CVE - 2021-38023

Ubuntu: (CVE-2022-48945): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/23/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:memcpy_erms+0x6/0x10 [...] Call Trace: <TASK> ? tpg_fill_plane_buffer+0x856/0x15b0 vivid_fillbuff+0x8ac/0x1110 vivid_thread_vid_cap_tick+0x361/0xc90 vivid_thread_vid_cap+0x21a/0x3a0 kthread+0x143/0x180 ret_from_fork+0x1f/0x30 </TASK> This is because we forget to check boundary after adjust compose->height int V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem for this case. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iot-realtime ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv-5-15 ubuntu-upgrade-linux-xilinx-zynqmp References https://attackerkb.com/topics/cve-2022-48945 CVE - 2022-48945 https://git.kernel.org/linus/94a7ad9283464b75b12516c5512541d467cefcf8 https://git.kernel.org/stable/c/2f558c5208b0f70c8140e08ce09fcc84da48e789 https://git.kernel.org/stable/c/54f259906039dbfe46c550011409fa16f72370f6 https://git.kernel.org/stable/c/5edc3604151919da8da0fb092b71d7dce07d848a https://git.kernel.org/stable/c/8c0ee15d9a102c732d0745566d254040085d5663 https://git.kernel.org/stable/c/94a7ad9283464b75b12516c5512541d467cefcf8 https://git.kernel.org/stable/c/9c7fba9503b826f0c061d136f8f0c9f953ed18b9 https://git.kernel.org/stable/c/ab54081a2843aefb837812fac5488cc8f1696142 https://git.kernel.org/stable/c/ccb5392c4fea0e7d9f7ab35567e839d74cb3998b https://git.kernel.org/stable/c/f9d19f3a044ca651b0be52a4bf951ffe74259b9f https://www.cve.org/CVERecord?id=CVE-2022-48945 View more

Red Hat: CVE-2024-46544: mod_jk: information Disclosure / DoS (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 09/23/2024 Created 10/10/2024 Added 10/09/2024 Modified 11/07/2024 Description Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue. Solution(s) redhat-upgrade-mod_jk redhat-upgrade-mod_jk-debuginfo redhat-upgrade-mod_jk-debugsource References CVE-2024-46544 RHSA-2024:7457 RHSA-2024:8929

Google Chrome Vulnerability: CVE-2023-7281 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/23/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-7281 CVE - 2023-7281

Alma Linux: CVE-2024-46544: Moderate: mod_jk bug fix update (ALSA-2024-7457) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/23/2024 Created 10/10/2024 Added 10/10/2024 Modified 10/10/2024 Description Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue. Solution(s) alma-upgrade-mod_jk References https://attackerkb.com/topics/cve-2024-46544 CVE - 2024-46544 https://errata.almalinux.org/9/ALSA-2024-7457.html

Debian: CVE-2018-20072: chromium -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/23/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2018-20072 CVE - 2018-20072

Google Chrome Vulnerability: CVE-2018-20072 Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/23/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2018-20072 CVE - 2018-20072 https://issues.chromium.org/issues/40093560

Debian: CVE-2024-9120: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 10/01/2024 Added 09/30/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9120 CVE - 2024-9120 DSA-5775-1

SUSE: CVE-2024-9014: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/23/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. Solution(s) suse-upgrade-pgadmin4 suse-upgrade-pgadmin4-cloud suse-upgrade-pgadmin4-desktop suse-upgrade-pgadmin4-doc suse-upgrade-pgadmin4-web-uwsgi suse-upgrade-system-user-pgadmin References https://attackerkb.com/topics/cve-2024-9014 CVE - 2024-9014

Google Chrome Vulnerability: CVE-2023-7282 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/23/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-7282 CVE - 2023-7282

SUSE: CVE-2024-8975: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/25/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-8975 CVE - 2024-8975

SUSE: CVE-2024-9123: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9123 CVE - 2024-9123

SUSE: CVE-2024-9122: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9122 CVE - 2024-9122

Cisco XE: CVE-2024-20434: Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability Severity 3 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:P) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 02/11/2025 Description A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20434 CVE - 2024-20434 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vlan-dos-27Pur5RT cisco-sa-vlan-dos-27Pur5RT

SUSE: CVE-2024-9120: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9120 CVE - 2024-9120

SUSE: CVE-2024-8996: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/25/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-8996 CVE - 2024-8996

Cisco XE: CVE-2024-20437: Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 02/11/2025 Description A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20437 CVE - 2024-20437 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO cisco-sa-webui-csrf-ycUYxkKO