ISHACK AI BOT

Alpine Linux: CVE-2024-8235: NULL Pointer Dereference Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon. Solution(s) alpine-linux-upgrade-libvirt References https://attackerkb.com/topics/cve-2024-8235 CVE - 2024-8235 https://security.alpinelinux.org/vuln/CVE-2024-8235

OS X update for libexpat (CVE-2024-45490) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 12/13/2024 Added 12/13/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-45490 CVE - 2024-45490 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

Ubuntu: (Multiple Advisories) (CVE-2024-44944): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1138-oracle ubuntu-upgrade-linux-image-4-15-0-1159-kvm ubuntu-upgrade-linux-image-4-15-0-1169-gcp ubuntu-upgrade-linux-image-4-15-0-1176-aws ubuntu-upgrade-linux-image-4-15-0-1184-azure ubuntu-upgrade-linux-image-4-15-0-232-generic ubuntu-upgrade-linux-image-4-15-0-232-lowlatency ubuntu-upgrade-linux-image-4-4-0-1139-aws ubuntu-upgrade-linux-image-4-4-0-1140-kvm ubuntu-upgrade-linux-image-4-4-0-1177-aws ubuntu-upgrade-linux-image-4-4-0-262-generic ubuntu-upgrade-linux-image-4-4-0-262-lowlatency ubuntu-upgrade-linux-image-5-15-0-1038-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1055-gkeop ubuntu-upgrade-linux-image-5-15-0-1065-ibm ubuntu-upgrade-linux-image-5-15-0-1065-raspi ubuntu-upgrade-linux-image-5-15-0-1067-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1067-nvidia ubuntu-upgrade-linux-image-5-15-0-1067-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1069-gke ubuntu-upgrade-linux-image-5-15-0-1069-kvm ubuntu-upgrade-linux-image-5-15-0-1070-oracle ubuntu-upgrade-linux-image-5-15-0-1071-gcp ubuntu-upgrade-linux-image-5-15-0-1072-aws ubuntu-upgrade-linux-image-5-15-0-1075-azure ubuntu-upgrade-linux-image-5-15-0-1078-azure ubuntu-upgrade-linux-image-5-15-0-125-generic ubuntu-upgrade-linux-image-5-15-0-125-generic-64k ubuntu-upgrade-linux-image-5-15-0-125-generic-lpae ubuntu-upgrade-linux-image-5-15-0-125-lowlatency ubuntu-upgrade-linux-image-5-15-0-125-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1044-iot ubuntu-upgrade-linux-image-5-4-0-1054-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1082-ibm ubuntu-upgrade-linux-image-5-4-0-1094-bluefield ubuntu-upgrade-linux-image-5-4-0-1102-gkeop ubuntu-upgrade-linux-image-5-4-0-1119-raspi ubuntu-upgrade-linux-image-5-4-0-1123-kvm ubuntu-upgrade-linux-image-5-4-0-1134-oracle ubuntu-upgrade-linux-image-5-4-0-1135-aws ubuntu-upgrade-linux-image-5-4-0-1139-azure ubuntu-upgrade-linux-image-5-4-0-1139-gcp ubuntu-upgrade-linux-image-5-4-0-1140-azure ubuntu-upgrade-linux-image-5-4-0-200-generic ubuntu-upgrade-linux-image-5-4-0-200-generic-lpae ubuntu-upgrade-linux-image-5-4-0-200-lowlatency ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1015-gke ubuntu-upgrade-linux-image-6-8-0-1016-raspi ubuntu-upgrade-linux-image-6-8-0-1017-ibm ubuntu-upgrade-linux-image-6-8-0-1017-oracle ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1018-oem ubuntu-upgrade-linux-image-6-8-0-1019-gcp ubuntu-upgrade-linux-image-6-8-0-1019-nvidia ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1020-aws ubuntu-upgrade-linux-image-6-8-0-1020-azure ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde ubuntu-upgrade-linux-image-6-8-0-50-generic ubuntu-upgrade-linux-image-6-8-0-50-generic-64k ubuntu-upgrade-linux-image-6-8-0-50-lowlatency ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-44944 CVE - 2024-44944 USN-7088-1 USN-7088-2 USN-7088-3 USN-7088-4 USN-7088-5 USN-7100-1 USN-7100-2 USN-7119-1 USN-7123-1 USN-7144-1 USN-7154-1 USN-7154-2 USN-7155-1 USN-7156-1 USN-7183-1 USN-7184-1 USN-7185-1 USN-7185-2 USN-7194-1 USN-7196-1 View more

Huawei EulerOS: CVE-2022-48944: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/30/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more sched_fork() races Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue before it gets exposed through the pidhash. Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is trying to fix a single instance of this, instead fix the whole class of issues, effectively reverting this commit. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48944 CVE - 2022-48944 EulerOS-SA-2025-1192

Amazon Linux 2023: CVE-2024-45490: Important priority package update for expat Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function. Solution(s) amazon-linux-2023-upgrade-expat amazon-linux-2023-upgrade-expat-debuginfo amazon-linux-2023-upgrade-expat-debugsource amazon-linux-2023-upgrade-expat-devel amazon-linux-2023-upgrade-expat-static References https://attackerkb.com/topics/cve-2024-45490 CVE - 2024-45490 https://alas.aws.amazon.com/AL2023/ALAS-2024-759.html

Ubuntu: (CVE-2022-48944): linux-intel-iotg-5.15 vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/30/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more sched_fork() races Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue before it gets exposed through the pidhash. Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is trying to fix a single instance of this, instead fix the whole class of issues, effectively reverting this commit. Solution(s) ubuntu-upgrade-linux-intel-iotg-5-15 References https://attackerkb.com/topics/cve-2022-48944 CVE - 2022-48944 https://git.kernel.org/linus/b1e8206582f9d680cff7d04828708c8b6ab32957 https://git.kernel.org/stable/c/3411613611a5cddf7e80908010dc87cb527dd13b https://git.kernel.org/stable/c/b1e8206582f9d680cff7d04828708c8b6ab32957 https://git.kernel.org/stable/c/c65cfd89cef669d90c59f3bf150af6458137a04f https://www.cve.org/CVERecord?id=CVE-2022-48944

Alpine Linux: CVE-2024-45490: Improper Restriction of XML External Entity Reference Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/21/2024 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) alpine-linux-upgrade-expat alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2024-45490 CVE - 2024-45490 https://security.alpinelinux.org/vuln/CVE-2024-45490

Rocky Linux: CVE-2024-45491: xmlrpc-c (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) rocky-upgrade-expat rocky-upgrade-expat-debuginfo rocky-upgrade-expat-debugsource rocky-upgrade-expat-devel rocky-upgrade-xmlrpc-c rocky-upgrade-xmlrpc-c-c++ rocky-upgrade-xmlrpc-c-c++-debuginfo rocky-upgrade-xmlrpc-c-client rocky-upgrade-xmlrpc-c-client++ rocky-upgrade-xmlrpc-c-client++-debuginfo rocky-upgrade-xmlrpc-c-client-debuginfo rocky-upgrade-xmlrpc-c-debuginfo rocky-upgrade-xmlrpc-c-debugsource rocky-upgrade-xmlrpc-c-devel References https://attackerkb.com/topics/cve-2024-45491 CVE - 2024-45491 https://errata.rockylinux.org/RLSA-2024:6754 https://errata.rockylinux.org/RLSA-2024:6989 https://errata.rockylinux.org/RLSA-2024:8859

Rocky Linux: CVE-2024-45492: expat (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) rocky-upgrade-expat rocky-upgrade-expat-debuginfo rocky-upgrade-expat-debugsource rocky-upgrade-expat-devel References https://attackerkb.com/topics/cve-2024-45492 CVE - 2024-45492 https://errata.rockylinux.org/RLSA-2024:6754 https://errata.rockylinux.org/RLSA-2024:6989

VMware Photon OS: CVE-2024-45492 Severity 7 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 08/30/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-45492 CVE - 2024-45492

Huawei EulerOS: CVE-2024-45490: xmlrpc-c security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) huawei-euleros-2_0_sp12-upgrade-xmlrpc-c-help References https://attackerkb.com/topics/cve-2024-45490 CVE - 2024-45490 EulerOS-SA-2024-2961

Alma Linux: CVE-2024-45491: Moderate: xmlrpc-c security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 09/24/2024 Added 09/23/2024 Modified 02/13/2025 Description An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) alma-upgrade-expat alma-upgrade-expat-devel alma-upgrade-xmlrpc-c alma-upgrade-xmlrpc-c-c++ alma-upgrade-xmlrpc-c-client alma-upgrade-xmlrpc-c-client++ alma-upgrade-xmlrpc-c-devel References https://attackerkb.com/topics/cve-2024-45491 CVE - 2024-45491 https://errata.almalinux.org/8/ALSA-2024-6989.html https://errata.almalinux.org/8/ALSA-2024-8859.html https://errata.almalinux.org/9/ALSA-2024-6754.html

Alpine Linux: CVE-2024-45492: Integer Overflow or Wraparound Severity 7 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 08/30/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/14/2024 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) alpine-linux-upgrade-expat alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2024-45492 CVE - 2024-45492 https://security.alpinelinux.org/vuln/CVE-2024-45492

Amazon Linux 2023: CVE-2024-44944: Medium priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:P) Published 08/30/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-106-116-188 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-44944 CVE - 2024-44944 https://alas.aws.amazon.com/AL2023/ALAS-2024-709.html

Huawei EulerOS: CVE-2024-44944: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/30/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-44944 CVE - 2024-44944 EulerOS-SA-2024-2983

Gentoo Linux: CVE-2024-45490: QtWebEngine: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-45490 CVE - 2024-45490 202501-09

Red Hat OpenShift: CVE-2024-45490: libexpat: Negative Length Parsing Vulnerability in libexpat Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-45490 CVE - 2024-45490 RHSA-2024:10135 RHSA-2024:11109 RHSA-2024:6754 RHSA-2024:6989 RHSA-2024:7213 RHSA-2024:7599 RHSA-2024:9610 View more

Huawei EulerOS: CVE-2024-45491: xmlrpc-c security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) huawei-euleros-2_0_sp12-upgrade-xmlrpc-c-help References https://attackerkb.com/topics/cve-2024-45491 CVE - 2024-45491 EulerOS-SA-2024-2961

Amazon Linux AMI: CVE-2024-45490: Security patch for expat (ALAS-2025-1953) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 01/11/2025 Added 01/10/2025 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) amazon-linux-upgrade-expat References ALAS-2025-1953 CVE-2024-45490

Red Hat OpenShift: CVE-2024-45491: libexpat: Integer Overflow or Wraparound Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-45491 CVE - 2024-45491 RHSA-2024:10135 RHSA-2024:11109 RHSA-2024:6754 RHSA-2024:6989 RHSA-2024:7213 RHSA-2024:7599 RHSA-2024:8859 RHSA-2024:9610 View more

Red Hat OpenShift: CVE-2024-45492: libexpat: integer overflow Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-45492 CVE - 2024-45492 RHSA-2024:10135 RHSA-2024:11109 RHSA-2024:6754 RHSA-2024:6989 RHSA-2024:7213 RHSA-2024:7599 RHSA-2024:9610 View more

IBM AIX: python_advisory13 (CVE-2024-45492): Vulnerability in python affects AIX Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 11/07/2024 Added 11/06/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) ibm-aix-python_advisory13 References https://attackerkb.com/topics/cve-2024-45492 CVE - 2024-45492 https://aix.software.ibm.com/aix/efixes/security/python_advisory13.asc

MFSA2024-40 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.2 (CVE-2024-8381) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) mozilla-firefox-esr-upgrade-128_2 References https://attackerkb.com/topics/cve-2024-8381 CVE - 2024-8381 http://www.mozilla.org/security/announce/2024/mfsa2024-40.html

MFSA2024-41 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.15 (CVE-2024-8381) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) mozilla-firefox-esr-upgrade-115_15 References https://attackerkb.com/topics/cve-2024-8381 CVE - 2024-8381 http://www.mozilla.org/security/announce/2024/mfsa2024-41.html

IBM AIX: python_advisory13 (CVE-2024-45490): Vulnerability in python affects AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 11/07/2024 Added 11/06/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) ibm-aix-python_advisory13 References https://attackerkb.com/topics/cve-2024-45490 CVE - 2024-45490 https://aix.software.ibm.com/aix/efixes/security/python_advisory13.asc