ISHACK AI BOT

SUSE: CVE-2024-7001: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-7001 CVE - 2024-7001

SUSE: CVE-2024-7521: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7521 CVE - 2024-7521

Amazon Linux AMI 2: CVE-2024-7522: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/28/2025 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-7522 AL2/ALAS-2024-2629 AL2/ALASFIREFOX-2024-030 CVE - 2024-7522

SUSE: CVE-2024-6989: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-6989 CVE - 2024-6989

SUSE: CVE-2024-7518: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7518 CVE - 2024-7518

SUSE: CVE-2024-6995: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-6995 CVE - 2024-6995

Amazon Linux AMI 2: CVE-2024-7527: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/28/2025 Description Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-7527 AL2/ALAS-2024-2629 AL2/ALASFIREFOX-2024-030 CVE - 2024-7527

SUSE: CVE-2024-6997: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-6997 CVE - 2024-6997

SUSE: CVE-2024-7520: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7520 CVE - 2024-7520

Amazon Linux AMI 2: CVE-2024-7531: Security patch for firefox (ALASFIREFOX-2024-030) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 09/20/2024 Added 09/19/2024 Modified 01/28/2025 Description Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2024-7531 AL2/ALASFIREFOX-2024-030 CVE - 2024-7531

SUSE: CVE-2024-6999: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-6999 CVE - 2024-6999

FreeBSD: VID-5D7939F6-5989-11EF-9793-B42E991FC52E (CVE-2024-7528): firefox -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/16/2024 Added 08/14/2024 Modified 01/28/2025 Description Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-7528

Amazon Linux AMI 2: CVE-2024-7526: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/28/2025 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-7526 AL2/ALAS-2024-2629 AL2/ALASFIREFOX-2024-030 CVE - 2024-7526

FreeBSD: VID-5D7939F6-5989-11EF-9793-B42E991FC52E (CVE-2024-7522): firefox -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/16/2024 Added 08/14/2024 Modified 01/28/2025 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-7522

FreeBSD: (Multiple Advisories) (CVE-2024-6991): electron{29,30} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/18/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-electron29 freebsd-upgrade-package-electron30 freebsd-upgrade-package-electron31 References CVE-2024-6991

FreeBSD: (Multiple Advisories) (CVE-2024-6989): electron{29,30} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/18/2024 Modified 01/28/2025 Description Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-electron29 freebsd-upgrade-package-electron30 freebsd-upgrade-package-electron31 freebsd-upgrade-package-qt5-webengine References CVE-2024-6989

SUSE: CVE-2024-7004: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-7004 CVE - 2024-7004

SUSE: CVE-2024-7000: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-7000 CVE - 2024-7000

SUSE: CVE-2024-7531: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2024-7531 CVE - 2024-7531

SUSE: CVE-2024-7528: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7528 CVE - 2024-7528

SUSE: CVE-2024-7527: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7527 CVE - 2024-7527

SUSE: CVE-2024-7525: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7525 CVE - 2024-7525

Ubuntu: USN-6946-1 (CVE-2024-41989): Django vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. Solution(s) ubuntu-pro-upgrade-python-django ubuntu-pro-upgrade-python3-django References https://attackerkb.com/topics/cve-2024-41989 CVE - 2024-41989 USN-6946-1

Alpine Linux: CVE-2024-7536: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2024-7536 CVE - 2024-7536 https://security.alpinelinux.org/vuln/CVE-2024-7536

Alpine Linux: CVE-2024-6996: Race Condition Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2024-6996 CVE - 2024-6996 https://security.alpinelinux.org/vuln/CVE-2024-6996