ISHACK AI BOT

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6610) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/28/2025 Description Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6610 CVE - 2024-6610 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6604) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 02/14/2025 Description Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6604 CVE - 2024-6604 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

Ubuntu: USN-6906-1 (CVE-2024-5569): python-zipp vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/26/2024 Added 07/25/2024 Modified 10/23/2024 Description A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp. Solution(s) ubuntu-upgrade-pypy-zipp ubuntu-upgrade-python-zipp ubuntu-upgrade-python3-zipp References https://attackerkb.com/topics/cve-2024-5569 CVE - 2024-5569 USN-6906-1

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6608) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/28/2025 Description It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6608 CVE - 2024-6608 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6615) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/18/2024 Description Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6615 CVE - 2024-6615 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

SUSE: CVE-2024-6605: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 08/26/2024 Description Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2024-6605 CVE - 2024-6605

Alpine Linux: CVE-2024-30105: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) alpine-linux-upgrade-dotnet8-runtime References https://attackerkb.com/topics/cve-2024-30105 CVE - 2024-30105 https://security.alpinelinux.org/vuln/CVE-2024-30105

Alpine Linux: CVE-2024-38081: Vulnerability in Multiple Components Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime References https://attackerkb.com/topics/cve-2024-38081 CVE - 2024-38081 https://security.alpinelinux.org/vuln/CVE-2024-38081

Alpine Linux: CVE-2024-38095: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime alpine-linux-upgrade-dotnet8-runtime References https://attackerkb.com/topics/cve-2024-38095 CVE - 2024-38095 https://security.alpinelinux.org/vuln/CVE-2024-38095

Red Hat: CVE-2024-30105: dotnet: DoS in System.Text.Json (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 10/11/2024 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-runtime-dbg-8-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-8-0 redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-sdk-dbg-8-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2024-30105 RHSA-2024:4450 RHSA-2024:4451

Red Hat: CVE-2024-35264: dotnet: DoS in ASP.NET Core 8 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 09/03/2024 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-runtime-dbg-8-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-8-0 redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-sdk-dbg-8-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2024-35264 RHSA-2024:4450 RHSA-2024:4451

Red Hat: CVE-2024-22020: nodejs: Bypass network import restriction via data URL (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:P/I:C/A:C) Published 07/09/2024 Created 09/14/2024 Added 09/13/2024 Modified 09/13/2024 Description A security flaw in Node.jsallows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2024-22020 RHSA-2024:5814 RHSA-2024:5815 RHSA-2024:6147 RHSA-2024:6148

Huawei EulerOS: CVE-2024-39487: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/09/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-39487 CVE - 2024-39487 EulerOS-SA-2024-2394

Red Hat: CVE-2024-3596: freeradius: forgery attack (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/26/2024 Added 07/25/2024 Modified 11/14/2024 Description RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Solution(s) redhat-upgrade-freeradius redhat-upgrade-freeradius-debuginfo redhat-upgrade-freeradius-debugsource redhat-upgrade-freeradius-devel redhat-upgrade-freeradius-doc redhat-upgrade-freeradius-krb5 redhat-upgrade-freeradius-krb5-debuginfo redhat-upgrade-freeradius-ldap redhat-upgrade-freeradius-ldap-debuginfo redhat-upgrade-freeradius-mysql redhat-upgrade-freeradius-mysql-debuginfo redhat-upgrade-freeradius-perl redhat-upgrade-freeradius-perl-debuginfo redhat-upgrade-freeradius-postgresql redhat-upgrade-freeradius-postgresql-debuginfo redhat-upgrade-freeradius-rest redhat-upgrade-freeradius-rest-debuginfo redhat-upgrade-freeradius-sqlite redhat-upgrade-freeradius-sqlite-debuginfo redhat-upgrade-freeradius-unixodbc redhat-upgrade-freeradius-unixodbc-debuginfo redhat-upgrade-freeradius-utils redhat-upgrade-freeradius-utils-debuginfo redhat-upgrade-krb5-debuginfo redhat-upgrade-krb5-debugsource redhat-upgrade-krb5-devel redhat-upgrade-krb5-devel-debuginfo redhat-upgrade-krb5-libs redhat-upgrade-krb5-libs-debuginfo redhat-upgrade-krb5-pkinit redhat-upgrade-krb5-pkinit-debuginfo redhat-upgrade-krb5-server redhat-upgrade-krb5-server-debuginfo redhat-upgrade-krb5-server-ldap redhat-upgrade-krb5-server-ldap-debuginfo redhat-upgrade-krb5-workstation redhat-upgrade-krb5-workstation-debuginfo redhat-upgrade-libkadm5 redhat-upgrade-libkadm5-debuginfo redhat-upgrade-python3-freeradius redhat-upgrade-python3-freeradius-debuginfo References CVE-2024-3596 RHSA-2024:4828 RHSA-2024:4829 RHSA-2024:4935 RHSA-2024:4936 RHSA-2024:8461 RHSA-2024:8792 RHSA-2024:8860 RHSA-2024:9474 RHSA-2024:9547 View more

Ubuntu: USN-6890-1 (CVE-2024-6613): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 10/23/2024 Description The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-6613 CVE - 2024-6613 USN-6890-1

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6606) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 11/29/2024 Description Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6606 CVE - 2024-6606 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

Ubuntu: (Multiple Advisories) (CVE-2024-6602): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 11/29/2024 Description A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-6602 CVE - 2024-6602 USN-6890-1 USN-6903-1

Ubuntu: USN-6890-1 (CVE-2024-6607): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 10/23/2024 Description It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-6607 CVE - 2024-6607 USN-6890-1

Ubuntu: USN-6890-1 (CVE-2024-6609): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 01/28/2025 Description When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-6609 CVE - 2024-6609 USN-6890-1

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6613) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/18/2024 Description The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6613 CVE - 2024-6613 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

Ubuntu: USN-6903-1 (CVE-2024-6600): Thunderbird vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/23/2024 Added 07/23/2024 Modified 10/23/2024 Description Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-6600 CVE - 2024-6600 USN-6903-1

Alma Linux: CVE-2024-3596: Important: krb5 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 08/08/2024 Added 08/08/2024 Modified 02/11/2025 Description RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Solution(s) alma-upgrade-freeradius alma-upgrade-freeradius-devel alma-upgrade-freeradius-doc alma-upgrade-freeradius-krb5 alma-upgrade-freeradius-ldap alma-upgrade-freeradius-mysql alma-upgrade-freeradius-perl alma-upgrade-freeradius-postgresql alma-upgrade-freeradius-rest alma-upgrade-freeradius-sqlite alma-upgrade-freeradius-unixodbc alma-upgrade-freeradius-utils alma-upgrade-krb5-devel alma-upgrade-krb5-libs alma-upgrade-krb5-pkinit alma-upgrade-krb5-server alma-upgrade-krb5-server-ldap alma-upgrade-krb5-workstation alma-upgrade-libkadm5 alma-upgrade-python3-freeradius References https://attackerkb.com/topics/cve-2024-3596 CVE - 2024-3596 https://errata.almalinux.org/8/ALSA-2024-4936.html https://errata.almalinux.org/8/ALSA-2024-8860.html https://errata.almalinux.org/9/ALSA-2024-4935.html https://errata.almalinux.org/9/ALSA-2024-9474.html

Ubuntu: USN-6889-1 (CVE-2024-30105): .NET vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 01/28/2025 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-6-0 ubuntu-upgrade-aspnetcore-runtime-8-0 ubuntu-upgrade-dotnet-host ubuntu-upgrade-dotnet-host-8-0 ubuntu-upgrade-dotnet-hostfxr-6-0 ubuntu-upgrade-dotnet-hostfxr-8-0 ubuntu-upgrade-dotnet-runtime-6-0 ubuntu-upgrade-dotnet-runtime-8-0 ubuntu-upgrade-dotnet-sdk-6-0 ubuntu-upgrade-dotnet-sdk-8-0 ubuntu-upgrade-dotnet6 ubuntu-upgrade-dotnet8 References https://attackerkb.com/topics/cve-2024-30105 CVE - 2024-30105 USN-6889-1

Alma Linux: CVE-2024-30105: Important: dotnet8.0 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/12/2024 Added 07/12/2024 Modified 01/28/2025 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-8.0 alma-upgrade-aspnetcore-runtime-dbg-8.0 alma-upgrade-aspnetcore-targeting-pack-8.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-8.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-8.0 alma-upgrade-dotnet-runtime-8.0 alma-upgrade-dotnet-runtime-dbg-8.0 alma-upgrade-dotnet-sdk-8.0 alma-upgrade-dotnet-sdk-8.0-source-built-artifacts alma-upgrade-dotnet-sdk-dbg-8.0 alma-upgrade-dotnet-targeting-pack-8.0 alma-upgrade-dotnet-templates-8.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2024-30105 CVE - 2024-30105 https://errata.almalinux.org/8/ALSA-2024-4451.html https://errata.almalinux.org/9/ALSA-2024-4450.html

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6601) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 02/14/2025 Description A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6601 CVE - 2024-6601 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html