ISHACK AI BOT

VMware Player: Vulnerability (VMSA-2024-0010) (CVE-2024-22268) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. Solution(s) vmware-player-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22268 CVE - 2024-22268 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

VMware Player: Vulnerability (VMSA-2024-0011) (CVE-2024-22273) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. Solution(s) vmware-player-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22273 CVE - 2024-22273 http://www.vmware.com/security/advisories/VMSA-2024-0011.html

VMware Player: Vulnerability (VMSA-2024-0010) (CVE-2024-22267) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. Solution(s) vmware-player-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22267 CVE - 2024-22267 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

VMware Player: Vulnerability (VMSA-2024-0010) (CVE-2024-22270) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Solution(s) vmware-player-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22270 CVE - 2024-22270 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

VMware Player: Vulnerability (VMSA-2024-0010) (CVE-2024-22269) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Solution(s) vmware-player-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22269 CVE - 2024-22269 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

Rocky Linux: CVE-2023-52340: kernel (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52340 CVE - 2023-52340 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

VMware Fusion: Vulnerability (VMSA-2024-0011) (CVE-2024-22273) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. Solution(s) vmware-fusion-upgrade-13_5_2 References https://attackerkb.com/topics/cve-2024-22273 CVE - 2024-22273 http://www.vmware.com/security/advisories/VMSA-2024-0011.html

Zoho ManageEngine ADAudit Plus: Authenticated SQL Injection Vulnerability (CVE-2024-5487) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:P) Published 06/14/2024 Created 12/19/2024 Added 12/18/2024 Modified 02/03/2025 Description An authenticated SQL Injection in surface analyzers export option has been fixed and released in ManageEngine ADAudit Plus version 8110. Solution(s) zoho-manageengine-adaudit-plus-upgrade-latest References https://attackerkb.com/topics/cve-2024-5487 CVE - 2024-5487 https://www.manageengine.com/products/active-directory-audit/cve-2024-5487.html

VMware Fusion: Vulnerability (VMSA-2024-0010) (CVE-2024-22268) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. Solution(s) vmware-fusion-upgrade-13_5_2 References https://attackerkb.com/topics/cve-2024-22268 CVE - 2024-22268 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

VMSA-2024-0011: Out-of-bounds read/write vulnerability (CVE-2024-22273) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. Solution(s) vmware-esxi700-upgrade-23794019 vmware-esxi701-upgrade-23794019 vmware-esxi702-upgrade-23794019 vmware-esxi703-upgrade-23794019 vmware-esxi801-upgrade-23305545 vmware-esxi802-upgrade-23305545 References https://attackerkb.com/topics/cve-2024-22273 CVE - 2024-22273 http://www.vmware.com/security/advisories/VMSA-2024-0011.html

Zoho ManageEngine ADAudit Plus: Authenticated SQL Injection Vulnerability (CVE-2024-36518) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:P) Published 06/14/2024 Created 12/19/2024 Added 12/18/2024 Modified 02/03/2025 Description An authenticated SQL Injection in attack surface analyzers dashboard has been fixed and released in ManageEngine ADAudit Plus version 8110. Solution(s) zoho-manageengine-adaudit-plus-upgrade-latest References https://attackerkb.com/topics/cve-2024-36518 CVE - 2024-36518 https://www.manageengine.com/products/active-directory-audit/cve-2024-36518.html

VMware Fusion: Vulnerability (VMSA-2024-0010) (CVE-2024-22269) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Solution(s) vmware-fusion-upgrade-13_5_2 References https://attackerkb.com/topics/cve-2024-22269 CVE - 2024-22269 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

Microsoft Edge Chromium: CVE-2024-30058 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-30058 CVE - 2024-30058 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30058

Ubuntu: USN-6855-1 (CVE-2024-36600): libcdio vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 07/02/2024 Added 07/03/2024 Modified 11/15/2024 Description Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. Solution(s) ubuntu-pro-upgrade-libcdio-1 ubuntu-pro-upgrade-libcdio-1t64 ubuntu-pro-upgrade-libcdio13 ubuntu-pro-upgrade-libcdio17 ubuntu-pro-upgrade-libcdio18 ubuntu-pro-upgrade-libcdio19 ubuntu-pro-upgrade-libcdio19t64 ubuntu-pro-upgrade-libiso9660-0 ubuntu-pro-upgrade-libiso9660-0t64 ubuntu-pro-upgrade-libiso9660-10 ubuntu-pro-upgrade-libiso9660-11 ubuntu-pro-upgrade-libiso9660-11t64 ubuntu-pro-upgrade-libiso9660-8 ubuntu-pro-upgrade-libudf0 ubuntu-pro-upgrade-libudf0t64 References https://attackerkb.com/topics/cve-2024-36600 CVE - 2024-36600 USN-6855-1

VMware Workstation: Vulnerability (VMSA-2024-0011) (CVE-2024-22273) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. Solution(s) vmware-workstation-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22273 CVE - 2024-22273 http://www.vmware.com/security/advisories/VMSA-2024-0011.html

VMware Workstation: Vulnerability (VMSA-2024-0010) (CVE-2024-22268) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. Solution(s) vmware-workstation-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22268 CVE - 2024-22268 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

Zoho ManageEngine PasswordManager Pro: Authenticated SQL Injection (CVE-2024-5546) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:P) Published 06/14/2024 Created 12/28/2024 Added 12/23/2024 Modified 02/03/2025 Description An authenticated SQL Injection was affected ManageEngine Password Manager Pro and PAM360 products via global search option which has been fixed and released. Solution(s) zoho-manageengine-passwordmanager-pro-upgrade-latest References https://attackerkb.com/topics/cve-2024-5546 CVE - 2024-5546 https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html

VMware Workstation: Vulnerability (VMSA-2024-0010) (CVE-2024-22270) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Solution(s) vmware-workstation-upgrade-17_5_2 References https://attackerkb.com/topics/cve-2024-22270 CVE - 2024-22270 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

VMware Fusion: Vulnerability (VMSA-2024-0010) (CVE-2024-22267) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. Solution(s) vmware-fusion-upgrade-13_5_2 References https://attackerkb.com/topics/cve-2024-22267 CVE - 2024-22267 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

VMware Fusion: Vulnerability (VMSA-2024-0010) (CVE-2024-22270) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/14/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/17/2024 Description VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Solution(s) vmware-fusion-upgrade-13_5_2 References https://attackerkb.com/topics/cve-2024-22270 CVE - 2024-22270 http://www.vmware.com/security/advisories/VMSA-2024-0010.html

Red Hat OpenShift: CVE-2024-5154: cri-o: malicious container can create symlink on host Severity 7 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:N) Published 06/13/2024 Created 06/14/2024 Added 06/13/2024 Modified 01/28/2025 Description A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. Solution(s) linuxrpm-upgrade-cri-o linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-5154 CVE - 2024-5154 RHSA-2024:10818 RHSA-2024:3676 RHSA-2024:3700 RHSA-2024:4008 RHSA-2024:4486

Amazon Linux AMI 2: CVE-2024-33871: Security patch for ghostscript (ALAS-2024-2562) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/13/2024 Created 06/14/2024 Added 06/13/2024 Modified 07/09/2024 Description An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. Solution(s) amazon-linux-ami-2-upgrade-ghostscript amazon-linux-ami-2-upgrade-ghostscript-cups amazon-linux-ami-2-upgrade-ghostscript-debuginfo amazon-linux-ami-2-upgrade-ghostscript-doc amazon-linux-ami-2-upgrade-ghostscript-gtk amazon-linux-ami-2-upgrade-libgs amazon-linux-ami-2-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2024-33871 AL2/ALAS-2024-2562 CVE - 2024-33871

Debian: CVE-2023-52890: ntfs-3g -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/13/2024 Created 09/03/2024 Added 09/02/2024 Modified 09/02/2024 Description NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging. Solution(s) debian-upgrade-ntfs-3g References https://attackerkb.com/topics/cve-2023-52890 CVE - 2023-52890

Ubuntu: (CVE-2024-0092): nvidia-graphics-drivers-470 vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/13/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. Solution(s) ubuntu-upgrade-nvidia-graphics-drivers-470 ubuntu-upgrade-nvidia-graphics-drivers-470-server ubuntu-upgrade-nvidia-graphics-drivers-535 ubuntu-upgrade-nvidia-graphics-drivers-535-server References https://attackerkb.com/topics/cve-2024-0092 CVE - 2024-0092 https://nvidia.custhelp.com/app/answers/detail/a_id/5551 https://www.cve.org/CVERecord?id=CVE-2024-0092

Debian: CVE-2024-0090: Multiple Affected Packages Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/13/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Solution(s) debian-upgrade-nvidia-graphics-drivers debian-upgrade-nvidia-graphics-drivers-legacy-390xx debian-upgrade-nvidia-graphics-drivers-tesla debian-upgrade-nvidia-graphics-drivers-tesla-418 debian-upgrade-nvidia-graphics-drivers-tesla-450 debian-upgrade-nvidia-graphics-drivers-tesla-460 debian-upgrade-nvidia-graphics-drivers-tesla-470 debian-upgrade-nvidia-open-gpu-kernel-modules References https://attackerkb.com/topics/cve-2024-0090 CVE - 2024-0090