ISHACK AI BOT

SUSE: CVE-2024-4948: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/15/2024 Created 05/24/2024 Added 05/23/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4948 CVE - 2024-4948

SUSE: CVE-2024-4950: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/15/2024 Created 05/24/2024 Added 05/23/2024 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4950 CVE - 2024-4950

IBM AIX: invscout_advisory6 (CVE-2024-27260): Vulnerability in invscout affects AIX Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/15/2024 Created 05/16/2024 Added 05/16/2024 Modified 10/31/2024 Description IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands.IBM X-Force ID:283985. Solution(s) ibm-aix-invscout_advisory6 References https://attackerkb.com/topics/cve-2024-27260 CVE - 2024-27260 https://aix.software.ibm.com/aix/efixes/security/invscout_advisory6.asc

Microsoft Edge Chromium: CVE-2024-4949 Use after free in V8 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/15/2024 Created 05/18/2024 Added 05/17/2024 Modified 01/28/2025 Description Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-4949 CVE - 2024-4949 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4949

FreeBSD: VID-8247AF0D-183B-11EF-9F97-A8A1599412C6 (CVE-2024-4947): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/15/2024 Created 05/24/2024 Added 05/23/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-4947

FreeBSD: VID-8247AF0D-183B-11EF-9F97-A8A1599412C6 (CVE-2024-4949): chromium -- multiple security fixes Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/15/2024 Created 05/24/2024 Added 05/23/2024 Modified 01/28/2025 Description Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-4949

Alma Linux: CVE-2024-25743: Moderate: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/15/2024 Created 06/01/2024 Added 05/31/2024 Modified 11/04/2024 Description In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2024-25743 CVE - 2024-25743 https://errata.almalinux.org/8/ALSA-2024-2950.html https://errata.almalinux.org/8/ALSA-2024-3138.html https://errata.almalinux.org/9/ALSA-2024-2758.html

MFSA2024-23 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.11 (CVE-2024-4770) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/15/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-thunderbird-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4770 CVE - 2024-4770 http://www.mozilla.org/security/announce/2024/mfsa2024-23.html

Microsoft Edge Chromium: CVE-2024-4761 Out of bounds write in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/15/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-4761 CVE - 2024-4761 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4761

MFSA2024-23 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.11 (CVE-2024-4367) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/15/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-thunderbird-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4367 CVE - 2024-4367 http://www.mozilla.org/security/announce/2024/mfsa2024-23.html

Debian: CVE-2024-4949: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/15/2024 Created 05/21/2024 Added 05/20/2024 Modified 01/28/2025 Description Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4949 CVE - 2024-4949 DSA-5694-1

MFSA2024-23 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.11 (CVE-2024-4769) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/15/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses.This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-thunderbird-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4769 CVE - 2024-4769 http://www.mozilla.org/security/announce/2024/mfsa2024-23.html

MFSA2024-23 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.11 (CVE-2024-4767) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/15/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-thunderbird-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4767 CVE - 2024-4767 http://www.mozilla.org/security/announce/2024/mfsa2024-23.html

MFSA2024-23 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.11 (CVE-2024-4777) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/15/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-thunderbird-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4777 CVE - 2024-4777 http://www.mozilla.org/security/announce/2024/mfsa2024-23.html

SUSE: CVE-2024-4947: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/15/2024 Created 05/24/2024 Added 05/23/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4947 CVE - 2024-4947

Debian: CVE-2024-4948: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/15/2024 Created 05/21/2024 Added 05/20/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4948 CVE - 2024-4948 DSA-5694-1

Debian: CVE-2024-4947: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/15/2024 Created 05/21/2024 Added 05/20/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4947 CVE - 2024-4947 DSA-5694-1

Microsoft Edge Chromium: CVE-2024-4950 Inappropriate implementation in Downloads Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/15/2024 Created 05/18/2024 Added 05/17/2024 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-4950 CVE - 2024-4950 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4950

Microsoft Edge Chromium: CVE-2024-4948 Use after free in Dawn Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/15/2024 Created 05/18/2024 Added 05/17/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-4948 CVE - 2024-4948 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4948

Oracle Linux: CVE-2024-26306: ELSA-2024-4241:iperf3 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/15/2024 Created 07/04/2024 Added 07/03/2024 Modified 12/05/2024 Description iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in &quot;Everlasting ROBOT: the Marvin Attack&quot; by Hubert Kario. A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked. Solution(s) oracle-linux-upgrade-iperf3 References https://attackerkb.com/topics/cve-2024-26306 CVE - 2024-26306 ELSA-2024-4241 ELSA-2024-9185

MFSA2024-23 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.11 (CVE-2024-4768) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/15/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-thunderbird-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4768 CVE - 2024-4768 http://www.mozilla.org/security/announce/2024/mfsa2024-23.html

Aruba AOS-10: CVE-2024-31477: Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/14/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2024-31477 References https://attackerkb.com/topics/cve-2024-31477 CVE - 2024-31477 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-006.json

Microsoft Edge Chromium: CVE-2024-4947 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/15/2024 Created 05/18/2024 Added 05/17/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-4947 CVE - 2024-4947 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4947

Aruba AOS-10: CVE-2024-31478: Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed via the PAPI Protocol Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 05/14/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point. Solution(s) aruba-aos-10-cve-2024-31478 References https://attackerkb.com/topics/cve-2024-31478 CVE - 2024-31478 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-006.json

Aruba AOS-10: CVE-2024-31480: Unauthenticated Denial-of-Service (DoS) Vulnerabilities in CLI Service Accessed via the PAPI Protocol Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 05/14/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. Solution(s) aruba-aos-10-cve-2024-31480 References https://attackerkb.com/topics/cve-2024-31480 CVE - 2024-31480 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-006.json