ISHACK AI BOT

Rocky Linux: CVE-2024-4769: thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses.This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-4769 CVE - 2024-4769 https://errata.rockylinux.org/RLSA-2024:2888 https://errata.rockylinux.org/RLSA-2024:3783 https://errata.rockylinux.org/RLSA-2024:3784

Rocky Linux: CVE-2024-27282: ruby (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Solution(s) rocky-upgrade-ruby rocky-upgrade-ruby-bundled-gems rocky-upgrade-ruby-bundled-gems-debuginfo rocky-upgrade-ruby-debuginfo rocky-upgrade-ruby-debugsource rocky-upgrade-ruby-devel rocky-upgrade-ruby-libs rocky-upgrade-ruby-libs-debuginfo rocky-upgrade-rubygem-bigdecimal rocky-upgrade-rubygem-bigdecimal-debuginfo rocky-upgrade-rubygem-bson rocky-upgrade-rubygem-bson-debuginfo rocky-upgrade-rubygem-bson-debugsource rocky-upgrade-rubygem-io-console rocky-upgrade-rubygem-io-console-debuginfo rocky-upgrade-rubygem-json rocky-upgrade-rubygem-json-debuginfo rocky-upgrade-rubygem-mysql2 rocky-upgrade-rubygem-mysql2-debuginfo rocky-upgrade-rubygem-mysql2-debugsource rocky-upgrade-rubygem-openssl rocky-upgrade-rubygem-openssl-debuginfo rocky-upgrade-rubygem-pg rocky-upgrade-rubygem-pg-debuginfo rocky-upgrade-rubygem-pg-debugsource rocky-upgrade-rubygem-psych rocky-upgrade-rubygem-psych-debuginfo rocky-upgrade-rubygem-racc rocky-upgrade-rubygem-racc-debuginfo rocky-upgrade-rubygem-rbs rocky-upgrade-rubygem-rbs-debuginfo References https://attackerkb.com/topics/cve-2024-27282 CVE - 2024-27282 https://errata.rockylinux.org/RLSA-2024:3546 https://errata.rockylinux.org/RLSA-2024:3668 https://errata.rockylinux.org/RLSA-2024:3670 https://errata.rockylinux.org/RLSA-2024:3671 https://errata.rockylinux.org/RLSA-2024:4499

Rocky Linux: CVE-2024-27393: kernel (RLSA-2024-4349) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 07/16/2024 Added 07/16/2024 Modified 11/18/2024 Description In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks"). Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-devel-matched rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-core rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debug-uki-virt rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-devel rocky-upgrade-kernel-devel-matched rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-core rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-kernel-uki-virt rocky-upgrade-kernel-zfcpdump rocky-upgrade-kernel-zfcpdump-core rocky-upgrade-kernel-zfcpdump-debuginfo rocky-upgrade-kernel-zfcpdump-devel rocky-upgrade-kernel-zfcpdump-devel-matched rocky-upgrade-kernel-zfcpdump-modules rocky-upgrade-kernel-zfcpdump-modules-core rocky-upgrade-kernel-zfcpdump-modules-extra rocky-upgrade-libperf rocky-upgrade-libperf-debuginfo rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo rocky-upgrade-rtla rocky-upgrade-rv References https://attackerkb.com/topics/cve-2024-27393 CVE - 2024-27393 https://errata.rockylinux.org/RLSA-2024:4349

Rocky Linux: CVE-2024-4367: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-4367 CVE - 2024-4367 https://errata.rockylinux.org/RLSA-2024:2888 https://errata.rockylinux.org/RLSA-2024:3783 https://errata.rockylinux.org/RLSA-2024:3784

Rocky Linux: CVE-2024-30046: .NET-8.0 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description Visual Studio Denial of Service Vulnerability Solution(s) rocky-upgrade-aspnetcore-runtime-7.0 rocky-upgrade-aspnetcore-runtime-8.0 rocky-upgrade-aspnetcore-runtime-dbg-8.0 rocky-upgrade-aspnetcore-targeting-pack-7.0 rocky-upgrade-aspnetcore-targeting-pack-8.0 rocky-upgrade-dotnet rocky-upgrade-dotnet-apphost-pack-7.0 rocky-upgrade-dotnet-apphost-pack-7.0-debuginfo rocky-upgrade-dotnet-apphost-pack-8.0 rocky-upgrade-dotnet-apphost-pack-8.0-debuginfo rocky-upgrade-dotnet-host rocky-upgrade-dotnet-host-debuginfo rocky-upgrade-dotnet-hostfxr-7.0 rocky-upgrade-dotnet-hostfxr-7.0-debuginfo rocky-upgrade-dotnet-hostfxr-8.0 rocky-upgrade-dotnet-hostfxr-8.0-debuginfo rocky-upgrade-dotnet-runtime-7.0 rocky-upgrade-dotnet-runtime-7.0-debuginfo rocky-upgrade-dotnet-runtime-8.0 rocky-upgrade-dotnet-runtime-8.0-debuginfo rocky-upgrade-dotnet-runtime-dbg-8.0 rocky-upgrade-dotnet-sdk-7.0 rocky-upgrade-dotnet-sdk-7.0-debuginfo rocky-upgrade-dotnet-sdk-7.0-source-built-artifacts rocky-upgrade-dotnet-sdk-8.0 rocky-upgrade-dotnet-sdk-8.0-debuginfo rocky-upgrade-dotnet-sdk-8.0-source-built-artifacts rocky-upgrade-dotnet-sdk-dbg-8.0 rocky-upgrade-dotnet-targeting-pack-7.0 rocky-upgrade-dotnet-targeting-pack-8.0 rocky-upgrade-dotnet-templates-7.0 rocky-upgrade-dotnet-templates-8.0 rocky-upgrade-dotnet7.0-debuginfo rocky-upgrade-dotnet7.0-debugsource rocky-upgrade-dotnet8.0-debuginfo rocky-upgrade-dotnet8.0-debugsource rocky-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2024-30046 CVE - 2024-30046 https://errata.rockylinux.org/RLSA-2024:2842 https://errata.rockylinux.org/RLSA-2024:2843 https://errata.rockylinux.org/RLSA-2024:3340 https://errata.rockylinux.org/RLSA-2024:3345

Rocky Linux: CVE-2024-4317: postgresql-16 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 09/18/2024 Added 09/17/2024 Modified 02/14/2025 Description Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected. Solution(s) rocky-upgrade-pg_repack rocky-upgrade-pg_repack-debuginfo rocky-upgrade-pg_repack-debugsource rocky-upgrade-pgaudit rocky-upgrade-pgaudit-debuginfo rocky-upgrade-pgaudit-debugsource rocky-upgrade-postgres-decoderbufs rocky-upgrade-postgres-decoderbufs-debuginfo rocky-upgrade-postgres-decoderbufs-debugsource rocky-upgrade-postgresql rocky-upgrade-postgresql-contrib rocky-upgrade-postgresql-contrib-debuginfo rocky-upgrade-postgresql-debuginfo rocky-upgrade-postgresql-debugsource rocky-upgrade-postgresql-docs rocky-upgrade-postgresql-docs-debuginfo rocky-upgrade-postgresql-plperl rocky-upgrade-postgresql-plperl-debuginfo rocky-upgrade-postgresql-plpython3 rocky-upgrade-postgresql-plpython3-debuginfo rocky-upgrade-postgresql-pltcl rocky-upgrade-postgresql-pltcl-debuginfo rocky-upgrade-postgresql-private-devel rocky-upgrade-postgresql-private-libs rocky-upgrade-postgresql-private-libs-debuginfo rocky-upgrade-postgresql-server rocky-upgrade-postgresql-server-debuginfo rocky-upgrade-postgresql-server-devel rocky-upgrade-postgresql-server-devel-debuginfo rocky-upgrade-postgresql-static rocky-upgrade-postgresql-test rocky-upgrade-postgresql-test-debuginfo rocky-upgrade-postgresql-upgrade rocky-upgrade-postgresql-upgrade-debuginfo rocky-upgrade-postgresql-upgrade-devel rocky-upgrade-postgresql-upgrade-devel-debuginfo References https://attackerkb.com/topics/cve-2024-4317 CVE - 2024-4317 https://errata.rockylinux.org/RLSA-2024:5927 https://errata.rockylinux.org/RLSA-2024:5929

Rocky Linux: CVE-2024-32020: git (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 07/03/2024 Added 07/03/2024 Modified 11/18/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Solution(s) rocky-upgrade-git rocky-upgrade-git-core rocky-upgrade-git-core-debuginfo rocky-upgrade-git-credential-libsecret rocky-upgrade-git-credential-libsecret-debuginfo rocky-upgrade-git-daemon rocky-upgrade-git-daemon-debuginfo rocky-upgrade-git-debuginfo rocky-upgrade-git-debugsource rocky-upgrade-git-subtree References https://attackerkb.com/topics/cve-2024-32020 CVE - 2024-32020 https://errata.rockylinux.org/RLSA-2024:4083 https://errata.rockylinux.org/RLSA-2024:4084

Ubuntu: (Multiple Advisories) (CVE-2024-4768): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/28/2024 Added 05/28/2024 Modified 07/03/2024 Description A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-4768 CVE - 2024-4768 USN-6779-1 USN-6779-2 USN-6782-1

Huawei EulerOS: CVE-2024-32020: git security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 07/16/2024 Added 07/16/2024 Modified 12/12/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Solution(s) huawei-euleros-2_0_sp10-upgrade-git huawei-euleros-2_0_sp10-upgrade-git-help References https://attackerkb.com/topics/cve-2024-32020 CVE - 2024-32020 EulerOS-SA-2024-1906

Huawei EulerOS: CVE-2024-27395: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 07/16/2024 Added 07/16/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-27395 CVE - 2024-27395 EulerOS-SA-2024-1911

Huawei EulerOS: CVE-2024-27280: ruby security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 07/16/2024 Added 07/16/2024 Modified 12/12/2024 Description A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. Solution(s) huawei-euleros-2_0_sp10-upgrade-ruby huawei-euleros-2_0_sp10-upgrade-ruby-help huawei-euleros-2_0_sp10-upgrade-ruby-irb References https://attackerkb.com/topics/cve-2024-27280 CVE - 2024-27280 EulerOS-SA-2024-1921

Huawei EulerOS: CVE-2023-52656: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52656 CVE - 2023-52656 EulerOS-SA-2024-2418

APSB24-29:Adobe Acrobat and Reader for Windows and macOS (CVE-2024-34096) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2024-34096 CVE - 2024-34096 https://helpx.adobe.com/security/products/reader/apsb24-29.html

Debian: CVE-2024-4367: firefox-esr, odoo, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/18/2024 Added 05/17/2024 Modified 01/28/2025 Description A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) debian-upgrade-firefox-esr debian-upgrade-odoo debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-4367 CVE - 2024-4367 DLA-3815-1 DSA-5691-1

Debian: CVE-2024-4770: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/18/2024 Added 05/17/2024 Modified 05/21/2024 Description When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-4770 CVE - 2024-4770 DLA-3815-1 DSA-5691-1

Debian: CVE-2024-4853: wireshark -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/01/2024 Description Memory handling issue in editcap could cause denial of service via crafted capture file Solution(s) debian-upgrade-wireshark References https://attackerkb.com/topics/cve-2024-4853 CVE - 2024-4853 DLA-3906-1

OS X update for Find My (CVE-2024-23229) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 01/28/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My data. Solution(s) apple-osx-upgrade-12_7_5 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23229 CVE - 2024-23229 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895 https://support.apple.com/en-us/120899

SUSE: CVE-2024-4067: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 10/31/2024 Added 10/30/2024 Modified 01/30/2025 Description The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. Solution(s) suse-upgrade-pgadmin4 suse-upgrade-pgadmin4-cloud suse-upgrade-pgadmin4-desktop suse-upgrade-pgadmin4-doc suse-upgrade-pgadmin4-web-uwsgi suse-upgrade-system-user-pgadmin suse-upgrade-system-user-velociraptor suse-upgrade-velociraptor suse-upgrade-velociraptor-client References https://attackerkb.com/topics/cve-2024-4067 CVE - 2024-4067

SUSE: CVE-2024-34459: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 07/03/2024 Added 07/03/2024 Modified 07/04/2024 Description An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Solution(s) suse-upgrade-libxml2-2 suse-upgrade-libxml2-2-32bit suse-upgrade-libxml2-devel suse-upgrade-libxml2-devel-32bit suse-upgrade-libxml2-doc suse-upgrade-libxml2-tools suse-upgrade-python-libxml2 suse-upgrade-python3-libxml2 suse-upgrade-python3-libxml2-python suse-upgrade-python311-libxml2 References https://attackerkb.com/topics/cve-2024-34459 CVE - 2024-34459

SUSE: CVE-2024-27401: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/13/2024 Added 06/12/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length, packet_buffer_get will now return 0 to signify to the user that no data were read and a larger buffer size is required. Helps prevent user space overflows. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-27401 CVE - 2024-27401

Oracle Linux: CVE-2024-32465: ELSA-2024-4083:git security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 06/27/2024 Added 06/25/2024 Modified 01/07/2025 Description Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources. A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target&apos;s local system. If the victim were to clone this repository, it could result in arbitrary code execution. Solution(s) oracle-linux-upgrade-git oracle-linux-upgrade-git-all oracle-linux-upgrade-git-core oracle-linux-upgrade-git-core-doc oracle-linux-upgrade-git-credential-libsecret oracle-linux-upgrade-git-daemon oracle-linux-upgrade-git-email oracle-linux-upgrade-git-gui oracle-linux-upgrade-git-instaweb oracle-linux-upgrade-gitk oracle-linux-upgrade-git-subtree oracle-linux-upgrade-git-svn oracle-linux-upgrade-gitweb oracle-linux-upgrade-perl-git oracle-linux-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2024-32465 CVE - 2024-32465 ELSA-2024-4083 ELSA-2024-4084

APSB24-29:Adobe Acrobat and Reader for Windows and macOS (CVE-2024-30311) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2024-30311 CVE - 2024-30311 https://helpx.adobe.com/security/products/reader/apsb24-29.html

APSB24-29:Adobe Acrobat and Reader for Windows and macOS (CVE-2024-34097) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2024-34097 CVE - 2024-34097 https://helpx.adobe.com/security/products/reader/apsb24-29.html

APSB24-29:Adobe Acrobat and Reader for Windows and macOS (CVE-2024-34100) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2024-34100 CVE - 2024-34100 https://helpx.adobe.com/security/products/reader/apsb24-29.html

APSB24-29:Adobe Acrobat and Reader for Windows and macOS (CVE-2024-30312) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2024-30312 CVE - 2024-30312 https://helpx.adobe.com/security/products/reader/apsb24-29.html