ISHACK AI BOT

Fortinet FortiOS: Use of Externally-Controlled Format String (CVE-2023-45583) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/14/2024 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. Solution(s) fortios-upgrade-7_2_6 References https://attackerkb.com/topics/cve-2023-45583 CVE - 2023-45583 https://fortiguard.com/psirt/FG-IR-23-137

Fortinet FortiOS: Insufficient Verification of Data Authenticity (CVE-2023-45586) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 05/14/2024 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets. Solution(s) fortios-upgrade-7_0_13 fortios-upgrade-7_2_8 References https://attackerkb.com/topics/cve-2023-45586 CVE - 2023-45586 https://fortiguard.com/psirt/FG-IR-23-225

Fortinet FortiOS: Use of Externally-Controlled Format String (CVE-2023-36640) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/14/2024 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2023-36640 CVE - 2023-36640 https://fortiguard.com/psirt/FG-IR-23-137

Amazon Linux AMI 2: CVE-2024-4769: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/13/2024 Description When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses.This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-4769 AL2/ALAS-2024-2561 AL2/ALASFIREFOX-2024-025 CVE - 2024-4769

Debian: CVE-2024-32020: git -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 09/17/2024 Added 09/16/2024 Modified 09/16/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2024-32020 CVE - 2024-32020 DSA-5769-1

Debian: CVE-2024-3044: libreoffice -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/18/2024 Added 05/17/2024 Modified 09/23/2024 Description Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. Solution(s) debian-upgrade-libreoffice References https://attackerkb.com/topics/cve-2024-3044 CVE - 2024-3044 DSA-5690-1

Debian: CVE-2024-27393: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks"). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-27393 CVE - 2024-27393

Debian: CVE-2024-29894: cacti -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/14/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/28/2025 Description Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue. Solution(s) debian-upgrade-cacti References https://attackerkb.com/topics/cve-2024-29894 CVE - 2024-29894

Debian: CVE-2024-31443: cacti -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 05/14/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/28/2025 Description Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. Solution(s) debian-upgrade-cacti References https://attackerkb.com/topics/cve-2024-31443 CVE - 2024-31443 DLA-3884-1

Debian: CVE-2024-31444: cacti -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 05/14/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/28/2025 Description Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. Solution(s) debian-upgrade-cacti References https://attackerkb.com/topics/cve-2024-31444 CVE - 2024-31444 DLA-3884-1

Debian: CVE-2024-27396: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 06/28/2024 Added 06/27/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-27396 CVE - 2024-27396 DLA-3840-1 DLA-3842-1

Debian: CVE-2024-32004: git -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/28/2024 Added 06/27/2024 Modified 06/27/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2024-32004 CVE - 2024-32004 DLA-3844-1

Microsoft Windows: CVE-2024-26238: Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 08/13/2024 Description Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 References https://attackerkb.com/topics/cve-2024-26238 CVE - 2024-26238 https://support.microsoft.com/help/5037768

Amazon Linux 2023: CVE-2024-32020: Important priority package update for git Severity 2 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:P) Published 05/14/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository&apos;s object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a &quot;proper&quot; clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target&apos;s local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user&apos;s repo. Solution(s) amazon-linux-2023-upgrade-git amazon-linux-2023-upgrade-git-all amazon-linux-2023-upgrade-git-core amazon-linux-2023-upgrade-git-core-debuginfo amazon-linux-2023-upgrade-git-core-doc amazon-linux-2023-upgrade-git-credential-libsecret amazon-linux-2023-upgrade-git-credential-libsecret-debuginfo amazon-linux-2023-upgrade-git-cvs amazon-linux-2023-upgrade-git-daemon amazon-linux-2023-upgrade-git-daemon-debuginfo amazon-linux-2023-upgrade-git-debuginfo amazon-linux-2023-upgrade-git-debugsource amazon-linux-2023-upgrade-git-email amazon-linux-2023-upgrade-git-gui amazon-linux-2023-upgrade-git-instaweb amazon-linux-2023-upgrade-gitk amazon-linux-2023-upgrade-git-p4 amazon-linux-2023-upgrade-git-subtree amazon-linux-2023-upgrade-git-svn amazon-linux-2023-upgrade-gitweb amazon-linux-2023-upgrade-perl-git amazon-linux-2023-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2024-32020 CVE - 2024-32020 https://alas.aws.amazon.com/AL2023/ALAS-2024-623.html

Adobe Illustrator: CVE-2024-20793: Security updates available for Adobe Illustrator (APSB24-30) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory leak. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-20793 CVE - 2024-20793 https://helpx.adobe.com/security/products/illustrator/apsb24-30.html

APSB24-29:Adobe Acrobat and Reader for Windows and macOS (CVE-2024-34099) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2024-34099 CVE - 2024-34099 https://helpx.adobe.com/security/products/reader/apsb24-29.html

Amazon Linux 2023: CVE-2024-32002: Important priority package update for git Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule&apos;s worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won&apos;t work. As always, it is best to avoid cloning repositories from untrusted sources. A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule&apos;s intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control. Solution(s) amazon-linux-2023-upgrade-git amazon-linux-2023-upgrade-git-all amazon-linux-2023-upgrade-git-core amazon-linux-2023-upgrade-git-core-debuginfo amazon-linux-2023-upgrade-git-core-doc amazon-linux-2023-upgrade-git-credential-libsecret amazon-linux-2023-upgrade-git-credential-libsecret-debuginfo amazon-linux-2023-upgrade-git-cvs amazon-linux-2023-upgrade-git-daemon amazon-linux-2023-upgrade-git-daemon-debuginfo amazon-linux-2023-upgrade-git-debuginfo amazon-linux-2023-upgrade-git-debugsource amazon-linux-2023-upgrade-git-email amazon-linux-2023-upgrade-git-gui amazon-linux-2023-upgrade-git-instaweb amazon-linux-2023-upgrade-gitk amazon-linux-2023-upgrade-git-p4 amazon-linux-2023-upgrade-git-subtree amazon-linux-2023-upgrade-git-svn amazon-linux-2023-upgrade-gitweb amazon-linux-2023-upgrade-perl-git amazon-linux-2023-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2024-32002 CVE - 2024-32002 https://alas.aws.amazon.com/AL2023/ALAS-2024-623.html

Amazon Linux 2023: CVE-2024-32004: Important priority package update for git Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources. A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target&apos;s local system. If the victim clones this repository, the attacker can execute arbitrary code. Solution(s) amazon-linux-2023-upgrade-git amazon-linux-2023-upgrade-git-all amazon-linux-2023-upgrade-git-core amazon-linux-2023-upgrade-git-core-debuginfo amazon-linux-2023-upgrade-git-core-doc amazon-linux-2023-upgrade-git-credential-libsecret amazon-linux-2023-upgrade-git-credential-libsecret-debuginfo amazon-linux-2023-upgrade-git-cvs amazon-linux-2023-upgrade-git-daemon amazon-linux-2023-upgrade-git-daemon-debuginfo amazon-linux-2023-upgrade-git-debuginfo amazon-linux-2023-upgrade-git-debugsource amazon-linux-2023-upgrade-git-email amazon-linux-2023-upgrade-git-gui amazon-linux-2023-upgrade-git-instaweb amazon-linux-2023-upgrade-gitk amazon-linux-2023-upgrade-git-p4 amazon-linux-2023-upgrade-git-subtree amazon-linux-2023-upgrade-git-svn amazon-linux-2023-upgrade-gitweb amazon-linux-2023-upgrade-perl-git amazon-linux-2023-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2024-32004 CVE - 2024-32004 https://alas.aws.amazon.com/AL2023/ALAS-2024-623.html

Adobe Illustrator: CVE-2024-20791: Security updates available for Adobe Illustrator (APSB24-30) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory leak. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-20791 CVE - 2024-20791 https://helpx.adobe.com/security/products/illustrator/apsb24-30.html

Adobe Illustrator: CVE-2024-20792: Security updates available for Adobe Illustrator (APSB24-30) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory leak. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-20792 CVE - 2024-20792 https://helpx.adobe.com/security/products/illustrator/apsb24-30.html

Red Hat OpenShift: CVE-2024-3727: containers/image: digest type does not guarantee valid type Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/28/2024 Added 06/28/2024 Modified 01/20/2025 Description A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. Solution(s) linuxrpm-upgrade-cri-o linuxrpm-upgrade-podman linuxrpm-upgrade-rhcos linuxrpm-upgrade-skopeo References https://attackerkb.com/topics/cve-2024-3727 CVE - 2024-3727 RHSA-2024:0045 RHSA-2024:3718 RHSA-2024:4159 RHSA-2024:4613 RHSA-2024:4850 RHSA-2024:4960 RHSA-2024:5258 RHSA-2024:5951 RHSA-2024:6054 RHSA-2024:6708 RHSA-2024:6818 RHSA-2024:6824 RHSA-2024:7164 RHSA-2024:7174 RHSA-2024:7182 RHSA-2024:7187 RHSA-2024:7922 RHSA-2024:7941 RHSA-2024:8260 RHSA-2024:8425 RHSA-2024:9097 RHSA-2024:9098 RHSA-2024:9102 RHSA-2024:9960 View more

Adobe Animate: CVE-2024-30296: Security updates available for Adobe Animate (APSB24-36) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-30296 CVE - 2024-30296 https://helpx.adobe.com/security/products/animate/apsb24-36.html

Amazon Linux AMI 2: CVE-2024-27397: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 09/06/2024 Added 09/05/2024 Modified 09/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to use the timestamp, this avoids that an element expires while control plane transaction is still unfinished. .lookup and .update, which are used from packet path, still use the current time to check if the element has expired. And .get path and dump also since this runs lockless under rcu read size lock. Then, there is async gc which also needs to check the current time since it runs asynchronously from a workqueue. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-224-212-876 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-165-110-161 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2024-27397 AL2/ALASKERNEL-5.10-2024-069 AL2/ALASKERNEL-5.15-2024-051 AL2/ALASKERNEL-5.4-2024-083 CVE - 2024-27397

Adobe Animate: CVE-2024-30297: Security updates available for Adobe Animate (APSB24-36) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-30297 CVE - 2024-30297 https://helpx.adobe.com/security/products/animate/apsb24-36.html

Adobe Animate: CVE-2024-30294: Security updates available for Adobe Animate (APSB24-36) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-30294 CVE - 2024-30294 https://helpx.adobe.com/security/products/animate/apsb24-36.html