ISHACK AI BOT

Cisco FTD: CVE-2024-20353: Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/24/2024 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2024-20353 CVE - 2024-20353 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2 cisco-sa-asaftd-websrvs-dos-X8gNucD2

Oracle Linux: CVE-2024-26924: ELSA-2024-8856:kernel security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/24/2024 Created 11/13/2024 Added 11/11/2024 Modified 01/07/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern.Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano) Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2024-26924 CVE - 2024-26924 ELSA-2024-8856

Red Hat: CVE-2024-23271: webkitgtk: A malicious website may cause unexpected cross-origin behavior (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 04/24/2024 Created 10/18/2024 Added 10/18/2024 Modified 12/12/2024 Description A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2024-23271 RHSA-2024:8180 RHSA-2024:9636

Debian: CVE-2024-23271: webkit2gtk, wpewebkit -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/24/2024 Created 09/28/2024 Added 09/27/2024 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-23271 CVE - 2024-23271 DSA-5618-1

SUSE: CVE-2024-4141: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/24/2024 Created 06/04/2024 Added 06/04/2024 Modified 02/03/2025 Description Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. Solution(s) suse-upgrade-libpoppler-cpp0 suse-upgrade-libpoppler-cpp0-32bit suse-upgrade-libpoppler-devel suse-upgrade-libpoppler-glib-devel suse-upgrade-libpoppler-glib8 suse-upgrade-libpoppler-glib8-32bit suse-upgrade-libpoppler-qt4-4 suse-upgrade-libpoppler-qt4-devel suse-upgrade-libpoppler-qt5-1 suse-upgrade-libpoppler-qt5-1-32bit suse-upgrade-libpoppler-qt5-devel suse-upgrade-libpoppler-qt6-3 suse-upgrade-libpoppler-qt6-devel suse-upgrade-libpoppler117 suse-upgrade-libpoppler126 suse-upgrade-libpoppler126-32bit suse-upgrade-libpoppler44 suse-upgrade-libpoppler60 suse-upgrade-libpoppler89 suse-upgrade-poppler-tools suse-upgrade-typelib-1_0-poppler-0_18 References https://attackerkb.com/topics/cve-2024-4141 CVE - 2024-4141

Amazon Linux 2023: CVE-2024-26923: Medium priority package update for kernel Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 04/24/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V's fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr)sendmsg(S, [V]); close(V)__unix_gc() ---------------------------------------------------- NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected. A flaw was found in the Linux kernel, where the management of inter-process communication uses AF_UNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCM_RIGHTS is improperly handled during garbage collection. This situation leads to an incorrect count of active sockets, potentially causing resources to remain unaccounted for and never released. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-87-99-174 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-26923 CVE - 2024-26923 https://alas.aws.amazon.com/AL2023/ALAS-2024-613.html

SUSE: CVE-2024-26923: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/25/2024 Created 06/24/2024 Added 06/24/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V's fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc() ---------------- ------------------------- ----------- NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-ec2 suse-upgrade-kernel-ec2-base suse-upgrade-kernel-ec2-devel suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-trace suse-upgrade-kernel-trace-base suse-upgrade-kernel-trace-devel suse-upgrade-kernel-xen suse-upgrade-kernel-xen-base suse-upgrade-kernel-xen-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-26923 CVE - 2024-26923

Alma Linux: CVE-2024-26925: Important: kernel security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/25/2024 Created 08/13/2024 Added 08/12/2024 Modified 11/04/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2024-26925 CVE - 2024-26925 https://errata.almalinux.org/8/ALSA-2024-5101.html https://errata.almalinux.org/8/ALSA-2024-5102.html https://errata.almalinux.org/9/ALSA-2024-5928.html

Rocky Linux: CVE-2024-26923: kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/25/2024 Created 10/03/2024 Added 10/02/2024 Modified 11/19/2024 Description In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V's fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc() ---------------- ------------------------- ----------- NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-devel-matched rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-core rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debug-uki-virt rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-devel rocky-upgrade-kernel-devel-matched rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-core rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-kernel-uki-virt rocky-upgrade-kernel-zfcpdump rocky-upgrade-kernel-zfcpdump-core rocky-upgrade-kernel-zfcpdump-debuginfo rocky-upgrade-kernel-zfcpdump-devel rocky-upgrade-kernel-zfcpdump-devel-matched rocky-upgrade-kernel-zfcpdump-modules rocky-upgrade-kernel-zfcpdump-modules-core rocky-upgrade-kernel-zfcpdump-modules-extra rocky-upgrade-libperf rocky-upgrade-libperf-debuginfo rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo rocky-upgrade-rtla rocky-upgrade-rv References https://attackerkb.com/topics/cve-2024-26923 CVE - 2024-26923 https://errata.rockylinux.org/RLSA-2024:7001 https://errata.rockylinux.org/RLSA-2024:8617

Apple iTunes security update for CVE-2022-48611 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/25/2024 Created 04/25/2024 Added 04/25/2024 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. Solution(s) apple-itunes-upgrade-12_12_4 References https://attackerkb.com/topics/cve-2022-48611 CVE - 2022-48611 http://support.apple.com/kb/HT213259

Ubuntu: (CVE-2024-23271): webkit2gtk vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/24/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-23271 CVE - 2024-23271 https://webkitgtk.org/security/WSA-2024-0005.html https://www.cve.org/CVERecord?id=CVE-2024-23271

Alma Linux: CVE-2024-23271: Important: webkit2gtk3 security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/24/2024 Created 10/22/2024 Added 10/21/2024 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2024-23271 CVE - 2024-23271 https://errata.almalinux.org/8/ALSA-2024-9636.html https://errata.almalinux.org/9/ALSA-2024-8180.html

Oracle Linux: CVE-2024-33599: ELSA-2024-3344:glibc security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:C) Published 04/23/2024 Created 06/01/2024 Added 05/30/2024 Modified 12/24/2024 Description nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow.This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity. Solution(s) oracle-linux-upgrade-compat-libpthread-nonshared oracle-linux-upgrade-glibc oracle-linux-upgrade-glibc-all-langpacks oracle-linux-upgrade-glibc-benchtests oracle-linux-upgrade-glibc-common oracle-linux-upgrade-glibc-devel oracle-linux-upgrade-glibc-doc oracle-linux-upgrade-glibc-gconv-extra oracle-linux-upgrade-glibc-headers oracle-linux-upgrade-glibc-langpack-aa oracle-linux-upgrade-glibc-langpack-af oracle-linux-upgrade-glibc-langpack-agr oracle-linux-upgrade-glibc-langpack-ak oracle-linux-upgrade-glibc-langpack-am oracle-linux-upgrade-glibc-langpack-an oracle-linux-upgrade-glibc-langpack-anp oracle-linux-upgrade-glibc-langpack-ar oracle-linux-upgrade-glibc-langpack-as oracle-linux-upgrade-glibc-langpack-ast oracle-linux-upgrade-glibc-langpack-ayc oracle-linux-upgrade-glibc-langpack-az oracle-linux-upgrade-glibc-langpack-be oracle-linux-upgrade-glibc-langpack-bem oracle-linux-upgrade-glibc-langpack-ber oracle-linux-upgrade-glibc-langpack-bg oracle-linux-upgrade-glibc-langpack-bhb oracle-linux-upgrade-glibc-langpack-bho oracle-linux-upgrade-glibc-langpack-bi oracle-linux-upgrade-glibc-langpack-bn oracle-linux-upgrade-glibc-langpack-bo oracle-linux-upgrade-glibc-langpack-br oracle-linux-upgrade-glibc-langpack-brx oracle-linux-upgrade-glibc-langpack-bs oracle-linux-upgrade-glibc-langpack-byn oracle-linux-upgrade-glibc-langpack-ca oracle-linux-upgrade-glibc-langpack-ce oracle-linux-upgrade-glibc-langpack-chr oracle-linux-upgrade-glibc-langpack-ckb oracle-linux-upgrade-glibc-langpack-cmn oracle-linux-upgrade-glibc-langpack-crh oracle-linux-upgrade-glibc-langpack-cs oracle-linux-upgrade-glibc-langpack-csb oracle-linux-upgrade-glibc-langpack-cv oracle-linux-upgrade-glibc-langpack-cy oracle-linux-upgrade-glibc-langpack-da oracle-linux-upgrade-glibc-langpack-de oracle-linux-upgrade-glibc-langpack-doi oracle-linux-upgrade-glibc-langpack-dsb oracle-linux-upgrade-glibc-langpack-dv oracle-linux-upgrade-glibc-langpack-dz oracle-linux-upgrade-glibc-langpack-el oracle-linux-upgrade-glibc-langpack-en oracle-linux-upgrade-glibc-langpack-eo oracle-linux-upgrade-glibc-langpack-es oracle-linux-upgrade-glibc-langpack-et oracle-linux-upgrade-glibc-langpack-eu oracle-linux-upgrade-glibc-langpack-fa oracle-linux-upgrade-glibc-langpack-ff oracle-linux-upgrade-glibc-langpack-fi oracle-linux-upgrade-glibc-langpack-fil oracle-linux-upgrade-glibc-langpack-fo oracle-linux-upgrade-glibc-langpack-fr oracle-linux-upgrade-glibc-langpack-fur oracle-linux-upgrade-glibc-langpack-fy oracle-linux-upgrade-glibc-langpack-ga oracle-linux-upgrade-glibc-langpack-gd oracle-linux-upgrade-glibc-langpack-gez oracle-linux-upgrade-glibc-langpack-gl oracle-linux-upgrade-glibc-langpack-gu oracle-linux-upgrade-glibc-langpack-gv oracle-linux-upgrade-glibc-langpack-ha oracle-linux-upgrade-glibc-langpack-hak oracle-linux-upgrade-glibc-langpack-he oracle-linux-upgrade-glibc-langpack-hi oracle-linux-upgrade-glibc-langpack-hif oracle-linux-upgrade-glibc-langpack-hne oracle-linux-upgrade-glibc-langpack-hr oracle-linux-upgrade-glibc-langpack-hsb oracle-linux-upgrade-glibc-langpack-ht oracle-linux-upgrade-glibc-langpack-hu oracle-linux-upgrade-glibc-langpack-hy oracle-linux-upgrade-glibc-langpack-ia oracle-linux-upgrade-glibc-langpack-id oracle-linux-upgrade-glibc-langpack-ig oracle-linux-upgrade-glibc-langpack-ik oracle-linux-upgrade-glibc-langpack-is oracle-linux-upgrade-glibc-langpack-it oracle-linux-upgrade-glibc-langpack-iu oracle-linux-upgrade-glibc-langpack-ja oracle-linux-upgrade-glibc-langpack-ka oracle-linux-upgrade-glibc-langpack-kab oracle-linux-upgrade-glibc-langpack-kk oracle-linux-upgrade-glibc-langpack-kl oracle-linux-upgrade-glibc-langpack-km oracle-linux-upgrade-glibc-langpack-kn oracle-linux-upgrade-glibc-langpack-ko oracle-linux-upgrade-glibc-langpack-kok oracle-linux-upgrade-glibc-langpack-ks oracle-linux-upgrade-glibc-langpack-ku oracle-linux-upgrade-glibc-langpack-kw oracle-linux-upgrade-glibc-langpack-ky oracle-linux-upgrade-glibc-langpack-lb oracle-linux-upgrade-glibc-langpack-lg oracle-linux-upgrade-glibc-langpack-li oracle-linux-upgrade-glibc-langpack-lij oracle-linux-upgrade-glibc-langpack-ln oracle-linux-upgrade-glibc-langpack-lo oracle-linux-upgrade-glibc-langpack-lt oracle-linux-upgrade-glibc-langpack-lv oracle-linux-upgrade-glibc-langpack-lzh oracle-linux-upgrade-glibc-langpack-mag oracle-linux-upgrade-glibc-langpack-mai oracle-linux-upgrade-glibc-langpack-mfe oracle-linux-upgrade-glibc-langpack-mg oracle-linux-upgrade-glibc-langpack-mhr oracle-linux-upgrade-glibc-langpack-mi oracle-linux-upgrade-glibc-langpack-miq oracle-linux-upgrade-glibc-langpack-mjw oracle-linux-upgrade-glibc-langpack-mk oracle-linux-upgrade-glibc-langpack-ml oracle-linux-upgrade-glibc-langpack-mn oracle-linux-upgrade-glibc-langpack-mni oracle-linux-upgrade-glibc-langpack-mnw oracle-linux-upgrade-glibc-langpack-mr oracle-linux-upgrade-glibc-langpack-ms oracle-linux-upgrade-glibc-langpack-mt oracle-linux-upgrade-glibc-langpack-my oracle-linux-upgrade-glibc-langpack-nan oracle-linux-upgrade-glibc-langpack-nb oracle-linux-upgrade-glibc-langpack-nds oracle-linux-upgrade-glibc-langpack-ne oracle-linux-upgrade-glibc-langpack-nhn oracle-linux-upgrade-glibc-langpack-niu oracle-linux-upgrade-glibc-langpack-nl oracle-linux-upgrade-glibc-langpack-nn oracle-linux-upgrade-glibc-langpack-nr oracle-linux-upgrade-glibc-langpack-nso oracle-linux-upgrade-glibc-langpack-oc oracle-linux-upgrade-glibc-langpack-om oracle-linux-upgrade-glibc-langpack-or oracle-linux-upgrade-glibc-langpack-os oracle-linux-upgrade-glibc-langpack-pa oracle-linux-upgrade-glibc-langpack-pap oracle-linux-upgrade-glibc-langpack-pl oracle-linux-upgrade-glibc-langpack-ps oracle-linux-upgrade-glibc-langpack-pt oracle-linux-upgrade-glibc-langpack-quz oracle-linux-upgrade-glibc-langpack-raj oracle-linux-upgrade-glibc-langpack-ro oracle-linux-upgrade-glibc-langpack-ru oracle-linux-upgrade-glibc-langpack-rw oracle-linux-upgrade-glibc-langpack-sa oracle-linux-upgrade-glibc-langpack-sah oracle-linux-upgrade-glibc-langpack-sat oracle-linux-upgrade-glibc-langpack-sc oracle-linux-upgrade-glibc-langpack-sd oracle-linux-upgrade-glibc-langpack-se oracle-linux-upgrade-glibc-langpack-sgs oracle-linux-upgrade-glibc-langpack-shn oracle-linux-upgrade-glibc-langpack-shs oracle-linux-upgrade-glibc-langpack-si oracle-linux-upgrade-glibc-langpack-sid oracle-linux-upgrade-glibc-langpack-sk oracle-linux-upgrade-glibc-langpack-sl oracle-linux-upgrade-glibc-langpack-sm oracle-linux-upgrade-glibc-langpack-so oracle-linux-upgrade-glibc-langpack-sq oracle-linux-upgrade-glibc-langpack-sr oracle-linux-upgrade-glibc-langpack-ss oracle-linux-upgrade-glibc-langpack-st oracle-linux-upgrade-glibc-langpack-sv oracle-linux-upgrade-glibc-langpack-sw oracle-linux-upgrade-glibc-langpack-szl oracle-linux-upgrade-glibc-langpack-ta oracle-linux-upgrade-glibc-langpack-tcy oracle-linux-upgrade-glibc-langpack-te oracle-linux-upgrade-glibc-langpack-tg oracle-linux-upgrade-glibc-langpack-th oracle-linux-upgrade-glibc-langpack-the oracle-linux-upgrade-glibc-langpack-ti oracle-linux-upgrade-glibc-langpack-tig oracle-linux-upgrade-glibc-langpack-tk oracle-linux-upgrade-glibc-langpack-tl oracle-linux-upgrade-glibc-langpack-tn oracle-linux-upgrade-glibc-langpack-to oracle-linux-upgrade-glibc-langpack-tpi oracle-linux-upgrade-glibc-langpack-tr oracle-linux-upgrade-glibc-langpack-ts oracle-linux-upgrade-glibc-langpack-tt oracle-linux-upgrade-glibc-langpack-ug oracle-linux-upgrade-glibc-langpack-uk oracle-linux-upgrade-glibc-langpack-unm oracle-linux-upgrade-glibc-langpack-ur oracle-linux-upgrade-glibc-langpack-uz oracle-linux-upgrade-glibc-langpack-ve oracle-linux-upgrade-glibc-langpack-vi oracle-linux-upgrade-glibc-langpack-wa oracle-linux-upgrade-glibc-langpack-wae oracle-linux-upgrade-glibc-langpack-wal oracle-linux-upgrade-glibc-langpack-wo oracle-linux-upgrade-glibc-langpack-xh oracle-linux-upgrade-glibc-langpack-yi oracle-linux-upgrade-glibc-langpack-yo oracle-linux-upgrade-glibc-langpack-yue oracle-linux-upgrade-glibc-langpack-yuw oracle-linux-upgrade-glibc-langpack-zh oracle-linux-upgrade-glibc-langpack-zu oracle-linux-upgrade-glibc-locale-source oracle-linux-upgrade-glibc-minimal-langpack oracle-linux-upgrade-glibc-nss-devel oracle-linux-upgrade-glibc-static oracle-linux-upgrade-glibc-utils oracle-linux-upgrade-libnsl oracle-linux-upgrade-nscd oracle-linux-upgrade-nss-db oracle-linux-upgrade-nss-hesiod References https://attackerkb.com/topics/cve-2024-33599 CVE - 2024-33599 ELSA-2024-3344 ELSA-2024-12444 ELSA-2024-3588 ELSA-2024-12442 ELSA-2024-12440 ELSA-2024-12472 ELSA-2024-3339 View more

Huawei EulerOS: CVE-2024-32659: freerdp security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 01/23/2025 Added 01/21/2025 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2024-32659 CVE - 2024-32659 EulerOS-SA-2025-1120

Huawei EulerOS: CVE-2024-26922: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 07/23/2024 Added 07/23/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-26922 CVE - 2024-26922 EulerOS-SA-2024-2476

Oracle Linux: CVE-2024-32658: ELSA-2024-9092:freerdp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/23/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/25/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32658 CVE - 2024-32658 ELSA-2024-9092

Amazon Linux AMI 2: CVE-2024-32660: Security patch for freerdp (ALAS-2024-2537) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 06/11/2024 Added 06/11/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32660 AL2/ALAS-2024-2537 CVE - 2024-32660

SUSE: CVE-2024-32661: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 05/31/2024 Added 05/30/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libfreerdp2-2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-libwinpr2-2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2024-32661 CVE - 2024-32661

SUSE: CVE-2024-32659: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 05/31/2024 Added 05/30/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libfreerdp2-2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-libwinpr2-2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2024-32659 CVE - 2024-32659

Amazon Linux AMI 2: CVE-2024-32661: Security patch for freerdp (ALAS-2024-2563) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 06/14/2024 Added 06/13/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32661 AL2/ALAS-2024-2563 CVE - 2024-32661

SUSE: CVE-2024-32660: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 05/31/2024 Added 05/30/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libfreerdp2-2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-libwinpr2-2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2024-32660 CVE - 2024-32660

SUSE: CVE-2024-28130: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/23/2024 Created 04/26/2024 Added 04/26/2024 Modified 01/28/2025 Description An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) suse-upgrade-dcmtk suse-upgrade-dcmtk-devel suse-upgrade-libdcmtk18 References https://attackerkb.com/topics/cve-2024-28130 CVE - 2024-28130

Huawei EulerOS: CVE-2024-26922: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-26922 CVE - 2024-26922 EulerOS-SA-2024-1937

Flowmon Unauthenticated Command Injection Disclosed 04/23/2024 Created 05/29/2024 Description This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Author(s) Dave Yesland with Rhino Security Labs Platform Linux,Unix Architectures cmd Development Source Code History

VMware Photon OS: CVE-2024-26922 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-26922 CVE - 2024-26922