ISHACK AI BOT

Amazon Linux 2023: CVE-2024-27282: Medium priority package update for ruby3.2 Severity 6 CVSS (AV:L/AC:L/Au:N/C:C/I:P/A:P) Published 04/23/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. Solution(s) amazon-linux-2023-upgrade-ruby3-2 amazon-linux-2023-upgrade-ruby3-2-bundled-gems amazon-linux-2023-upgrade-ruby3-2-bundled-gems-debuginfo amazon-linux-2023-upgrade-ruby3-2-debuginfo amazon-linux-2023-upgrade-ruby3-2-debugsource amazon-linux-2023-upgrade-ruby3-2-default-gems amazon-linux-2023-upgrade-ruby3-2-devel amazon-linux-2023-upgrade-ruby3-2-doc amazon-linux-2023-upgrade-ruby3-2-libs amazon-linux-2023-upgrade-ruby3-2-libs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bundler amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-irb amazon-linux-2023-upgrade-ruby3-2-rubygem-json amazon-linux-2023-upgrade-ruby3-2-rubygem-json-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-minitest amazon-linux-2023-upgrade-ruby3-2-rubygem-power-assert amazon-linux-2023-upgrade-ruby3-2-rubygem-psych amazon-linux-2023-upgrade-ruby3-2-rubygem-psych-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rake amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rdoc amazon-linux-2023-upgrade-ruby3-2-rubygem-rexml amazon-linux-2023-upgrade-ruby3-2-rubygem-rss amazon-linux-2023-upgrade-ruby3-2-rubygems amazon-linux-2023-upgrade-ruby3-2-rubygems-devel amazon-linux-2023-upgrade-ruby3-2-rubygem-test-unit amazon-linux-2023-upgrade-ruby3-2-rubygem-typeprof References https://attackerkb.com/topics/cve-2024-27282 CVE - 2024-27282 https://alas.aws.amazon.com/AL2023/ALAS-2024-704.html

Huawei EulerOS: CVE-2024-26922: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 07/16/2024 Added 07/16/2024 Modified 07/16/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-26922 CVE - 2024-26922 EulerOS-SA-2024-1887

Debian: CVE-2024-28130: dcmtk -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) debian-upgrade-dcmtk References https://attackerkb.com/topics/cve-2024-28130 CVE - 2024-28130 DLA-3847-1

Debian: CVE-2024-26922: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 05/08/2024 Added 05/08/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-26922 CVE - 2024-26922 DSA-5680-1 DSA-5681-1

SUSE: CVE-2024-26922: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 05/15/2024 Added 05/15/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-26922 CVE - 2024-26922

Oracle Linux: CVE-2024-32662: ELSA-2024-9092:freerdp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/23/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/25/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available. A flaw was found in FreeRDP-based clients. Affected versions of FreeRDP are vulnerable to an out-of-bounds read. This issue occurs when the `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32662 CVE - 2024-32662 ELSA-2024-9092

Ubuntu: (Multiple Advisories) (CVE-2024-32661): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 04/26/2024 Added 04/26/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) ubuntu-upgrade-libfreerdp2-2 ubuntu-upgrade-libfreerdp3-3 References https://attackerkb.com/topics/cve-2024-32661 CVE - 2024-32661 USN-6752-1 USN-6759-1

Alpine Linux: CVE-2024-31208: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 04/23/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API. Solution(s) alpine-linux-upgrade-synapse References https://attackerkb.com/topics/cve-2024-31208 CVE - 2024-31208 https://security.alpinelinux.org/vuln/CVE-2024-31208

Red Hat: CVE-2024-26922: kernel: drm/amdgpu: validate the parameters of bo mapping operations more clearly (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/23/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-26922 RHSA-2024:9315

Ubuntu: (Multiple Advisories) (CVE-2024-32660): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 04/26/2024 Added 04/26/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) ubuntu-upgrade-libfreerdp2-2 ubuntu-upgrade-libfreerdp3-3 References https://attackerkb.com/topics/cve-2024-32660 CVE - 2024-32660 USN-6752-1 USN-6759-1

Oracle Linux: CVE-2024-27282: ELSA-2024-3668:ruby:3.1 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:C/I:P/A:P) Published 04/23/2024 Created 06/04/2024 Added 06/01/2024 Modified 01/08/2025 Description An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. Solution(s) oracle-linux-upgrade-ruby oracle-linux-upgrade-ruby-bundled-gems oracle-linux-upgrade-ruby-default-gems oracle-linux-upgrade-ruby-devel oracle-linux-upgrade-ruby-doc oracle-linux-upgrade-rubygem-abrt oracle-linux-upgrade-rubygem-abrt-doc oracle-linux-upgrade-rubygem-bigdecimal oracle-linux-upgrade-rubygem-bson oracle-linux-upgrade-rubygem-bson-doc oracle-linux-upgrade-rubygem-bundler oracle-linux-upgrade-rubygem-bundler-doc oracle-linux-upgrade-rubygem-did-you-mean oracle-linux-upgrade-rubygem-io-console oracle-linux-upgrade-rubygem-irb oracle-linux-upgrade-rubygem-json oracle-linux-upgrade-rubygem-minitest oracle-linux-upgrade-rubygem-mongo oracle-linux-upgrade-rubygem-mongo-doc oracle-linux-upgrade-rubygem-mysql2 oracle-linux-upgrade-rubygem-mysql2-doc oracle-linux-upgrade-rubygem-net-telnet oracle-linux-upgrade-rubygem-openssl oracle-linux-upgrade-rubygem-pg oracle-linux-upgrade-rubygem-pg-doc oracle-linux-upgrade-rubygem-power-assert oracle-linux-upgrade-rubygem-psych oracle-linux-upgrade-rubygem-racc oracle-linux-upgrade-rubygem-rake oracle-linux-upgrade-rubygem-rbs oracle-linux-upgrade-rubygem-rdoc oracle-linux-upgrade-rubygem-rexml oracle-linux-upgrade-rubygem-rss oracle-linux-upgrade-rubygems oracle-linux-upgrade-rubygems-devel oracle-linux-upgrade-rubygem-test-unit oracle-linux-upgrade-rubygem-typeprof oracle-linux-upgrade-rubygem-xmlrpc oracle-linux-upgrade-ruby-irb oracle-linux-upgrade-ruby-libs References https://attackerkb.com/topics/cve-2024-27282 CVE - 2024-27282 ELSA-2024-3668 ELSA-2024-3671 ELSA-2024-4499 ELSA-2024-3500 ELSA-2024-3546 ELSA-2024-3670 ELSA-2024-3838 View more

Debian: CVE-2023-50186: gst-plugins-bad1.0 -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/23/2024 Created 04/24/2024 Added 04/23/2024 Modified 01/28/2025 Description GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300. Solution(s) debian-upgrade-gst-plugins-bad1-0 References https://attackerkb.com/topics/cve-2023-50186 CVE - 2023-50186 DSA-5583-1

Oracle Linux: CVE-2024-32660: ELSA-2024-9092:freerdp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/23/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/25/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32660 CVE - 2024-32660 ELSA-2024-9092

Oracle Linux: CVE-2024-32659: ELSA-2024-9092:freerdp security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 04/23/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/25/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32659 CVE - 2024-32659 ELSA-2024-9092

SUSE: CVE-2024-3447: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 04/24/2024 Added 04/24/2024 Modified 11/18/2024 Description A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of`s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-oss suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-sdl suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-img suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-pr-helper suse-upgrade-qemu-s390 suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-sdl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2024-3447 CVE - 2024-3447

Ubuntu: (Multiple Advisories) (CVE-2024-32658): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 04/26/2024 Added 04/26/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) ubuntu-upgrade-libfreerdp2-2 ubuntu-upgrade-libfreerdp3-3 References https://attackerkb.com/topics/cve-2024-32658 CVE - 2024-32658 USN-6752-1 USN-6759-1

Ubuntu: USN-6759-1 (CVE-2024-32662): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/23/2024 Created 04/30/2024 Added 04/30/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Solution(s) ubuntu-upgrade-libfreerdp3-3 References https://attackerkb.com/topics/cve-2024-32662 CVE - 2024-32662 USN-6759-1

Huawei EulerOS: CVE-2024-32041: freerdp security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 01/23/2025 Added 01/21/2025 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2024-32041 CVE - 2024-32041 EulerOS-SA-2025-1120

Huawei EulerOS: CVE-2024-32040: freerdp security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 01/23/2025 Added 01/21/2025 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2024-32040 CVE - 2024-32040 EulerOS-SA-2025-1120

Huawei EulerOS: CVE-2024-32459: freerdp security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 01/23/2025 Added 01/21/2025 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2024-32459 CVE - 2024-32459 EulerOS-SA-2025-1120

Huawei EulerOS: CVE-2024-32039: freerdp security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 01/23/2025 Added 01/21/2025 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). Solution(s) huawei-euleros-2_0_sp8-upgrade-freerdp huawei-euleros-2_0_sp8-upgrade-freerdp-libs huawei-euleros-2_0_sp8-upgrade-libwinpr References https://attackerkb.com/topics/cve-2024-32039 CVE - 2024-32039 EulerOS-SA-2025-1120

CVE-2024-27348: RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/22/2024 Created 08/16/2024 Added 07/19/2024 Modified 09/19/2024 Description In Apache HugeGraph Server versions before 1.3.0, an attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server. Solution(s) apache-hugegraph-upgrade-latest References https://attackerkb.com/topics/cve-2024-27348 CVE - 2024-27348

Red Hat: CVE-2024-32460: freerdp: OutOfBound Read in interleaved_decompress (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 11/14/2024 Added 11/13/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2024-32460 RHSA-2024:9092

pfSense: pfSense-SA-24_04.webgui: XSS vulnerability in vendor files used by the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/24/2024 Added 04/24/2024 Modified 04/25/2024 Description A potential Cross-Site Scripting (XSS) vulnerability was identified in jquery-treegrid unit testing files. The pfSense Plus and pfSense CE software GUI includes the jquery-treegrid library for use in the disks widget on the Dashboard. The jquery-treegrid library includes unit testing files for a bundled unit testing library (QUnit). That unit testing library has multiple issues, including a known XSS vulnerability. This problem is present on pfSense Plus version 23.09.1, pfSense CE version 2.7.2, and earlier versions of both. Due to the lack of proper encoding on the affected parameters susceptible to XSS, arbitrary JavaScript could be executed in the user's browser. The user's session cookie or other information from the session may be compromised. These static vendor library files are accessible to users who are not logged into the GUI. Only access to the web server at a network level is required. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-24_04.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/15265

Ubuntu: USN-6749-1 (CVE-2024-32040): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/25/2024 Added 04/25/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). Solution(s) ubuntu-upgrade-libfreerdp2-2 References https://attackerkb.com/topics/cve-2024-32040 CVE - 2024-32040 USN-6749-1