ISHACK AI BOT

Ubuntu: USN-6749-1 (CVE-2024-32040): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/25/2024 Added 04/25/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). Solution(s) ubuntu-upgrade-libfreerdp2-2 References https://attackerkb.com/topics/cve-2024-32040 CVE - 2024-32040 USN-6749-1

Ubuntu: USN-6749-1 (CVE-2024-32041): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/25/2024 Added 04/25/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. Solution(s) ubuntu-upgrade-libfreerdp2-2 References https://attackerkb.com/topics/cve-2024-32041 CVE - 2024-32041 USN-6749-1

Red Hat OpenShift: CVE-2024-3177: kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 06/28/2024 Added 06/28/2024 Modified 10/10/2024 Description A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. Solution(s) linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift References https://attackerkb.com/topics/cve-2024-3177 CVE - 2024-3177 RHSA-2024:0043 RHSA-2024:2054

Ubuntu: USN-6749-1 (CVE-2024-32458): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/25/2024 Added 04/25/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). Solution(s) ubuntu-upgrade-libfreerdp2-2 References https://attackerkb.com/topics/cve-2024-32458 CVE - 2024-32458 USN-6749-1

Ubuntu: USN-6749-1 (CVE-2024-32039): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/25/2024 Added 04/25/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). Solution(s) ubuntu-upgrade-libfreerdp2-2 References https://attackerkb.com/topics/cve-2024-32039 CVE - 2024-32039 USN-6749-1

SUSE: CVE-2024-3177: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/24/2024 Added 04/24/2024 Modified 09/12/2024 Description A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. Solution(s) suse-upgrade-kubernetes1-23-apiserver suse-upgrade-kubernetes1-23-client suse-upgrade-kubernetes1-23-client-bash-completion suse-upgrade-kubernetes1-23-client-common suse-upgrade-kubernetes1-23-client-fish-completion suse-upgrade-kubernetes1-23-controller-manager suse-upgrade-kubernetes1-23-kubeadm suse-upgrade-kubernetes1-23-kubelet suse-upgrade-kubernetes1-23-kubelet-common suse-upgrade-kubernetes1-23-proxy suse-upgrade-kubernetes1-23-scheduler suse-upgrade-kubernetes1-24-apiserver suse-upgrade-kubernetes1-24-client suse-upgrade-kubernetes1-24-client-bash-completion suse-upgrade-kubernetes1-24-client-common suse-upgrade-kubernetes1-24-client-fish-completion suse-upgrade-kubernetes1-24-controller-manager suse-upgrade-kubernetes1-24-kubeadm suse-upgrade-kubernetes1-24-kubelet suse-upgrade-kubernetes1-24-kubelet-common suse-upgrade-kubernetes1-24-proxy suse-upgrade-kubernetes1-24-scheduler References https://attackerkb.com/topics/cve-2024-3177 CVE - 2024-3177

CrushFTP: CVE-2024-4040: VFS Sandbox Escape in CrushFTP Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/22/2024 Created 04/24/2024 Added 04/24/2024 Modified 11/20/2024 Description VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. Solution(s) crushftp-cve-2024-4040 References https://attackerkb.com/topics/cve-2024-4040 CVE - 2024-4040 https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/

Debian: CVE-2024-3177: kubernetes -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 07/31/2024 Added 07/30/2024 Modified 09/12/2024 Description A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. Solution(s) debian-upgrade-kubernetes References https://attackerkb.com/topics/cve-2024-3177 CVE - 2024-3177

VMware Photon OS: CVE-2024-3177 Severity 3 CVSS (AV:N/AC:L/Au:M/C:P/I:N/A:N) Published 04/22/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-3177 CVE - 2024-3177

Oracle Linux: CVE-2024-32039: ELSA-2024-9092:freerdp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/22/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/25/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). A flaw was found in FreeRDP-based clients. Affected versions of FreeRDP are vulnerable to an integer overflow and out-of-bounds write. This issue occurs when the sum of the `runLengthFactor`and `pixelIndex` values become large enough to overflow the uint32 type and bypass an error check when clearing residual data. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32039 CVE - 2024-32039 ELSA-2024-9092

Amazon Linux AMI 2: CVE-2024-32040: Security patch for freerdp (ALAS-2024-2537) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 05/16/2024 Added 05/16/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32040 AL2/ALAS-2024-2537 CVE - 2024-32040

Amazon Linux AMI 2: CVE-2024-32460: Security patch for freerdp (ALAS-2024-2537) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 05/16/2024 Added 05/16/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32460 AL2/ALAS-2024-2537 CVE - 2024-32460

SUSE: CVE-2024-32039: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 05/13/2024 Added 05/13/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2024-32039 CVE - 2024-32039

Ubuntu: USN-6749-1 (CVE-2024-32459): FreeRDP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/25/2024 Added 04/25/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. Solution(s) ubuntu-upgrade-libfreerdp2-2 References https://attackerkb.com/topics/cve-2024-32459 CVE - 2024-32459 USN-6749-1

Red Hat: CVE-2024-32039: freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/22/2024 Created 11/14/2024 Added 11/13/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2024-32039 RHSA-2024:9092

Amazon Linux AMI 2: CVE-2024-32459: Security patch for freerdp (ALAS-2024-2537) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 05/16/2024 Added 05/16/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32459 AL2/ALAS-2024-2537 CVE - 2024-32459

Red Hat: CVE-2024-32041: freerdp: OutOfBound Read in zgfx_decompress_segment (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 11/14/2024 Added 11/13/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2024-32041 RHSA-2024:9092

pfSense: pfSense-SA-24_01.webgui: Local File Inclusion Vulnerability in the pfSense WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/24/2024 Added 04/24/2024 Modified 04/25/2024 Description A potential Local File Include (LFI) vulnerability was discovered in the DNS Resolver Python Module Script include mechanism. When the DNS Resolver Python Module function is enabled and a Python Module Script is present, the system also looks for a PHP file to include for additional related functions. The filename for this code starts with the same name as the Python script and ends with "_include.inc". Though the Python script is tested/validated by Unbound to ensure it is viable, the PHP include is handled separately. This problem is present on pfSense Plus version 23.09.1, pfSense CE version 2.7.2, and earlier versions of both. A user with sufficient access to the DNS resolver and an ability to write arbitrary files on the firewall could run arbitrary PHP code included during Python script initialization/testing due to lack of path traversal protection and validation of the Python script name. To take advantage of this, the user must be logged in, must be able to write files with a specific name on the firewall filesystem, and must have access to the DNS Resolver settings. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-24_01.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/15135

pfSense: pfSense-SA-24_02.webgui: Stored XSS vulnerability in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/24/2024 Added 04/24/2024 Modified 04/25/2024 Description A potential stored Cross-Site Scripting (XSS) vulnerability was found in services_acb_settings.php, a component of the Auto Config Backup feature in the pfSense Plus and pfSense CE software GUI. The page does not validate or sanitize the value of the "frequency" parameter, which is stored in config.xml and may be printed without encoding inside a block of JavaScript code. This problem is present on pfSense Plus version 23.09.1, pfSense CE version 2.7.2, and earlier versions of both. Due to the lack of proper encoding on the affected parameters susceptible to XSS, arbitrary JavaScript could be executed in the user's browser. Because the value is stored, the attacker could also trick another administrator into visiting the compromised page. The target user's session cookie or other information from the session may be compromised. The user must be logged in, have sufficient privileges to access services_acb_settings.php, and have privileges to make changes to the configuration. Users with access to Auto Config Backup and its settings effectively have full administrator access, making this a moot point in nearly all cases. However, it is theoretically possible that a user might only be granted access to the settings tab and not the tabs which manage configuration files. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-24_02.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/15224

Red Hat: CVE-2024-32040: freerdp: integer underflow in nsc_rle_decode (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 11/14/2024 Added 11/13/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). Solution(s) redhat-upgrade-freerdp redhat-upgrade-freerdp-debuginfo redhat-upgrade-freerdp-debugsource redhat-upgrade-freerdp-devel redhat-upgrade-freerdp-libs redhat-upgrade-freerdp-libs-debuginfo redhat-upgrade-libwinpr redhat-upgrade-libwinpr-debuginfo redhat-upgrade-libwinpr-devel References CVE-2024-32040 RHSA-2024:9092

Amazon Linux AMI 2: CVE-2024-32041: Security patch for freerdp (ALAS-2024-2537) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 05/16/2024 Added 05/16/2024 Modified 02/06/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2024-32041 AL2/ALAS-2024-2537 CVE - 2024-32041

pfSense: pfSense-SA-24_03.webgui: Multiple XSS vulnerabilities in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/22/2024 Created 04/24/2024 Added 04/24/2024 Modified 04/25/2024 Description Multiple potential Cross-Site Scripting (XSS) vulnerabilities were found in PHP error display formatting. PHP error messages are plain text, not HTML, but the GUI formats them as HTML when displaying errors in-line on all pages. The PHP Error log display function on crash_reporter.php also also displays the PHP Error log file content without encoding. Additionally, PHP prints function arguments in the stack trace which may contain user input. This problem is present on pfSense Plus version 23.09.1, pfSense CE version 2.7.2, and earlier versions of both. Combined, these issues have a potential to lead to an XSS if the user can login, trigger a PHP error, and influence the arguments displayed in the stack trace. Due to the lack of proper encoding on the affected output susceptible to XSS, arbitrary JavaScript could be executed in the user's browser. The user's session cookie or other information from the session may be compromised. Only the first 15 characters of user input are printed in the function arguments, severely limiting the potential exposure. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-24_03.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/15263 https://redmine.pfsense.org/issues/15264

Debian: CVE-2023-51793: ffmpeg -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/17/2024 Added 06/17/2024 Modified 06/17/2024 Description Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. Solution(s) debian-upgrade-ffmpeg References https://attackerkb.com/topics/cve-2023-51793 CVE - 2023-51793 DSA-5712-1

Debian: CVE-2023-49502: ffmpeg -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 10/24/2024 Added 10/23/2024 Modified 10/23/2024 Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Solution(s) debian-upgrade-ffmpeg References https://attackerkb.com/topics/cve-2023-49502 CVE - 2023-49502 DLA-3928-1

Azul Zulu: CVE-2024-21002: Vulnerability in the JavaFX component Severity 1 CVSS (AV:L/AC:H/Au:N/C:N/I:P/A:N) Published 04/19/2024 Created 04/24/2024 Added 04/19/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2024-21002 CVE - 2024-21002 https://www.azul.com/downloads/