ISHACK AI BOT

Oracle Linux: CVE-2023-3758: ELSA-2024-3270:sssd security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:A/AC:H/Au:S/C:C/I:C/A:C) Published 04/16/2024 Created 05/22/2024 Added 05/08/2024 Modified 11/29/2024 Description A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Solution(s) oracle-linux-upgrade-libipa-hbac oracle-linux-upgrade-libsss-autofs oracle-linux-upgrade-libsss-certmap oracle-linux-upgrade-libsss-idmap oracle-linux-upgrade-libsss-nss-idmap oracle-linux-upgrade-libsss-nss-idmap-devel oracle-linux-upgrade-libsss-simpleifp oracle-linux-upgrade-libsss-sudo oracle-linux-upgrade-python3-libipa-hbac oracle-linux-upgrade-python3-libsss-nss-idmap oracle-linux-upgrade-python3-sss oracle-linux-upgrade-python3-sssdconfig oracle-linux-upgrade-python3-sss-murmur oracle-linux-upgrade-sssd oracle-linux-upgrade-sssd-ad oracle-linux-upgrade-sssd-client oracle-linux-upgrade-sssd-common oracle-linux-upgrade-sssd-common-pac oracle-linux-upgrade-sssd-dbus oracle-linux-upgrade-sssd-idp oracle-linux-upgrade-sssd-ipa oracle-linux-upgrade-sssd-kcm oracle-linux-upgrade-sssd-krb5 oracle-linux-upgrade-sssd-krb5-common oracle-linux-upgrade-sssd-ldap oracle-linux-upgrade-sssd-nfs-idmap oracle-linux-upgrade-sssd-passkey oracle-linux-upgrade-sssd-polkit-rules oracle-linux-upgrade-sssd-proxy oracle-linux-upgrade-sssd-tools oracle-linux-upgrade-sssd-winbind-idmap References https://attackerkb.com/topics/cve-2023-3758 CVE - 2023-3758 ELSA-2024-3270 ELSA-2024-2571

Ubuntu: USN-6823-1 (CVE-2024-21009): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 07/02/2024 Added 07/01/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21009 CVE - 2024-21009 USN-6823-1

Alma Linux: CVE-2024-3864: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/24/2024 Added 04/23/2024 Modified 09/19/2024 Description Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-3864 CVE - 2024-3864 https://errata.almalinux.org/8/ALSA-2024-1912.html https://errata.almalinux.org/8/ALSA-2024-1939.html https://errata.almalinux.org/9/ALSA-2024-1908.html https://errata.almalinux.org/9/ALSA-2024-1940.html

AdoptOpenJDK: CVE-2024-21012: Vulnerability with Networking component Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 04/29/2024 Added 04/26/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) adoptopenjdk-upgrade-latest References https://attackerkb.com/topics/cve-2024-21012 CVE - 2024-21012 https://adoptopenjdk.net/releases

AdoptOpenJDK: CVE-2024-21094: Vulnerability with Hotspot component Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 04/29/2024 Added 04/26/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) adoptopenjdk-upgrade-latest References https://attackerkb.com/topics/cve-2024-21094 CVE - 2024-21094 https://adoptopenjdk.net/releases

AdoptOpenJDK: CVE-2024-21068: Vulnerability with Hotspot component Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 04/29/2024 Added 04/26/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) adoptopenjdk-upgrade-latest References https://attackerkb.com/topics/cve-2024-21068 CVE - 2024-21068 https://adoptopenjdk.net/releases

Java CPU April 2024 Oracle Java SE, Oracle GraalVM Enterprise Edition vulnerability (CVE-2024-21002) Severity 1 CVSS (AV:L/AC:H/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2024-21002 CVE - 2024-21002 http://www.oracle.com/security-alerts/cpuapr2024.html

Java CPU April 2024 Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition vulnerability (CVE-2024-21011) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2024-21011 CVE - 2024-21011 http://www.oracle.com/security-alerts/cpuapr2024.html

Java CPU April 2024 Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition vulnerability (CVE-2024-21068) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2024-21068 CVE - 2024-21068 http://www.oracle.com/security-alerts/cpuapr2024.html

Java CPU April 2024 Oracle Java SE, Oracle GraalVM Enterprise Edition vulnerability (CVE-2024-21003) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2024-21003 CVE - 2024-21003 http://www.oracle.com/security-alerts/cpuapr2024.html

MFSA2024-18 Firefox: Security Vulnerabilities fixed in Firefox 125 (CVE-2024-3858) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/18/2024 Description It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125. Solution(s) mozilla-firefox-upgrade-125_0 References https://attackerkb.com/topics/cve-2024-3858 CVE - 2024-3858 http://www.mozilla.org/security/announce/2024/mfsa2024-18.html

Java CPU April 2024 Oracle Java SE, Oracle GraalVM Enterprise Edition vulnerability (CVE-2024-21004) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 05/06/2024 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2024-21004 CVE - 2024-21004 http://www.oracle.com/security-alerts/cpuapr2024.html

MFSA2024-19 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.10 (CVE-2024-3857) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/22/2024 Description The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-firefox-esr-upgrade-115_10 References https://attackerkb.com/topics/cve-2024-3857 CVE - 2024-3857 http://www.mozilla.org/security/announce/2024/mfsa2024-19.html

MFSA2024-19 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.10 (CVE-2024-3864) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/26/2024 Description Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-firefox-esr-upgrade-115_10 References https://attackerkb.com/topics/cve-2024-3864 CVE - 2024-3864 http://www.mozilla.org/security/announce/2024/mfsa2024-19.html

MFSA2024-18 Firefox: Security Vulnerabilities fixed in Firefox 125 (CVE-2024-3859) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/22/2024 Description On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-firefox-upgrade-125_0 References https://attackerkb.com/topics/cve-2024-3859 CVE - 2024-3859 http://www.mozilla.org/security/announce/2024/mfsa2024-18.html

MFSA2024-19 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.10 (CVE-2024-3859) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/22/2024 Description On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-firefox-esr-upgrade-115_10 References https://attackerkb.com/topics/cve-2024-3859 CVE - 2024-3859 http://www.mozilla.org/security/announce/2024/mfsa2024-19.html

MFSA2024-18 Firefox: Security Vulnerabilities fixed in Firefox 125 (CVE-2024-3864) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/26/2024 Description Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-firefox-upgrade-125_0 References https://attackerkb.com/topics/cve-2024-3864 CVE - 2024-3864 http://www.mozilla.org/security/announce/2024/mfsa2024-18.html

MFSA2024-18 Firefox: Security Vulnerabilities fixed in Firefox 125 (CVE-2024-3855) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/18/2024 Description In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125. Solution(s) mozilla-firefox-upgrade-125_0 References https://attackerkb.com/topics/cve-2024-3855 CVE - 2024-3855 http://www.mozilla.org/security/announce/2024/mfsa2024-18.html

Oracle MySQL Vulnerability: CVE-2024-21013 Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21013 CVE - 2024-21013 https://www.oracle.com/security-alerts/cpuapr2024.html

Gentoo Linux: CVE-2024-3862: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 08/08/2024 Added 08/07/2024 Modified 08/07/2024 Description The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-3862 CVE - 2024-3862 202408-02

Gentoo Linux: CVE-2024-3865: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 08/08/2024 Added 08/07/2024 Modified 08/07/2024 Description Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-3865 CVE - 2024-3865 202408-02

Oracle E-Business Suite: CVE-2024-21022: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21022 CVE - 2024-21022 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21024: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21024 CVE - 2024-21024 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21019: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21019 CVE - 2024-21019 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Alpine Linux: CVE-2024-21085: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 04/16/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) alpine-linux-upgrade-openjdk11 References https://attackerkb.com/topics/cve-2024-21085 CVE - 2024-21085 https://security.alpinelinux.org/vuln/CVE-2024-21085