ISHACK AI BOT

Oracle MySQL Vulnerability: CVE-2024-21069 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21069 CVE - 2024-21069 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle MySQL Vulnerability: CVE-2024-21090 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/16/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python).Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21090 CVE - 2024-21090 https://www.oracle.com/security-alerts/cpuapr2024.html

Alma Linux: CVE-2022-24807: Moderate: net-snmp security update (ALSA-2024-7260) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 04/16/2024 Created 10/01/2024 Added 09/30/2024 Modified 01/28/2025 Description net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. Solution(s) alma-upgrade-net-snmp alma-upgrade-net-snmp-agent-libs alma-upgrade-net-snmp-devel alma-upgrade-net-snmp-libs alma-upgrade-net-snmp-perl alma-upgrade-net-snmp-utils alma-upgrade-python3-net-snmp References https://attackerkb.com/topics/cve-2022-24807 CVE - 2022-24807 https://errata.almalinux.org/9/ALSA-2024-7260.html

Debian: CVE-2024-31497: putty -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/15/2024 Created 06/24/2024 Added 06/24/2024 Modified 01/30/2025 Description In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. Solution(s) debian-upgrade-putty References https://attackerkb.com/topics/cve-2024-31497 CVE - 2024-31497 DLA-3839-1

Amazon Linux 2023: CVE-2024-3652: Medium priority package update for libreswan Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 04/15/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the compute_proto_keymat() function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an authenticated attacker to send the bogus AES-GMAC proposal request, triggering the issue and causing Libreswan to crash and restart. When this connection is automatically added on startup using the auto= keyword, it can cause repeated crashes, leading to a denial of service. No remote code execution is possible. Solution(s) amazon-linux-2023-upgrade-libreswan amazon-linux-2023-upgrade-libreswan-debuginfo amazon-linux-2023-upgrade-libreswan-debugsource References https://attackerkb.com/topics/cve-2024-3652 CVE - 2024-3652 https://alas.aws.amazon.com/AL2023/ALAS-2024-621.html

Alpine Linux: CVE-2024-31497: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/15/2024 Created 06/11/2024 Added 06/06/2024 Modified 10/02/2024 Description In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. Solution(s) alpine-linux-upgrade-putty References https://attackerkb.com/topics/cve-2024-31497 CVE - 2024-31497 https://security.alpinelinux.org/vuln/CVE-2024-31497

Oracle Linux: CVE-2024-3652: ELSA-2024-4376:libreswan security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 04/15/2024 Created 06/26/2024 Added 06/24/2024 Modified 01/07/2025 Description The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the compute_proto_keymat() function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an authenticated attacker to send the bogus AES-GMAC proposal request, triggering the issue and causing Libreswan to crash and restart. When this connection is automatically added on startup using the auto= keyword, it can cause repeated crashes, leading to a denial of service. No remote code execution is possible. Solution(s) oracle-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2024-3652 CVE - 2024-3652 ELSA-2024-4376 ELSA-2024-4050

SUSE: CVE-2024-31497: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/15/2024 Created 04/22/2024 Added 04/22/2024 Modified 01/28/2025 Description In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. Solution(s) suse-upgrade-putty References https://attackerkb.com/topics/cve-2024-31497 CVE - 2024-31497

Debian: CVE-2024-2201: linux, xen -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/15/2024 Created 04/15/2024 Added 04/15/2024 Modified 12/30/2024 Description A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. Solution(s) debian-upgrade-linux debian-upgrade-xen References https://attackerkb.com/topics/cve-2024-2201 CVE - 2024-2201 DSA-5658-1

SUSE: CVE-2024-3772: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/15/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. Solution(s) suse-upgrade-python311-pydantic References https://attackerkb.com/topics/cve-2024-3772 CVE - 2024-3772

Gentoo Linux: CVE-2024-31497: PuTTY: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/15/2024 Created 07/09/2024 Added 07/09/2024 Modified 01/30/2025 Description In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. Solution(s) gentoo-linux-upgrade-net-misc-putty References https://attackerkb.com/topics/cve-2024-31497 CVE - 2024-31497 202407-11

Ubuntu: USN-7101-1 (CVE-2024-3772): Pydantic vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/15/2024 Created 11/14/2024 Added 11/13/2024 Modified 11/15/2024 Description Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. Solution(s) ubuntu-pro-upgrade-python3-pydantic References https://attackerkb.com/topics/cve-2024-3772 CVE - 2024-3772 USN-7101-1

Microsoft Windows: CVE-2022-43552: Open Source Curl Remote Code Execution Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/15/2024 Created 05/03/2024 Added 04/15/2024 Modified 01/28/2025 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Solution(s) microsoft-windows-windows_10-1809-kb5025229 microsoft-windows-windows_10-20h2-kb5025221 microsoft-windows-windows_10-21h2-kb5025221 microsoft-windows-windows_10-22h2-kb5025221 microsoft-windows-windows_11-21h2-kb5025224 microsoft-windows-windows_11-22h2-kb5025239 microsoft-windows-windows_server_2019-1809-kb5025229 microsoft-windows-windows_server_2022-21h2-kb5025230 microsoft-windows-windows_server_2022-22h2-kb5025230 References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552 https://support.microsoft.com/help/5025221 https://support.microsoft.com/help/5025224 https://support.microsoft.com/help/5025229 https://support.microsoft.com/help/5025230 https://support.microsoft.com/help/5025239

Microsoft Windows: CVE-2023-36871: Azure Active Directory Security Feature Bypass Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 04/15/2024 Created 05/03/2024 Added 04/15/2024 Modified 01/28/2025 Description Azure Active Directory Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-36871 CVE - 2023-36871 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 View more

Rocky Linux: CVE-2024-32487: less (RLSA-2024-3513) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) rocky-upgrade-less rocky-upgrade-less-debuginfo rocky-upgrade-less-debugsource References https://attackerkb.com/topics/cve-2024-32487 CVE - 2024-32487 https://errata.rockylinux.org/RLSA-2024:3513

SUSE: CVE-2024-26817: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 05/15/2024 Added 05/15/2024 Modified 02/06/2025 Description In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-26817 CVE - 2024-26817

Huawei EulerOS: CVE-2024-32487: less security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) huawei-euleros-2_0_sp9-upgrade-less References https://attackerkb.com/topics/cve-2024-32487 CVE - 2024-32487 EulerOS-SA-2024-1965

Red Hat: CVE-2024-32487: less: OS command injection (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 04/13/2024 Created 06/01/2024 Added 05/31/2024 Modified 09/03/2024 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) redhat-upgrade-less redhat-upgrade-less-debuginfo redhat-upgrade-less-debugsource References CVE-2024-32487 RHSA-2024:3513 RHSA-2024:3669 RHSA-2024:4256 RHSA-2024:4369 RHSA-2024:4529

Ubuntu: USN-6756-1 (CVE-2024-32487): less vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 04/30/2024 Added 04/30/2024 Modified 11/15/2024 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) ubuntu-pro-upgrade-less References https://attackerkb.com/topics/cve-2024-32487 CVE - 2024-32487 USN-6756-1

Amazon Linux AMI: CVE-2024-32487: Security patch for less (ALAS-2025-1958) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 02/11/2025 Added 02/06/2025 Modified 02/06/2025 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) amazon-linux-upgrade-less References ALAS-2025-1958 CVE-2024-32487

Huawei EulerOS: CVE-2024-32487: less security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) huawei-euleros-2_0_sp12-upgrade-less References https://attackerkb.com/topics/cve-2024-32487 CVE - 2024-32487 EulerOS-SA-2024-2241

CentOS Linux: CVE-2024-32487: Important: less security update (CESA-2024:3669) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 06/07/2024 Added 06/07/2024 Modified 06/07/2024 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) centos-upgrade-less centos-upgrade-less-debuginfo References CVE-2024-32487

Oracle Linux: CVE-2024-2756: ELSA-2024-10951:php:8.2 security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 04/12/2024 Created 12/14/2024 Added 12/12/2024 Modified 01/07/2025 Description Due to an incomplete fix toCVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim&apos;s browser which is treated as a __Host- or __Secure- cookie by PHP applications. An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim&apos;s browser. Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-json oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml oracle-linux-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-2756 CVE - 2024-2756 ELSA-2024-10951 ELSA-2024-10949 ELSA-2024-10950 ELSA-2024-10952

VMware Photon OS: CVE-2024-2397 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 04/12/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile.This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-2397 CVE - 2024-2397

Oracle Linux: CVE-2024-3096: ELSA-2024-10951:php:8.2 security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:N) Published 04/12/2024 Created 12/14/2024 Added 12/12/2024 Modified 01/07/2025 Description In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. A null byte interaction error vulnerability was found in PHP. If a password stored with password_hash starts with a null byte (\x00), testing a blank string as the password via password_verify will incorrectly return true. If a user can create a password with a leading null byte (unlikely, but syntactically valid), an attacker could trivially compromise the victim&apos;s account by attempting to sign in with a blank string. Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-json oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml oracle-linux-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-3096 CVE - 2024-3096 ELSA-2024-10951 ELSA-2024-10949 ELSA-2024-10950 ELSA-2024-10952