ISHACK AI BOT

AVideo WWBNIndex Plugin Unauthenticated RCE Disclosed 04/09/2024 Created 05/21/2024 Description This module exploits an unauthenticated remote code execution (RCE) vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the `submitIndex.php` file, where user-supplied input is passed directly to the `require()` function without proper sanitization. By exploiting this, an attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability. Author(s) Valentin Lobstein Platform Linux,PHP,Unix,Windows Architectures php, cmd Development Source Code History

Rocky Linux: CVE-2024-27983: nodejs (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 05/10/2024 Added 05/13/2024 Modified 11/18/2024 Description An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. Solution(s) rocky-upgrade-nodejs rocky-upgrade-nodejs-debuginfo rocky-upgrade-nodejs-debugsource rocky-upgrade-nodejs-devel rocky-upgrade-nodejs-full-i18n rocky-upgrade-nodejs-libs rocky-upgrade-nodejs-libs-debuginfo rocky-upgrade-npm References https://attackerkb.com/topics/cve-2024-27983 CVE - 2024-27983 https://errata.rockylinux.org/RLSA-2024:2778 https://errata.rockylinux.org/RLSA-2024:2779 https://errata.rockylinux.org/RLSA-2024:2780 https://errata.rockylinux.org/RLSA-2024:2853 https://errata.rockylinux.org/RLSA-2024:2910

Fortinet FortiManager: Improper Control of Generation of Code ('Code Injection') (CVE-2023-47542) Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 01/23/2025 Added 01/20/2025 Modified 01/23/2025 Description A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. Solution(s) fortinet-fortimanager-upgrade-7_0_11 fortinet-fortimanager-upgrade-7_2_5 fortinet-fortimanager-upgrade-7_4_2 References https://attackerkb.com/topics/cve-2023-47542 CVE - 2023-47542 https://fortiguard.com/psirt/FG-IR-23-419

Ubuntu: (CVE-2024-3446): qemu vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/23/2025 Description A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. Solution(s) ubuntu-upgrade-qemu References https://attackerkb.com/topics/cve-2024-3446 CVE - 2024-3446 https://access.redhat.com/security/cve/CVE-2024-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2274211 https://patchew.org/QEMU/[email protected]/ https://www.cve.org/CVERecord?id=CVE-2024-3446

Zoom: CVE-2024-24694: Zoom Desktop Client for Windows - Improper Privilege Management Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 04/09/2024 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2024-24694 CVE - 2024-24694 https://explore.zoom.us/en/trust/security/security-bulletin

Microsoft Windows: CVE-2024-26221: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26221 CVE - 2024-26221 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910

Microsoft Windows: CVE-2024-26217: Windows Remote Access Connection Manager Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/05/2024 Description Windows Remote Access Connection Manager Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2012_r2-kb5037823 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 References https://attackerkb.com/topics/cve-2024-26217 CVE - 2024-26217 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 https://support.microsoft.com/help/5037823 View more

Microsoft CVE-2024-29046: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-29046: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-29046 CVE - 2024-29046 5035432 5035434 5036335 5036343 5037572 5037573 View more

Microsoft Windows: CVE-2024-26218: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26218 CVE - 2024-26218 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 View more

Microsoft Windows: CVE-2024-26214: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26214 CVE - 2024-26214 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26219: HTTP.sys Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description HTTP.sys Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26219 CVE - 2024-26219 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 View more

Microsoft Windows: CVE-2024-26172: Windows DWM Core Library Information DisclosureVulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows DWM Core Library Information DisclosureVulnerability Solution(s) microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26172 CVE - 2024-26172 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 View more

Microsoft CVE-2024-29985: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-29985: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-29985 CVE - 2024-29985 5035432 5035434 5036335 5036343 5037572 5037573 View more

Microsoft Windows: CVE-2024-26220: Windows Mobile Hotspot Information Disclosure Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows Mobile Hotspot Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26220 CVE - 2024-26220 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 View more

Microsoft Windows: CVE-2024-26234: Proxy Driver Spoofing Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Proxy Driver Spoofing Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26234 CVE - 2024-26234 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft CVE-2024-28910: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-28910: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-28910 CVE - 2024-28910 5035432 5035434 5036335 5036343 5037572 5037573 View more

Microsoft Windows: CVE-2024-26227: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26227 CVE - 2024-26227 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910

Amazon Linux 2023: CVE-2024-21409: Important priority package update for dotnet6.0 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability A use-after-free flaw was found in dotnet. This issue can result in code execution when viewing untrusted documents. Solution(s) amazon-linux-2023-upgrade-aspnetcore-runtime-6-0 amazon-linux-2023-upgrade-aspnetcore-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet amazon-linux-2023-upgrade-dotnet6-0-debuginfo amazon-linux-2023-upgrade-dotnet6-0-debugsource amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0 amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-host amazon-linux-2023-upgrade-dotnet-host-debuginfo amazon-linux-2023-upgrade-dotnet-hostfxr-6-0 amazon-linux-2023-upgrade-dotnet-hostfxr-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-6-0 amazon-linux-2023-upgrade-dotnet-runtime-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0 amazon-linux-2023-upgrade-dotnet-sdk-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0-source-built-artifacts amazon-linux-2023-upgrade-dotnet-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet-templates-6-0 amazon-linux-2023-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2024-21409 CVE - 2024-21409 https://alas.aws.amazon.com/AL2023/ALAS-2024-597.html

Microsoft Windows: CVE-2024-29988: SmartScreen Prompt Security Feature Bypass Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description SmartScreen Prompt Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-29988 CVE - 2024-29988 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 View more

Microsoft CVE-2024-28933: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-28933: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-28933 CVE - 2024-28933 5035432 5035434 5036335 5036343 5037570 5037571 View more

Red Hat: CVE-2024-3446: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 09/26/2024 Added 09/25/2024 Modified 11/13/2024 Description A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. Solution(s) redhat-upgrade-hivex redhat-upgrade-hivex-debuginfo redhat-upgrade-hivex-debugsource redhat-upgrade-hivex-devel redhat-upgrade-libguestfs redhat-upgrade-libguestfs-appliance redhat-upgrade-libguestfs-bash-completion redhat-upgrade-libguestfs-debuginfo redhat-upgrade-libguestfs-debugsource redhat-upgrade-libguestfs-devel redhat-upgrade-libguestfs-gfs2 redhat-upgrade-libguestfs-gobject redhat-upgrade-libguestfs-gobject-debuginfo redhat-upgrade-libguestfs-gobject-devel redhat-upgrade-libguestfs-inspect-icons redhat-upgrade-libguestfs-java redhat-upgrade-libguestfs-java-debuginfo redhat-upgrade-libguestfs-java-devel redhat-upgrade-libguestfs-javadoc redhat-upgrade-libguestfs-man-pages-ja redhat-upgrade-libguestfs-man-pages-uk redhat-upgrade-libguestfs-rescue redhat-upgrade-libguestfs-rsync redhat-upgrade-libguestfs-tools redhat-upgrade-libguestfs-tools-c redhat-upgrade-libguestfs-tools-c-debuginfo redhat-upgrade-libguestfs-winsupport redhat-upgrade-libguestfs-xfs redhat-upgrade-libiscsi redhat-upgrade-libiscsi-debuginfo redhat-upgrade-libiscsi-debugsource redhat-upgrade-libiscsi-devel redhat-upgrade-libiscsi-utils redhat-upgrade-libiscsi-utils-debuginfo redhat-upgrade-libnbd redhat-upgrade-libnbd-bash-completion redhat-upgrade-libnbd-debuginfo redhat-upgrade-libnbd-debugsource redhat-upgrade-libnbd-devel redhat-upgrade-libtpms redhat-upgrade-libtpms-debuginfo redhat-upgrade-libtpms-debugsource redhat-upgrade-libtpms-devel redhat-upgrade-libvirt redhat-upgrade-libvirt-client redhat-upgrade-libvirt-client-debuginfo redhat-upgrade-libvirt-daemon redhat-upgrade-libvirt-daemon-config-network redhat-upgrade-libvirt-daemon-config-nwfilter redhat-upgrade-libvirt-daemon-debuginfo redhat-upgrade-libvirt-daemon-driver-interface redhat-upgrade-libvirt-daemon-driver-interface-debuginfo redhat-upgrade-libvirt-daemon-driver-network redhat-upgrade-libvirt-daemon-driver-network-debuginfo redhat-upgrade-libvirt-daemon-driver-nodedev redhat-upgrade-libvirt-daemon-driver-nodedev-debuginfo redhat-upgrade-libvirt-daemon-driver-nwfilter redhat-upgrade-libvirt-daemon-driver-nwfilter-debuginfo redhat-upgrade-libvirt-daemon-driver-qemu redhat-upgrade-libvirt-daemon-driver-qemu-debuginfo redhat-upgrade-libvirt-daemon-driver-secret redhat-upgrade-libvirt-daemon-driver-secret-debuginfo redhat-upgrade-libvirt-daemon-driver-storage redhat-upgrade-libvirt-daemon-driver-storage-core redhat-upgrade-libvirt-daemon-driver-storage-core-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-disk redhat-upgrade-libvirt-daemon-driver-storage-disk-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-gluster redhat-upgrade-libvirt-daemon-driver-storage-gluster-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-iscsi redhat-upgrade-libvirt-daemon-driver-storage-iscsi-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-iscsi-direct redhat-upgrade-libvirt-daemon-driver-storage-iscsi-direct-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-logical redhat-upgrade-libvirt-daemon-driver-storage-logical-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-mpath redhat-upgrade-libvirt-daemon-driver-storage-mpath-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-rbd redhat-upgrade-libvirt-daemon-driver-storage-rbd-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-scsi redhat-upgrade-libvirt-daemon-driver-storage-scsi-debuginfo redhat-upgrade-libvirt-daemon-kvm redhat-upgrade-libvirt-dbus redhat-upgrade-libvirt-dbus-debuginfo redhat-upgrade-libvirt-dbus-debugsource redhat-upgrade-libvirt-debuginfo redhat-upgrade-libvirt-debugsource redhat-upgrade-libvirt-devel redhat-upgrade-libvirt-docs redhat-upgrade-libvirt-libs redhat-upgrade-libvirt-libs-debuginfo redhat-upgrade-libvirt-lock-sanlock redhat-upgrade-libvirt-lock-sanlock-debuginfo redhat-upgrade-libvirt-nss redhat-upgrade-libvirt-nss-debuginfo redhat-upgrade-libvirt-python-debugsource redhat-upgrade-libvirt-wireshark redhat-upgrade-libvirt-wireshark-debuginfo redhat-upgrade-lua-guestfs redhat-upgrade-lua-guestfs-debuginfo redhat-upgrade-nbdfuse redhat-upgrade-nbdfuse-debuginfo redhat-upgrade-nbdkit redhat-upgrade-nbdkit-bash-completion redhat-upgrade-nbdkit-basic-filters redhat-upgrade-nbdkit-basic-filters-debuginfo redhat-upgrade-nbdkit-basic-plugins redhat-upgrade-nbdkit-basic-plugins-debuginfo redhat-upgrade-nbdkit-curl-plugin redhat-upgrade-nbdkit-curl-plugin-debuginfo redhat-upgrade-nbdkit-debuginfo redhat-upgrade-nbdkit-debugsource redhat-upgrade-nbdkit-devel redhat-upgrade-nbdkit-example-plugins redhat-upgrade-nbdkit-example-plugins-debuginfo redhat-upgrade-nbdkit-gzip-filter redhat-upgrade-nbdkit-gzip-filter-debuginfo redhat-upgrade-nbdkit-gzip-plugin redhat-upgrade-nbdkit-gzip-plugin-debuginfo redhat-upgrade-nbdkit-linuxdisk-plugin redhat-upgrade-nbdkit-linuxdisk-plugin-debuginfo redhat-upgrade-nbdkit-nbd-plugin redhat-upgrade-nbdkit-nbd-plugin-debuginfo redhat-upgrade-nbdkit-python-plugin redhat-upgrade-nbdkit-python-plugin-debuginfo redhat-upgrade-nbdkit-server redhat-upgrade-nbdkit-server-debuginfo redhat-upgrade-nbdkit-ssh-plugin redhat-upgrade-nbdkit-ssh-plugin-debuginfo redhat-upgrade-nbdkit-tar-filter redhat-upgrade-nbdkit-tar-filter-debuginfo redhat-upgrade-nbdkit-tar-plugin redhat-upgrade-nbdkit-tar-plugin-debuginfo redhat-upgrade-nbdkit-tmpdisk-plugin redhat-upgrade-nbdkit-tmpdisk-plugin-debuginfo redhat-upgrade-nbdkit-vddk-plugin redhat-upgrade-nbdkit-vddk-plugin-debuginfo redhat-upgrade-nbdkit-xz-filter redhat-upgrade-nbdkit-xz-filter-debuginfo redhat-upgrade-netcf redhat-upgrade-netcf-debuginfo redhat-upgrade-netcf-debugsource redhat-upgrade-netcf-devel redhat-upgrade-netcf-libs redhat-upgrade-netcf-libs-debuginfo redhat-upgrade-ocaml-hivex redhat-upgrade-ocaml-hivex-debuginfo redhat-upgrade-ocaml-hivex-devel redhat-upgrade-ocaml-libguestfs redhat-upgrade-ocaml-libguestfs-debuginfo redhat-upgrade-ocaml-libguestfs-devel redhat-upgrade-ocaml-libnbd redhat-upgrade-ocaml-libnbd-debuginfo redhat-upgrade-ocaml-libnbd-devel redhat-upgrade-perl-hivex redhat-upgrade-perl-hivex-debuginfo redhat-upgrade-perl-sys-guestfs redhat-upgrade-perl-sys-guestfs-debuginfo redhat-upgrade-perl-sys-virt redhat-upgrade-perl-sys-virt-debuginfo redhat-upgrade-perl-sys-virt-debugsource redhat-upgrade-python3-hivex redhat-upgrade-python3-hivex-debuginfo redhat-upgrade-python3-libguestfs redhat-upgrade-python3-libguestfs-debuginfo redhat-upgrade-python3-libnbd redhat-upgrade-python3-libnbd-debuginfo redhat-upgrade-python3-libvirt redhat-upgrade-python3-libvirt-debuginfo redhat-upgrade-qemu-guest-agent redhat-upgrade-qemu-guest-agent-debuginfo redhat-upgrade-qemu-img redhat-upgrade-qemu-img-debuginfo redhat-upgrade-qemu-kvm redhat-upgrade-qemu-kvm-audio-dbus-debuginfo redhat-upgrade-qemu-kvm-audio-pa redhat-upgrade-qemu-kvm-audio-pa-debuginfo redhat-upgrade-qemu-kvm-block-blkio redhat-upgrade-qemu-kvm-block-blkio-debuginfo redhat-upgrade-qemu-kvm-block-curl redhat-upgrade-qemu-kvm-block-curl-debuginfo redhat-upgrade-qemu-kvm-block-gluster redhat-upgrade-qemu-kvm-block-gluster-debuginfo redhat-upgrade-qemu-kvm-block-iscsi redhat-upgrade-qemu-kvm-block-iscsi-debuginfo redhat-upgrade-qemu-kvm-block-rbd redhat-upgrade-qemu-kvm-block-rbd-debuginfo redhat-upgrade-qemu-kvm-block-ssh redhat-upgrade-qemu-kvm-block-ssh-debuginfo redhat-upgrade-qemu-kvm-common redhat-upgrade-qemu-kvm-common-debuginfo redhat-upgrade-qemu-kvm-core redhat-upgrade-qemu-kvm-core-debuginfo redhat-upgrade-qemu-kvm-debuginfo redhat-upgrade-qemu-kvm-debugsource redhat-upgrade-qemu-kvm-device-display-virtio-gpu redhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccw redhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccw-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-gpu-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-gpu-pci redhat-upgrade-qemu-kvm-device-display-virtio-gpu-pci-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-vga redhat-upgrade-qemu-kvm-device-display-virtio-vga-debuginfo redhat-upgrade-qemu-kvm-device-usb-host redhat-upgrade-qemu-kvm-device-usb-host-debuginfo redhat-upgrade-qemu-kvm-device-usb-redirect redhat-upgrade-qemu-kvm-device-usb-redirect-debuginfo redhat-upgrade-qemu-kvm-docs redhat-upgrade-qemu-kvm-hw-usbredir redhat-upgrade-qemu-kvm-hw-usbredir-debuginfo redhat-upgrade-qemu-kvm-tests redhat-upgrade-qemu-kvm-tests-debuginfo redhat-upgrade-qemu-kvm-tools redhat-upgrade-qemu-kvm-tools-debuginfo redhat-upgrade-qemu-kvm-ui-dbus-debuginfo redhat-upgrade-qemu-kvm-ui-egl-headless redhat-upgrade-qemu-kvm-ui-egl-headless-debuginfo redhat-upgrade-qemu-kvm-ui-opengl redhat-upgrade-qemu-kvm-ui-opengl-debuginfo redhat-upgrade-qemu-kvm-ui-spice redhat-upgrade-qemu-kvm-ui-spice-debuginfo redhat-upgrade-qemu-pr-helper redhat-upgrade-qemu-pr-helper-debuginfo redhat-upgrade-ruby-hivex redhat-upgrade-ruby-hivex-debuginfo redhat-upgrade-ruby-libguestfs redhat-upgrade-ruby-libguestfs-debuginfo redhat-upgrade-seabios redhat-upgrade-seabios-bin redhat-upgrade-seavgabios-bin redhat-upgrade-sgabios redhat-upgrade-sgabios-bin redhat-upgrade-slof redhat-upgrade-supermin redhat-upgrade-supermin-debuginfo redhat-upgrade-supermin-debugsource redhat-upgrade-supermin-devel redhat-upgrade-swtpm redhat-upgrade-swtpm-debuginfo redhat-upgrade-swtpm-debugsource redhat-upgrade-swtpm-devel redhat-upgrade-swtpm-libs redhat-upgrade-swtpm-libs-debuginfo redhat-upgrade-swtpm-tools redhat-upgrade-swtpm-tools-debuginfo redhat-upgrade-swtpm-tools-pkcs11 redhat-upgrade-virt-dib redhat-upgrade-virt-dib-debuginfo redhat-upgrade-virt-v2v redhat-upgrade-virt-v2v-bash-completion redhat-upgrade-virt-v2v-debuginfo redhat-upgrade-virt-v2v-debugsource redhat-upgrade-virt-v2v-man-pages-ja redhat-upgrade-virt-v2v-man-pages-uk References CVE-2024-3446 RHSA-2024:6964 RHSA-2024:9136

Alma Linux: CVE-2024-2511: Low: openssl security update (ALSA-2024-9333) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/08/2024 Created 11/22/2024 Added 11/21/2024 Modified 11/21/2024 Description Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2024-2511 CVE - 2024-2511 https://errata.almalinux.org/9/ALSA-2024-9333.html

Oracle Linux: CVE-2024-2511: ELSA-2024-9333:openssl and openssl-fips-provider security update (LOW) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 04/08/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/22/2024 Description Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected. Solution(s) oracle-linux-upgrade-openssl oracle-linux-upgrade-openssl-devel oracle-linux-upgrade-openssl-fips-provider oracle-linux-upgrade-openssl-fips-provider-so oracle-linux-upgrade-openssl-libs oracle-linux-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2024-2511 CVE - 2024-2511 ELSA-2024-9333

Ubuntu: USN-6937-1 (CVE-2024-2511): OpenSSL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/08/2024 Created 08/02/2024 Added 08/01/2024 Modified 10/23/2024 Description Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. Solution(s) ubuntu-upgrade-libssl1-1 ubuntu-upgrade-libssl3 ubuntu-upgrade-libssl3t64 References https://attackerkb.com/topics/cve-2024-2511 CVE - 2024-2511 USN-6937-1

Debian: CVE-2024-2511: openssl -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/08/2024 Created 09/03/2024 Added 09/02/2024 Modified 12/02/2024 Description Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2024-2511 CVE - 2024-2511 DLA-3942-1