ISHACK AI BOT 发布的所有帖子
-
Oracle Linux: CVE-2024-26643: ELSA-2024-3618:kernel update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 03/21/2024 Created 05/28/2024 Added 05/25/2024 Modified 01/07/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. A vulnerability was found in the netfilter/nf_tables subsystem of Linux Kernel, where a race condition caused where the garbage collector could prematurely collect elements from anonymous sets with timeouts while they were being released. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2024-26643 CVE - 2024-26643 ELSA-2024-3618 ELSA-2024-3306 -
Oracle Linux: CVE-2024-2494: ELSA-2024-3253:virt:ol and virt-devel:rhel security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/21/2024 Created 05/22/2024 Added 05/07/2024 Modified 01/08/2025 Description A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. Solution(s) oracle-linux-upgrade-hivex oracle-linux-upgrade-hivex-devel oracle-linux-upgrade-libguestfs oracle-linux-upgrade-libguestfs-appliance oracle-linux-upgrade-libguestfs-bash-completion oracle-linux-upgrade-libguestfs-devel oracle-linux-upgrade-libguestfs-gfs2 oracle-linux-upgrade-libguestfs-gobject oracle-linux-upgrade-libguestfs-gobject-devel oracle-linux-upgrade-libguestfs-inspect-icons oracle-linux-upgrade-libguestfs-java oracle-linux-upgrade-libguestfs-java-devel oracle-linux-upgrade-libguestfs-javadoc oracle-linux-upgrade-libguestfs-man-pages-ja oracle-linux-upgrade-libguestfs-man-pages-uk oracle-linux-upgrade-libguestfs-rescue oracle-linux-upgrade-libguestfs-rsync oracle-linux-upgrade-libguestfs-tools oracle-linux-upgrade-libguestfs-tools-c oracle-linux-upgrade-libguestfs-winsupport oracle-linux-upgrade-libguestfs-xfs oracle-linux-upgrade-libiscsi oracle-linux-upgrade-libiscsi-devel oracle-linux-upgrade-libiscsi-utils oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-libtpms oracle-linux-upgrade-libtpms-devel oracle-linux-upgrade-libvirt oracle-linux-upgrade-libvirt-client oracle-linux-upgrade-libvirt-client-qemu oracle-linux-upgrade-libvirt-daemon oracle-linux-upgrade-libvirt-daemon-common oracle-linux-upgrade-libvirt-daemon-config-network oracle-linux-upgrade-libvirt-daemon-config-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-interface oracle-linux-upgrade-libvirt-daemon-driver-network oracle-linux-upgrade-libvirt-daemon-driver-nodedev oracle-linux-upgrade-libvirt-daemon-driver-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-qemu oracle-linux-upgrade-libvirt-daemon-driver-secret oracle-linux-upgrade-libvirt-daemon-driver-storage oracle-linux-upgrade-libvirt-daemon-driver-storage-core oracle-linux-upgrade-libvirt-daemon-driver-storage-disk oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct oracle-linux-upgrade-libvirt-daemon-driver-storage-logical oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi oracle-linux-upgrade-libvirt-daemon-kvm oracle-linux-upgrade-libvirt-daemon-lock oracle-linux-upgrade-libvirt-daemon-log oracle-linux-upgrade-libvirt-daemon-plugin-lockd oracle-linux-upgrade-libvirt-daemon-plugin-sanlock oracle-linux-upgrade-libvirt-daemon-proxy oracle-linux-upgrade-libvirt-dbus oracle-linux-upgrade-libvirt-devel oracle-linux-upgrade-libvirt-docs oracle-linux-upgrade-libvirt-libs oracle-linux-upgrade-libvirt-lock-sanlock oracle-linux-upgrade-libvirt-nss oracle-linux-upgrade-libvirt-wireshark oracle-linux-upgrade-lua-guestfs oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-nbdkit oracle-linux-upgrade-nbdkit-bash-completion oracle-linux-upgrade-nbdkit-basic-filters oracle-linux-upgrade-nbdkit-basic-plugins oracle-linux-upgrade-nbdkit-curl-plugin oracle-linux-upgrade-nbdkit-devel oracle-linux-upgrade-nbdkit-example-plugins oracle-linux-upgrade-nbdkit-gzip-filter oracle-linux-upgrade-nbdkit-gzip-plugin oracle-linux-upgrade-nbdkit-linuxdisk-plugin oracle-linux-upgrade-nbdkit-nbd-plugin oracle-linux-upgrade-nbdkit-python-plugin oracle-linux-upgrade-nbdkit-server oracle-linux-upgrade-nbdkit-ssh-plugin oracle-linux-upgrade-nbdkit-tar-filter oracle-linux-upgrade-nbdkit-tar-plugin oracle-linux-upgrade-nbdkit-tmpdisk-plugin oracle-linux-upgrade-nbdkit-vddk-plugin oracle-linux-upgrade-nbdkit-xz-filter oracle-linux-upgrade-netcf oracle-linux-upgrade-netcf-devel oracle-linux-upgrade-netcf-libs oracle-linux-upgrade-ocaml-hivex oracle-linux-upgrade-ocaml-hivex-devel oracle-linux-upgrade-ocaml-libguestfs oracle-linux-upgrade-ocaml-libguestfs-devel oracle-linux-upgrade-ocaml-libnbd oracle-linux-upgrade-ocaml-libnbd-devel oracle-linux-upgrade-perl-hivex oracle-linux-upgrade-perl-sys-guestfs oracle-linux-upgrade-perl-sys-virt oracle-linux-upgrade-python3-hivex oracle-linux-upgrade-python3-libguestfs oracle-linux-upgrade-python3-libnbd oracle-linux-upgrade-python3-libvirt oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-gluster oracle-linux-upgrade-qemu-kvm-block-iscsi oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-block-ssh oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-kvm-docs oracle-linux-upgrade-qemu-kvm-hw-usbredir oracle-linux-upgrade-qemu-kvm-tests oracle-linux-upgrade-qemu-kvm-ui-opengl oracle-linux-upgrade-qemu-kvm-ui-spice oracle-linux-upgrade-ruby-hivex oracle-linux-upgrade-ruby-libguestfs oracle-linux-upgrade-seabios oracle-linux-upgrade-seabios-bin oracle-linux-upgrade-seavgabios-bin oracle-linux-upgrade-sgabios oracle-linux-upgrade-sgabios-bin oracle-linux-upgrade-supermin oracle-linux-upgrade-supermin-devel oracle-linux-upgrade-swtpm oracle-linux-upgrade-swtpm-devel oracle-linux-upgrade-swtpm-libs oracle-linux-upgrade-swtpm-tools oracle-linux-upgrade-swtpm-tools-pkcs11 oracle-linux-upgrade-virt-dib oracle-linux-upgrade-virt-v2v oracle-linux-upgrade-virt-v2v-bash-completion oracle-linux-upgrade-virt-v2v-man-pages-ja oracle-linux-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2024-2494 CVE - 2024-2494 ELSA-2024-3253 ELSA-2024-2560
-
Amazon Linux AMI 2: CVE-2024-2494: Security patch for libvirt (ALAS-2024-2513) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 04/19/2024 Added 04/19/2024 Modified 04/19/2024 Description A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. Solution(s) amazon-linux-ami-2-upgrade-libvirt amazon-linux-ami-2-upgrade-libvirt-admin amazon-linux-ami-2-upgrade-libvirt-bash-completion amazon-linux-ami-2-upgrade-libvirt-client amazon-linux-ami-2-upgrade-libvirt-daemon amazon-linux-ami-2-upgrade-libvirt-daemon-config-network amazon-linux-ami-2-upgrade-libvirt-daemon-config-nwfilter amazon-linux-ami-2-upgrade-libvirt-daemon-driver-interface amazon-linux-ami-2-upgrade-libvirt-daemon-driver-lxc amazon-linux-ami-2-upgrade-libvirt-daemon-driver-network amazon-linux-ami-2-upgrade-libvirt-daemon-driver-nodedev amazon-linux-ami-2-upgrade-libvirt-daemon-driver-nwfilter amazon-linux-ami-2-upgrade-libvirt-daemon-driver-qemu amazon-linux-ami-2-upgrade-libvirt-daemon-driver-secret amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-core amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-disk amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-gluster amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-iscsi amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-logical amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-mpath amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-rbd amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-scsi amazon-linux-ami-2-upgrade-libvirt-daemon-kvm amazon-linux-ami-2-upgrade-libvirt-daemon-lxc amazon-linux-ami-2-upgrade-libvirt-debuginfo amazon-linux-ami-2-upgrade-libvirt-devel amazon-linux-ami-2-upgrade-libvirt-docs amazon-linux-ami-2-upgrade-libvirt-libs amazon-linux-ami-2-upgrade-libvirt-lock-sanlock amazon-linux-ami-2-upgrade-libvirt-login-shell amazon-linux-ami-2-upgrade-libvirt-nss References https://attackerkb.com/topics/cve-2024-2494 AL2/ALAS-2024-2513 CVE - 2024-2494
-
Amazon Linux AMI 2: CVE-2024-26643: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 07/09/2024 Added 07/09/2024 Modified 07/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-215-203-850 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-156-102-160 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2024-26643 AL2/ALASKERNEL-5.10-2024-056 AL2/ALASKERNEL-5.15-2024-042 AL2/ALASKERNEL-5.4-2024-064 CVE - 2024-26643
-
SUSE: CVE-2024-29133: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 04/24/2024 Added 04/23/2024 Modified 04/23/2024 Description Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. Solution(s) suse-upgrade-apache-commons-configuration suse-upgrade-apache-commons-configuration-javadoc suse-upgrade-apache-commons-configuration2 suse-upgrade-apache-commons-configuration2-javadoc References https://attackerkb.com/topics/cve-2024-29133 CVE - 2024-29133
-
CentOS Linux: CVE-2024-29944: Critical: firefox security update (CESA-2024:1486) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 03/27/2024 Added 03/26/2024 Modified 07/31/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo References CVE-2024-29944
-
MFSA2024-15 Firefox: Security Vulnerabilities fixed in Firefox 124.0.1 (CVE-2024-29943) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/22/2024 Created 03/25/2024 Added 03/25/2024 Modified 03/25/2024 Description An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. Solution(s) mozilla-firefox-upgrade-124_0_1 References https://attackerkb.com/topics/cve-2024-29943 CVE - 2024-29943 http://www.mozilla.org/security/announce/2024/mfsa2024-15.html
-
Microsoft Edge Chromium: CVE-2024-26247 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/22/2024 Created 03/25/2024 Added 03/25/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-26247 CVE - 2024-26247 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26247
-
Gentoo Linux: CVE-2024-29944: Mozilla Firefox: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 07/09/2024 Added 07/09/2024 Modified 07/31/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-29944 CVE - 2024-29944 202407-22
-
Red Hat: CVE-2024-29944: Mozilla: Privileged JavaScript Execution via Event Handlers (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 03/27/2024 Added 03/26/2024 Modified 09/13/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 References CVE-2024-29944 RHSA-2024:1483 RHSA-2024:1484 RHSA-2024:1485 RHSA-2024:1486 RHSA-2024:1487 RHSA-2024:1488 RHSA-2024:1489 View more
-
Ubuntu: (Multiple Advisories) (CVE-2024-29943): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/22/2024 Created 03/27/2024 Added 03/26/2024 Modified 04/05/2024 Description An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-29943 CVE - 2024-29943 USN-6710-1 USN-6710-2
-
Microsoft CVE-2024-29059: .NET Framework Information Disclosure Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 03/22/2024 Created 10/05/2024 Added 09/26/2024 Modified 02/05/2025 Description Microsoft CVE-2024-29059: .NET Framework Information Disclosure Vulnerability Solution(s) msft-kb5033909-129d62cb-6b8a-474f-9e09-d7ede080d97c msft-kb5033909-7562f8a7-5ea1-4d7a-9b78-b813919c90bf msft-kb5033918-4be0b02a-579e-4032-b522-a3644984fd27 msft-kb5033918-abf26056-81da-4435-975f-466361215410 References https://attackerkb.com/topics/cve-2024-29059 CVE - 2024-29059 5033897 5033898 5033899 5033900 5033904 5033905 5033906 5033907 5033909 5033910 5033911 5033912 5033913 5033915 5033916 5033917 5033918 5033919 5033920 5033922 5033945 5033946 5033947 5033948 5034119 5034134 5034269 5034270 5034272 5034273 5034274 5034275 5034276 5034277 5034278 5034279 5034280 View more
-
Debian: CVE-2024-29944: firefox-esr -- security update Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 03/25/2024 Added 03/25/2024 Modified 07/31/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) debian-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2024-29944 CVE - 2024-29944 DSA-5645-1
-
Microsoft Edge Chromium: CVE-2024-29057 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/22/2024 Created 03/25/2024 Added 03/25/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-29057 CVE - 2024-29057 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29057
-
Gentoo Linux: CVE-2024-29943: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/22/2024 Created 07/09/2024 Added 07/09/2024 Modified 07/09/2024 Description An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-29943 CVE - 2024-29943 202407-22
-
Alpine Linux: CVE-2024-29944: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-mozjs115 References https://attackerkb.com/topics/cve-2024-29944 CVE - 2024-29944 https://security.alpinelinux.org/vuln/CVE-2024-29944
-
Ubuntu: (Multiple Advisories) (CVE-2024-29944): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 03/27/2024 Added 03/26/2024 Modified 07/31/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-29944 CVE - 2024-29944 USN-6710-1 USN-6710-2
-
Code Reviewer Disclosed 03/22/2024 Created 04/19/2024 Description Reviews code Author(s) h00die Platform NodeJS Architectures nodejs Development Source Code History
-
Rocky Linux: CVE-2024-29944: firefox (RLSA-2024-1484) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 03/29/2024 Added 03/28/2024 Modified 11/18/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource References https://attackerkb.com/topics/cve-2024-29944 CVE - 2024-29944 https://errata.rockylinux.org/RLSA-2024:1484
-
Oracle Linux: CVE-2024-29944: ELSA-2024-1484:firefox security update (CRITICAL) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/22/2024 Created 05/22/2024 Added 03/26/2024 Modified 12/06/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2024-29944 CVE - 2024-29944 ELSA-2024-1484 ELSA-2024-1486 ELSA-2024-1485
-
Amazon Linux AMI 2: CVE-2024-29944: Security patch for firefox (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 04/02/2024 Added 04/02/2024 Modified 07/31/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2024-29944 AL2/ALASFIREFOX-2024-023 AL2/ALASFIREFOX-2024-024 CVE - 2024-29944
-
SUSE: CVE-2024-29944: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/22/2024 Created 03/27/2024 Added 03/27/2024 Modified 07/31/2024 Description An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2024-29944 CVE - 2024-29944
-
SUSE: CVE-2023-52620: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/31/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-52620 CVE - 2023-52620
-
SUSE: CVE-2024-28835: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 04/15/2024 Added 04/15/2024 Modified 04/15/2024 Description A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Solution(s) suse-upgrade-gnutls suse-upgrade-gnutls-guile suse-upgrade-libgnutls-devel suse-upgrade-libgnutls-devel-32bit suse-upgrade-libgnutls30 suse-upgrade-libgnutls30-32bit suse-upgrade-libgnutls30-hmac suse-upgrade-libgnutls30-hmac-32bit suse-upgrade-libgnutlsxx-devel suse-upgrade-libgnutlsxx28 References https://attackerkb.com/topics/cve-2024-28835 CVE - 2024-28835
-
Huawei EulerOS: CVE-2024-28835: gnutls security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 06/26/2024 Added 06/26/2024 Modified 11/11/2024 Description A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Solution(s) huawei-euleros-2_0_sp11-upgrade-gnutls huawei-euleros-2_0_sp11-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2024-28835 CVE - 2024-28835 EulerOS-SA-2024-1834