ISHACK AI BOT

Aruba AOS-10: CVE-2024-1356: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 03/05/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2024-1356 References https://attackerkb.com/topics/cve-2024-1356 CVE - 2024-1356 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-002.json

Aruba AOS-10: CVE-2024-25615: Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Spectrum Service Accessed via the PAPI Protocol Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/05/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. Solution(s) aruba-aos-10-cve-2024-25615 References https://attackerkb.com/topics/cve-2024-25615 CVE - 2024-25615 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-002.json

OS X update for Kernel (CVE-2024-23225) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/05/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. Solution(s) apple-osx-upgrade-12_7_4 apple-osx-upgrade-13_6_5 apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-23225 CVE - 2024-23225 https://support.apple.com/en-us/120884 https://support.apple.com/en-us/120886 https://support.apple.com/en-us/120895

Red Hat: CVE-2024-2236: libgcrypt: vulnerable to Marvin Attack (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 03/06/2024 Created 11/14/2024 Added 11/13/2024 Modified 11/13/2024 Description A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. Solution(s) redhat-upgrade-libgcrypt redhat-upgrade-libgcrypt-debuginfo redhat-upgrade-libgcrypt-debugsource redhat-upgrade-libgcrypt-devel redhat-upgrade-libgcrypt-devel-debuginfo References CVE-2024-2236 RHSA-2024:9404

Debian: CVE-2023-52603: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/06/2024 Created 05/08/2024 Added 05/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9 index -2 is out of range for type 'struct dtslot [128]' CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283 dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971 dtSplitUp fs/jfs/jfs_dtree.c:985 [inline] dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863 jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270 vfs_mkdir+0x3b3/0x590 fs/namei.c:4013 do_mkdirat+0x279/0x550 fs/namei.c:4038 __do_sys_mkdirat fs/namei.c:4053 [inline] __se_sys_mkdirat fs/namei.c:4051 [inline] __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fcdc0113fd9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9 RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0 R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000 R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 </TASK> The issue is caused when the value of fsi becomes less than -1. The check to break the loop when fsi value becomes -1 is present but syzbot was able to produce value less than -1 which cause the error. This patch simply add the change for the values less than 0. The patch is tested via syzbot. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52603 CVE - 2023-52603 DSA-5681-1

Debian: CVE-2024-25111: squid -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/06/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue. Solution(s) debian-upgrade-squid References https://attackerkb.com/topics/cve-2024-25111 CVE - 2024-25111

Huawei EulerOS: CVE-2023-52597: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/06/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu. Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52597 CVE - 2023-52597 EulerOS-SA-2024-1964

Debian: CVE-2024-2176: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2024 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-2176 CVE - 2024-2176 DSA-5636-1

Debian: CVE-2023-52606: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/06/2024 Created 05/08/2024 Added 05/08/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52606 CVE - 2023-52606 DSA-5681-1

Red Hat: CVE-2023-52605: kernel: ACPI: extlog: fix NULL pointer dereference check (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 03/06/2024 Created 09/26/2024 Added 09/25/2024 Modified 09/25/2024 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-52605 RHSA-2024:7000 RHSA-2024:7001

VMware Photon OS: CVE-2023-52594 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52594 CVE - 2023-52594

VMware Photon OS: CVE-2023-52599 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140 RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [Analysis] When the agstart is too large, it can cause agno overflow. [Fix] After obtaining agno, if the value is invalid, exit the subsequent process. Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next report by kernel test robot (Dan Carpenter). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52599 CVE - 2023-52599

VMware Photon OS: CVE-2023-52583 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/05/2025 Description In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always be set from the callers, let's just remove it. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52583 CVE - 2023-52583

VMware Photon OS: CVE-2023-52586 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering the vblank irq callback. v4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a parameter of dpu_encoder_phys. -Switch from atomic refcnt to a simple int counter as mutex has now been added v3: Mistakenly did not change wording in last version. It is done now. v2: Slightly changed wording of commit message Patchwork: https://patchwork.freedesktop.org/patch/571854/ Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52586 CVE - 2023-52586

VMware Photon OS: CVE-2023-52595 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw(). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52595 CVE - 2023-52595

Gentoo Linux: CVE-2024-2174: Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-ww-client-microsoft-edge gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge gentoo-linux-upgrade-www-client-opera References https://attackerkb.com/topics/cve-2024-2174 CVE - 2024-2174 202412-05

Gentoo Linux: CVE-2024-2176: Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-ww-client-microsoft-edge gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge gentoo-linux-upgrade-www-client-opera References https://attackerkb.com/topics/cve-2024-2176 CVE - 2024-2176 202412-05

Gentoo Linux: CVE-2024-24783: Go: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 08/08/2024 Added 08/08/2024 Modified 08/08/2024 Description Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2024-24783 CVE - 2024-24783 202408-07

Gentoo Linux: CVE-2024-24786: podman: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 07/09/2024 Added 07/09/2024 Modified 07/11/2024 Description The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. Solution(s) gentoo-linux-upgrade-app-containers-buildah gentoo-linux-upgrade-app-containers-podman References https://attackerkb.com/topics/cve-2024-24786 CVE - 2024-24786 202407-12 202407-25

Gentoo Linux: CVE-2023-45289: Go: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 08/08/2024 Added 08/08/2024 Modified 08/08/2024 Description When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2023-45289 CVE - 2023-45289 202408-07

Ubuntu: USN-6886-1 (CVE-2023-45289): Go vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/23/2025 Description When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. Solution(s) ubuntu-upgrade-golang-1-21 ubuntu-upgrade-golang-1-21-go ubuntu-upgrade-golang-1-21-src ubuntu-upgrade-golang-1-22 ubuntu-upgrade-golang-1-22-go ubuntu-upgrade-golang-1-22-src References https://attackerkb.com/topics/cve-2023-45289 CVE - 2023-45289 USN-6886-1

Huawei EulerOS: CVE-2024-24785: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 06/26/2024 Added 06/26/2024 Modified 11/11/2024 Description If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2024-24785 CVE - 2024-24785 EulerOS-SA-2024-1835

Aruba AOS-8: CVE-2024-25616: ArubaOS Sensitive Information Disclosure Severity 3 CVSS (AV:N/AC:H/Au:N/C:P/I:N/A:N) Published 03/05/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. Solution(s) aruba-aos-8-cve-2024-25616 References https://attackerkb.com/topics/cve-2024-25616 CVE - 2024-25616 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-002.json

VMware Fusion: Vulnerability (VMSA-2024-0006) (CVE-2024-22252) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/05/2024 Created 03/08/2024 Added 03/07/2024 Modified 04/24/2024 Description VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. Solution(s) vmware-fusion-upgrade-13_5_1 References https://attackerkb.com/topics/cve-2024-22252 CVE - 2024-22252 http://www.vmware.com/security/advisories/VMSA-2024-0006.html

CentOS Linux: CVE-2024-24786: Moderate: rhc-worker-script security and enhancement update (CESA-2024:1874) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 04/19/2024 Added 04/19/2024 Modified 04/19/2024 Description The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. Solution(s) centos-upgrade-rhc-worker-script References CVE-2024-24786