ISHACK AI BOT

PostgreSQL: CVE-2024-10976: PostgreSQL row security below e.g. subqueries disregards user ID changes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/15/2024 Created 11/16/2024 Added 11/15/2024 Modified 02/14/2025 Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.This has the same consequences as the two earlier CVEs.That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.This affects only databases that have used CREATE POLICY to define a row security policy.An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) postgres-upgrade-13_17 postgres-upgrade-14_14 postgres-upgrade-15_9 postgres-upgrade-16_5 postgres-upgrade-17_1 References https://attackerkb.com/topics/cve-2024-10976 CVE - 2024-10976

PostgreSQL: CVE-2024-10977: PostgreSQL libpq retains an error message from man-in-the-middle Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/15/2024 Created 11/16/2024 Added 11/15/2024 Modified 11/18/2024 Description Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application.For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results.This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) postgres-upgrade-13_17 postgres-upgrade-14_14 postgres-upgrade-15_9 postgres-upgrade-16_5 postgres-upgrade-17_1 References https://attackerkb.com/topics/cve-2024-10977 CVE - 2024-10977

Microsoft Edge Chromium: CVE-2024-49025 Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 11/15/2024 Created 11/16/2024 Added 11/15/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-49025 CVE - 2024-49025 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49025

Amazon Linux 2023: CVE-2024-52616: Medium priority package update for avahi Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/15/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Solution(s) amazon-linux-2023-upgrade-avahi amazon-linux-2023-upgrade-avahi-autoipd amazon-linux-2023-upgrade-avahi-autoipd-debuginfo amazon-linux-2023-upgrade-avahi-compat-howl amazon-linux-2023-upgrade-avahi-compat-howl-debuginfo amazon-linux-2023-upgrade-avahi-compat-howl-devel amazon-linux-2023-upgrade-avahi-compat-libdns-sd amazon-linux-2023-upgrade-avahi-compat-libdns-sd-debuginfo amazon-linux-2023-upgrade-avahi-compat-libdns-sd-devel amazon-linux-2023-upgrade-avahi-debuginfo amazon-linux-2023-upgrade-avahi-debugsource amazon-linux-2023-upgrade-avahi-devel amazon-linux-2023-upgrade-avahi-dnsconfd amazon-linux-2023-upgrade-avahi-dnsconfd-debuginfo amazon-linux-2023-upgrade-avahi-glib amazon-linux-2023-upgrade-avahi-glib-debuginfo amazon-linux-2023-upgrade-avahi-glib-devel amazon-linux-2023-upgrade-avahi-gobject amazon-linux-2023-upgrade-avahi-gobject-debuginfo amazon-linux-2023-upgrade-avahi-gobject-devel amazon-linux-2023-upgrade-avahi-libs amazon-linux-2023-upgrade-avahi-libs-debuginfo amazon-linux-2023-upgrade-avahi-tools amazon-linux-2023-upgrade-avahi-tools-debuginfo amazon-linux-2023-upgrade-avahi-ui-devel amazon-linux-2023-upgrade-avahi-ui-gtk3 amazon-linux-2023-upgrade-avahi-ui-gtk3-debuginfo References https://attackerkb.com/topics/cve-2024-52616 CVE - 2024-52616 https://alas.aws.amazon.com/AL2023/ALAS-2024-771.html

LibreNMS Authenticated RCE (CVE-2024-51092) Disclosed 11/15/2024 Created 01/20/2025 Description An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. Author(s) murrant (Tony Murray) Takahiro Yokoyama Platform Linux Development Source Code History

FreeBSD: VID-3831292B-A29D-11EF-AF48-6CC21735F730 (CVE-2024-10976): PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/14/2024 Created 11/16/2024 Added 11/15/2024 Modified 02/14/2025 Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.This has the same consequences as the two earlier CVEs.That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.This affects only databases that have used CREATE POLICY to define a row security policy.An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) freebsd-upgrade-package-postgresql12-server freebsd-upgrade-package-postgresql13-server freebsd-upgrade-package-postgresql14-server freebsd-upgrade-package-postgresql15-server freebsd-upgrade-package-postgresql16-server freebsd-upgrade-package-postgresql17-server References CVE-2024-10976

FreeBSD: VID-28FFA931-A510-11EF-8109-B42E991FC52E (CVE-2024-10921): mongodb -- Buffer over-reads in MongoDB Server Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/14/2024 Created 11/21/2024 Added 11/19/2024 Modified 11/19/2024 Description An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2. Solution(s) freebsd-upgrade-package-mongodb50 freebsd-upgrade-package-mongodb60 freebsd-upgrade-package-mongodb70 freebsd-upgrade-package-mongodb80 References CVE-2024-10921

FreeBSD: VID-A03636F4-A29F-11EF-AF48-6CC21735F730 (CVE-2024-10979): PostgreSQL -- PL/Perl environment variable changes execute arbitrary code Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/14/2024 Created 11/16/2024 Added 11/15/2024 Modified 02/14/2025 Description Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH).That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) freebsd-upgrade-package-postgresql12-plperl freebsd-upgrade-package-postgresql13-plperl freebsd-upgrade-package-postgresql14-plperl freebsd-upgrade-package-postgresql15-plperl freebsd-upgrade-package-postgresql16-plperl freebsd-upgrade-package-postgresql17-plperl References CVE-2024-10979

SUSE: CVE-2024-10978: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/14/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature.The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker.If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION.The attacker does not control which incorrect user ID applies.Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) suse-upgrade-libecpg6 suse-upgrade-libecpg6-32bit suse-upgrade-libpq5 suse-upgrade-libpq5-32bit suse-upgrade-postgresql suse-upgrade-postgresql-contrib suse-upgrade-postgresql-devel suse-upgrade-postgresql-docs suse-upgrade-postgresql-llvmjit suse-upgrade-postgresql-llvmjit-devel suse-upgrade-postgresql-plperl suse-upgrade-postgresql-plpython suse-upgrade-postgresql-pltcl suse-upgrade-postgresql-server suse-upgrade-postgresql-server-devel suse-upgrade-postgresql-test suse-upgrade-postgresql12 suse-upgrade-postgresql12-contrib suse-upgrade-postgresql12-devel suse-upgrade-postgresql12-docs suse-upgrade-postgresql12-llvmjit suse-upgrade-postgresql12-llvmjit-devel suse-upgrade-postgresql12-plperl suse-upgrade-postgresql12-plpython suse-upgrade-postgresql12-pltcl suse-upgrade-postgresql12-server suse-upgrade-postgresql12-server-devel suse-upgrade-postgresql12-test suse-upgrade-postgresql13 suse-upgrade-postgresql13-contrib suse-upgrade-postgresql13-devel suse-upgrade-postgresql13-docs suse-upgrade-postgresql13-llvmjit suse-upgrade-postgresql13-llvmjit-devel suse-upgrade-postgresql13-plperl suse-upgrade-postgresql13-plpython suse-upgrade-postgresql13-pltcl suse-upgrade-postgresql13-server suse-upgrade-postgresql13-server-devel suse-upgrade-postgresql13-test suse-upgrade-postgresql14 suse-upgrade-postgresql14-contrib suse-upgrade-postgresql14-devel suse-upgrade-postgresql14-docs suse-upgrade-postgresql14-llvmjit suse-upgrade-postgresql14-llvmjit-devel suse-upgrade-postgresql14-plperl suse-upgrade-postgresql14-plpython suse-upgrade-postgresql14-pltcl suse-upgrade-postgresql14-server suse-upgrade-postgresql14-server-devel suse-upgrade-postgresql14-test suse-upgrade-postgresql15 suse-upgrade-postgresql15-contrib suse-upgrade-postgresql15-devel suse-upgrade-postgresql15-docs suse-upgrade-postgresql15-llvmjit suse-upgrade-postgresql15-llvmjit-devel suse-upgrade-postgresql15-plperl suse-upgrade-postgresql15-plpython suse-upgrade-postgresql15-pltcl suse-upgrade-postgresql15-server suse-upgrade-postgresql15-server-devel suse-upgrade-postgresql15-test suse-upgrade-postgresql16 suse-upgrade-postgresql16-contrib suse-upgrade-postgresql16-devel suse-upgrade-postgresql16-docs suse-upgrade-postgresql16-llvmjit suse-upgrade-postgresql16-llvmjit-devel suse-upgrade-postgresql16-plperl suse-upgrade-postgresql16-plpython suse-upgrade-postgresql16-pltcl suse-upgrade-postgresql16-server suse-upgrade-postgresql16-server-devel suse-upgrade-postgresql16-test suse-upgrade-postgresql17 suse-upgrade-postgresql17-contrib suse-upgrade-postgresql17-devel suse-upgrade-postgresql17-docs suse-upgrade-postgresql17-llvmjit suse-upgrade-postgresql17-llvmjit-devel suse-upgrade-postgresql17-plperl suse-upgrade-postgresql17-plpython suse-upgrade-postgresql17-pltcl suse-upgrade-postgresql17-server suse-upgrade-postgresql17-server-devel suse-upgrade-postgresql17-test References https://attackerkb.com/topics/cve-2024-10978 CVE - 2024-10978

VMware Photon OS: CVE-2024-10977 Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 11/14/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application.For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results.This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-10977 CVE - 2024-10977

VMware Photon OS: CVE-2024-10978 Severity 4 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:N) Published 11/14/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature.The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker.If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION.The attacker does not control which incorrect user ID applies.Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-10978 CVE - 2024-10978

Oracle Linux: CVE-2024-10978: ELSA-2024-10788:postgresql:16 security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:N) Published 11/14/2024 Created 12/10/2024 Added 12/05/2024 Modified 01/08/2025 Description Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature.The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker.If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION.The attacker does not control which incorrect user ID applies.Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features. Solution(s) oracle-linux-upgrade-pgaudit oracle-linux-upgrade-pg-repack oracle-linux-upgrade-pgvector oracle-linux-upgrade-postgres-decoderbufs oracle-linux-upgrade-postgresql oracle-linux-upgrade-postgresql-contrib oracle-linux-upgrade-postgresql-docs oracle-linux-upgrade-postgresql-plperl oracle-linux-upgrade-postgresql-plpython3 oracle-linux-upgrade-postgresql-pltcl oracle-linux-upgrade-postgresql-private-devel oracle-linux-upgrade-postgresql-private-libs oracle-linux-upgrade-postgresql-server oracle-linux-upgrade-postgresql-server-devel oracle-linux-upgrade-postgresql-static oracle-linux-upgrade-postgresql-test oracle-linux-upgrade-postgresql-test-rpm-macros oracle-linux-upgrade-postgresql-upgrade oracle-linux-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2024-10978 CVE - 2024-10978 ELSA-2024-10788 ELSA-2024-10831 ELSA-2024-10832 ELSA-2024-10830 ELSA-2024-10785 ELSA-2024-10787 ELSA-2024-10791 View more

Alma Linux: CVE-2024-10976: Important: postgresql:12 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/14/2024 Created 12/07/2024 Added 12/06/2024 Modified 02/14/2025 Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.This has the same consequences as the two earlier CVEs.That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.This affects only databases that have used CREATE POLICY to define a row security policy.An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) alma-upgrade-pg_repack alma-upgrade-pgaudit alma-upgrade-pgvector alma-upgrade-postgres-decoderbufs alma-upgrade-postgresql alma-upgrade-postgresql-contrib alma-upgrade-postgresql-docs alma-upgrade-postgresql-plperl alma-upgrade-postgresql-plpython3 alma-upgrade-postgresql-pltcl alma-upgrade-postgresql-private-devel alma-upgrade-postgresql-private-libs alma-upgrade-postgresql-server alma-upgrade-postgresql-server-devel alma-upgrade-postgresql-static alma-upgrade-postgresql-test alma-upgrade-postgresql-test-rpm-macros alma-upgrade-postgresql-upgrade alma-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2024-10976 CVE - 2024-10976 https://errata.almalinux.org/8/ALSA-2024-10785.html https://errata.almalinux.org/8/ALSA-2024-10830.html https://errata.almalinux.org/8/ALSA-2024-10831.html https://errata.almalinux.org/8/ALSA-2024-10832.html https://errata.almalinux.org/9/ALSA-2024-10787.html https://errata.almalinux.org/9/ALSA-2024-10788.html https://errata.almalinux.org/9/ALSA-2024-10791.html View more

Alma Linux: CVE-2024-10979: Important: postgresql:12 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/14/2024 Created 12/07/2024 Added 12/06/2024 Modified 02/14/2025 Description Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH).That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) alma-upgrade-pg_repack alma-upgrade-pgaudit alma-upgrade-pgvector alma-upgrade-postgres-decoderbufs alma-upgrade-postgresql alma-upgrade-postgresql-contrib alma-upgrade-postgresql-docs alma-upgrade-postgresql-plperl alma-upgrade-postgresql-plpython3 alma-upgrade-postgresql-pltcl alma-upgrade-postgresql-private-devel alma-upgrade-postgresql-private-libs alma-upgrade-postgresql-server alma-upgrade-postgresql-server-devel alma-upgrade-postgresql-static alma-upgrade-postgresql-test alma-upgrade-postgresql-test-rpm-macros alma-upgrade-postgresql-upgrade alma-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2024-10979 CVE - 2024-10979 https://errata.almalinux.org/8/ALSA-2024-10785.html https://errata.almalinux.org/8/ALSA-2024-10830.html https://errata.almalinux.org/8/ALSA-2024-10831.html https://errata.almalinux.org/8/ALSA-2024-10832.html https://errata.almalinux.org/9/ALSA-2024-10787.html https://errata.almalinux.org/9/ALSA-2024-10788.html https://errata.almalinux.org/9/ALSA-2024-10791.html View more

PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/18/2024 Created 01/08/2025 Added 01/07/2025 Modified 02/03/2025 Description An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 (https://security.paloaltonetworks.com/CVE-2024-9474). The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access are not impacted by this vulnerability. Solution(s) palo-alto-networks-pan-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-0012 CVE - 2024-0012 https://security.paloaltonetworks.com/CVE-2024-0012

Moodle: Information Exposure Through an Error Message (CVE-2024-48896) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/18/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/30/2025 Description A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site. Solution(s) moodle-upgrade-latest References https://attackerkb.com/topics/cve-2024-48896 CVE - 2024-48896 https://bugzilla.redhat.com/show_bug.cgi?id=2318822

Moodle: Incorrect Authorization (CVE-2024-48901) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 11/18/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/28/2025 Description A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report. Solution(s) moodle-upgrade-latest References https://attackerkb.com/topics/cve-2024-48901 CVE - 2024-48901 https://bugzilla.redhat.com/show_bug.cgi?id=2318817

Debian: CVE-2024-52316: tomcat10, tomcat9 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/18/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/20/2025 Description Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. Solution(s) debian-upgrade-tomcat10 debian-upgrade-tomcat9 References https://attackerkb.com/topics/cve-2024-52316 CVE - 2024-52316 DLA-4017-1 DSA-5845-1

PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:C/A:N) Published 11/18/2024 Created 11/19/2024 Added 11/18/2024 Modified 01/08/2025 Description Deprecated Solution(s)

Debian: CVE-2024-52946: lemonldap-ng -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/18/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. Solution(s) debian-upgrade-lemonldap-ng References https://attackerkb.com/topics/cve-2024-52946 CVE - 2024-52946 DLA-3979-1

Debian: CVE-2023-39179: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/18/2024 Created 11/19/2024 Added 11/18/2024 Modified 11/21/2024 Description A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-39179 CVE - 2023-39179

Moodle: Missing Authorization (CVE-2024-48898) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 11/18/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/28/2025 Description A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from. Solution(s) moodle-upgrade-latest References https://attackerkb.com/topics/cve-2024-48898 CVE - 2024-48898 https://bugzilla.redhat.com/show_bug.cgi?id=2318820

Ubuntu: (CVE-2023-39179): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/18/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-15 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-15 ubuntu-upgrade-linux-intel-iot-realtime ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv-5-15 ubuntu-upgrade-linux-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-39179 CVE - 2023-39179 https://git.kernel.org/linus/e202a1e8634b186da38cbbff85382ea2b9e297cf https://www.cve.org/CVERecord?id=CVE-2023-39179

Moodle: Incorrect Authorization (CVE-2024-48897) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 11/18/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/28/2025 Description A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify. Solution(s) moodle-upgrade-latest References https://attackerkb.com/topics/cve-2024-48897 CVE - 2024-48897 https://bugzilla.redhat.com/show_bug.cgi?id=2318821

Debian: CVE-2024-52304: python-aiohttp -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/18/2024 Created 12/17/2024 Added 12/16/2024 Modified 02/05/2025 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue. Solution(s) debian-upgrade-python-aiohttp References https://attackerkb.com/topics/cve-2024-52304 CVE - 2024-52304 DSA-5828-1