ISHACK AI BOT

SUSE: CVE-2024-9955: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-9955 CVE - 2024-9955

Ubuntu: USN-7102-1 (CVE-2024-21198): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21198 CVE - 2024-21198 USN-7102-1

Microsoft Edge Chromium: CVE-2024-9957 Use after free in UI Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9957 CVE - 2024-9957 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9957

Microsoft Edge Chromium: CVE-2024-9955 Use after free in Web Authentication Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9955 CVE - 2024-9955 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9955

Microsoft Edge Chromium: CVE-2024-9958 Inappropriate implementation in PictureInPicture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9958 CVE - 2024-9958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9958

Microsoft Edge Chromium: CVE-2024-9961 Use after free in Parcel Tracking Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9961 CVE - 2024-9961 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9961

Microsoft Edge Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9956 CVE - 2024-9956 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9956

Ubuntu: USN-7102-1 (CVE-2024-21193): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21193 CVE - 2024-21193 USN-7102-1

FreeBSD: VID-1E71E366-080B-4E8F-A9E6-150BF698186B (CVE-2024-9960): chromium -- multiple security fixes Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/29/2024 Added 10/27/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9960

FreeBSD: VID-1E71E366-080B-4E8F-A9E6-150BF698186B (CVE-2024-9956): chromium -- multiple security fixes Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/29/2024 Added 10/27/2024 Modified 01/28/2025 Description Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9956

FreeBSD: VID-1E71E366-080B-4E8F-A9E6-150BF698186B (CVE-2024-9954): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/29/2024 Added 10/27/2024 Modified 01/28/2025 Description Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9954

Oracle MySQL Vulnerability: CVE-2024-21230 Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21230 CVE - 2024-21230 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21201 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21201 CVE - 2024-21201 https://www.oracle.com/security-alerts/cpuoct2024.html

Ubuntu: USN-7102-1 (CVE-2024-21194): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21194 CVE - 2024-21194 USN-7102-1

Oracle MySQL Vulnerability: CVE-2024-21218 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21218 CVE - 2024-21218 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21247 Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Client accessible data as well asunauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21247 CVE - 2024-21247 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21232 Severity 3 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:P) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).Supported versions that are affected are 8.4.2 and prior and9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21232 CVE - 2024-21232 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21193 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/22/2024 Added 10/21/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21193 CVE - 2024-21193 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21243 Severity 3 CVSS (AV:N/AC:M/Au:M/C:P/I:N/A:N) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry).Supported versions that are affected are 8.4.2 and prior and9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21243 CVE - 2024-21243 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21272 Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 10/15/2024 Created 10/25/2024 Added 10/24/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python).Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21272 CVE - 2024-21272 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21244 Severity 3 CVSS (AV:N/AC:M/Au:M/C:P/I:N/A:N) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry).Supported versions that are affected are 8.4.2 and prior and9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21244 CVE - 2024-21244 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21204 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/22/2024 Added 10/21/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).Supported versions that are affected are 8.4.0 and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21204 CVE - 2024-21204 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21239 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21239 CVE - 2024-21239 https://www.oracle.com/security-alerts/cpuoct2024.html

Huawei EulerOS: CVE-2024-47674: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/15/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw mapping of PFNs with no reference counting of a 'struct page'. That's all very much intentional, but it does mean that it's easy to mess up the cleanup in case of errors.Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it's very easy to do the error handling in the wrong order. In particular, it's easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-47674 CVE - 2024-47674 EulerOS-SA-2025-1159

Oracle MySQL Vulnerability: CVE-2024-21194 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/22/2024 Added 10/21/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21194 CVE - 2024-21194 https://www.oracle.com/security-alerts/cpuoct2024.html