ISHACK AI BOT

Oracle MySQL Vulnerability: CVE-2024-21213 Severity 4 CVSS (AV:L/AC:M/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21213 CVE - 2024-21213 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21238 Severity 6 CVSS (AV:N/AC:M/Au:S/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21238 CVE - 2024-21238 https://www.oracle.com/security-alerts/cpuoct2024.html

FreeBSD: VID-1E71E366-080B-4E8F-A9E6-150BF698186B (CVE-2024-9962): chromium -- multiple security fixes Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/15/2024 Created 10/29/2024 Added 10/27/2024 Modified 01/28/2025 Description Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9962

FreeBSD: VID-1E71E366-080B-4E8F-A9E6-150BF698186B (CVE-2024-9961): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/29/2024 Added 10/27/2024 Modified 01/28/2025 Description Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9961

FreeBSD: (Multiple Advisories) (CVE-2024-9966): chromium -- multiple security fixes Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/15/2024 Created 10/29/2024 Added 10/27/2024 Modified 01/28/2025 Description Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9966

Microsoft Edge Chromium: CVE-2024-9963 Insufficient data validation in Downloads Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9963 CVE - 2024-9963 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9963

Microsoft Edge Chromium: CVE-2024-9959 Use after free in DevTools Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9959 CVE - 2024-9959 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9959

IBM WebSphere Application Server: CVE-2024-45085: Vulnerable to a denial of service Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/15/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. Solution(s) ibm-was-install-8-5-0-0-ph62753 ibm-was-upgrade-8-5-0-0-8-5-5-27 References https://attackerkb.com/topics/cve-2024-45085 CVE - 2024-45085 https://www.ibm.com/support/pages/node/7173128

Oracle E-Business Suite: CVE-2024-21269: Critical Patch Update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 10/15/2024 Created 10/25/2024 Added 10/24/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well asunauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Solution(s) oracle-ebs-oct-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21269 CVE - 2024-21269 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3037725.1 https://www.oracle.com/security-alerts/cpuoct2024.html

SUSE: CVE-2024-9966: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/15/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-9966 CVE - 2024-9966

Amazon Linux 2023: CVE-2024-21208: Medium priority package update for java-21-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 10/15/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-debugsymbols amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto amazon-linux-2023-upgrade-java-21-amazon-corretto-debugsymbols amazon-linux-2023-upgrade-java-21-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto-headless amazon-linux-2023-upgrade-java-21-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-21-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2024-21208 CVE - 2024-21208 https://alas.aws.amazon.com/AL2023/ALAS-2024-751.html https://alas.aws.amazon.com/AL2023/ALAS-2024-752.html https://alas.aws.amazon.com/AL2023/ALAS-2024-753.html https://alas.aws.amazon.com/AL2023/ALAS-2024-754.html

Amazon Linux 2023: CVE-2024-21217: Medium priority package update for java-21-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 10/15/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-debugsymbols amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto amazon-linux-2023-upgrade-java-21-amazon-corretto-debugsymbols amazon-linux-2023-upgrade-java-21-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto-headless amazon-linux-2023-upgrade-java-21-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-21-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2024-21217 CVE - 2024-21217 https://alas.aws.amazon.com/AL2023/ALAS-2024-751.html https://alas.aws.amazon.com/AL2023/ALAS-2024-752.html https://alas.aws.amazon.com/AL2023/ALAS-2024-753.html https://alas.aws.amazon.com/AL2023/ALAS-2024-754.html

VMware Photon OS: CVE-2024-21210 Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 10/15/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description Vulnerability in Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21210 CVE - 2024-21210

VMware Photon OS: CVE-2024-21217 Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 10/15/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21217 CVE - 2024-21217

Oracle MySQL Vulnerability: CVE-2024-21241 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21241 CVE - 2024-21241 https://www.oracle.com/security-alerts/cpuoct2024.html

Oracle MySQL Vulnerability: CVE-2024-21236 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21236 CVE - 2024-21236 https://www.oracle.com/security-alerts/cpuoct2024.html

Amazon Linux 2023: CVE-2024-21210: Medium priority package update for java-21-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 10/15/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-debugsymbols amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto amazon-linux-2023-upgrade-java-21-amazon-corretto-debugsymbols amazon-linux-2023-upgrade-java-21-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto-headless amazon-linux-2023-upgrade-java-21-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-21-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2024-21210 CVE - 2024-21210 https://alas.aws.amazon.com/AL2023/ALAS-2024-751.html https://alas.aws.amazon.com/AL2023/ALAS-2024-752.html https://alas.aws.amazon.com/AL2023/ALAS-2024-753.html https://alas.aws.amazon.com/AL2023/ALAS-2024-754.html

Oracle MySQL Vulnerability: CVE-2024-21231 Severity 4 CVSS (AV:N/AC:M/Au:S/C:N/I:N/A:P) Published 10/15/2024 Created 10/18/2024 Added 10/18/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21231 CVE - 2024-21231 https://www.oracle.com/security-alerts/cpuoct2024.html

SUSE: CVE-2024-8184: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/14/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/30/2025 Description There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. Solution(s) suse-upgrade-jetty-annotations suse-upgrade-jetty-ant suse-upgrade-jetty-cdi suse-upgrade-jetty-client suse-upgrade-jetty-continuation suse-upgrade-jetty-deploy suse-upgrade-jetty-fcgi suse-upgrade-jetty-http suse-upgrade-jetty-http-spi suse-upgrade-jetty-io suse-upgrade-jetty-jaas suse-upgrade-jetty-jmx suse-upgrade-jetty-jndi suse-upgrade-jetty-jsp suse-upgrade-jetty-minimal-javadoc suse-upgrade-jetty-openid suse-upgrade-jetty-plus suse-upgrade-jetty-proxy suse-upgrade-jetty-quickstart suse-upgrade-jetty-rewrite suse-upgrade-jetty-security suse-upgrade-jetty-server suse-upgrade-jetty-servlet suse-upgrade-jetty-servlets suse-upgrade-jetty-start suse-upgrade-jetty-util suse-upgrade-jetty-util-ajax suse-upgrade-jetty-webapp suse-upgrade-jetty-xml References https://attackerkb.com/topics/cve-2024-8184 CVE - 2024-8184

OS X update for AppleScript (CVE-2022-26758) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

MFSA2024-53 Firefox: Security Vulnerability fixed in Firefox 131.0.3 (CVE-2024-9936) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/16/2024 Added 10/15/2024 Modified 10/16/2024 Description When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. Solution(s) mozilla-firefox-upgrade-131_0_3 References https://attackerkb.com/topics/cve-2024-9936 CVE - 2024-9936 http://www.mozilla.org/security/announce/2024/mfsa2024-53.html

Red Hat JBossEAP: Improper Validation of Syntactic Correctness of Input (CVE-2024-6763) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 10/14/2024 Created 12/24/2024 Added 12/20/2024 Modified 12/20/2024 Description Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI.However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC.Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.. A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect attack or an SSRF attack if the URI is used after passing validation checks. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-6763 CVE - 2024-6763 https://access.redhat.com/security/cve/CVE-2024-6763 https://bugzilla.redhat.com/show_bug.cgi?id=2318563 https://github.com/jetty/jetty.project/pull/12012 https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh https://gitlab.eclipse.org/security/cve-assignement/-/issues/25

OS X update for IOKit (CVE-2022-26758) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for Contacts (CVE-2022-26758) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for ImageIO (CVE-2022-48575) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)