ISHACK AI BOT

OS X update for apache (CVE-2022-48575) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for CVMS (CVE-2022-26758) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for IOKit (CVE-2022-48575) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for Intel Graphics Driver (CVE-2022-26758) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for IOMobileFrameBuffer (CVE-2022-48575) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for Bluetooth (CVE-2022-26758) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

OS X update for libxml2 (CVE-2022-48575) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/14/2024 Created 10/14/2024 Added 10/14/2024 Modified 10/16/2024 Description Deprecated Solution(s)

Oracle Linux: CVE-2024-47875: ELSA-2024-8327:grafana security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 10/11/2024 Created 11/13/2024 Added 11/11/2024 Modified 12/06/2024 Description DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Solution(s) oracle-linux-upgrade-grafana oracle-linux-upgrade-grafana-selinux References https://attackerkb.com/topics/cve-2024-47875 CVE - 2024-47875 ELSA-2024-8327 ELSA-2024-8678 ELSA-2024-9473

Red Hat: CVE-2024-47875: dompurify: nesting-based mutation XSS vulnerability (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 10/11/2024 Created 10/24/2024 Added 10/23/2024 Modified 11/13/2024 Description DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Solution(s) redhat-upgrade-grafana redhat-upgrade-grafana-debuginfo redhat-upgrade-grafana-debugsource redhat-upgrade-grafana-selinux References CVE-2024-47875 RHSA-2024:8327 RHSA-2024:8678 RHSA-2024:9473

Rocky Linux: CVE-2024-47875: grafana (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/11/2024 Created 11/05/2024 Added 11/04/2024 Modified 11/19/2024 Description DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Solution(s) rocky-upgrade-grafana rocky-upgrade-grafana-debuginfo rocky-upgrade-grafana-debugsource rocky-upgrade-grafana-selinux References https://attackerkb.com/topics/cve-2024-47875 CVE - 2024-47875 https://errata.rockylinux.org/RLSA-2024:8327 https://errata.rockylinux.org/RLSA-2024:8678

Wireshark : CVE-2024-9781 : AppleTalk and RELOAD Framing dissector crashes Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2024 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-4_2_8 wireshark-upgrade-4_4_1 References https://attackerkb.com/topics/cve-2024-9781 CVE - 2024-9781 https://www.wireshark.org/security/wnpa-sec-2024-13.html

Wireshark : CVE-2024-9780 : ITS dissector crash Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/11/2024 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-4_4_1 References https://attackerkb.com/topics/cve-2024-9780 CVE - 2024-9780 https://www.wireshark.org/security/wnpa-sec-2024-12.html

Debian: CVE-2024-47875: cacti, node-dompurify -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/11/2024 Created 10/16/2024 Added 10/15/2024 Modified 02/12/2025 Description DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Solution(s) debian-upgrade-cacti debian-upgrade-node-dompurify References https://attackerkb.com/topics/cve-2024-47875 CVE - 2024-47875 DSA-5790-1

Alma Linux: CVE-2024-47875: Important: grafana security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/11/2024 Created 10/25/2024 Added 10/24/2024 Modified 11/19/2024 Description DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Solution(s) alma-upgrade-grafana alma-upgrade-grafana-selinux References https://attackerkb.com/topics/cve-2024-47875 CVE - 2024-47875 https://errata.almalinux.org/8/ALSA-2024-8327.html https://errata.almalinux.org/9/ALSA-2024-8678.html https://errata.almalinux.org/9/ALSA-2024-9473.html

Google Chrome Vulnerability: CVE-2024-9859 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2024 Created 01/18/2025 Added 01/15/2025 Modified 01/28/2025 Description Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9859 CVE - 2024-9859

Amazon Linux 2023: CVE-2024-9781: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file A flaw was found in the AppleTalk and RELOAD Framing dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or the network, causing invalid read memory access and a denial of service. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2024-9781 CVE - 2024-9781 https://alas.aws.amazon.com/AL2023/ALAS-2025-837.html

Debian: CVE-2024-48957: libarchive -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. Solution(s) debian-upgrade-libarchive References https://attackerkb.com/topics/cve-2024-48957 CVE - 2024-48957

Amazon Linux 2023: CVE-2024-48957: Important priority package update for libarchive Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer. Solution(s) amazon-linux-2023-upgrade-bsdcat amazon-linux-2023-upgrade-bsdcat-debuginfo amazon-linux-2023-upgrade-bsdcpio amazon-linux-2023-upgrade-bsdcpio-debuginfo amazon-linux-2023-upgrade-bsdtar amazon-linux-2023-upgrade-bsdtar-debuginfo amazon-linux-2023-upgrade-bsdunzip amazon-linux-2023-upgrade-bsdunzip-debuginfo amazon-linux-2023-upgrade-libarchive amazon-linux-2023-upgrade-libarchive-debuginfo amazon-linux-2023-upgrade-libarchive-debugsource amazon-linux-2023-upgrade-libarchive-devel References https://attackerkb.com/topics/cve-2024-48957 CVE - 2024-48957 https://alas.aws.amazon.com/AL2023/ALAS-2024-742.html

Amazon Linux 2023: CVE-2024-48958: Important priority package update for libarchive Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer. Solution(s) amazon-linux-2023-upgrade-bsdcat amazon-linux-2023-upgrade-bsdcat-debuginfo amazon-linux-2023-upgrade-bsdcpio amazon-linux-2023-upgrade-bsdcpio-debuginfo amazon-linux-2023-upgrade-bsdtar amazon-linux-2023-upgrade-bsdtar-debuginfo amazon-linux-2023-upgrade-bsdunzip amazon-linux-2023-upgrade-bsdunzip-debuginfo amazon-linux-2023-upgrade-libarchive amazon-linux-2023-upgrade-libarchive-debuginfo amazon-linux-2023-upgrade-libarchive-debugsource amazon-linux-2023-upgrade-libarchive-devel References https://attackerkb.com/topics/cve-2024-48958 CVE - 2024-48958 https://alas.aws.amazon.com/AL2023/ALAS-2024-742.html

SUSE: CVE-2024-9781: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark17 suse-upgrade-libwiretap14 suse-upgrade-libwsutil15 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2024-9781 CVE - 2024-9781

SUSE: CVE-2024-9180: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 10/10/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-9180 CVE - 2024-9180

SUSE: CVE-2024-9312: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/10/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-9312 CVE - 2024-9312

Ubuntu: USN-7070-1 (CVE-2024-48958): libarchive vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2024 Created 10/18/2024 Added 10/17/2024 Modified 01/28/2025 Description execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. Solution(s) ubuntu-pro-upgrade-libarchive13 ubuntu-pro-upgrade-libarchive13t64 References https://attackerkb.com/topics/cve-2024-48958 CVE - 2024-48958 USN-7070-1

VMware Photon OS: CVE-2024-48958 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/10/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-48958 CVE - 2024-48958

Debian: CVE-2024-48958: libarchive -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. Solution(s) debian-upgrade-libarchive References https://attackerkb.com/topics/cve-2024-48958 CVE - 2024-48958