ISHACK AI BOT

JetBrains TeamCity: CVE-2024-47950: Stored XSS was possible in Backup configuration settings. Reported by Thomas Siegbert (TW-89700) Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 10/08/2024 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-47950 CVE - 2024-47950 https://www.jetbrains.com/privacy-security/issues-fixed/

Adobe Animate: CVE-2024-49528: Security updates available for Adobe Animate (APSB24-76) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-49528 CVE - 2024-49528 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-49527: Security updates available for Adobe Animate (APSB24-76) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 10/08/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-49527 CVE - 2024-49527 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-49526: Security updates available for Adobe Animate (APSB24-76) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-49526 CVE - 2024-49526 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-47420: Security updates available for Adobe Animate (APSB24-76) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-47420 CVE - 2024-47420 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-47419: Security updates available for Adobe Animate (APSB24-76) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-47419 CVE - 2024-47419 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-47417: Security updates available for Adobe Animate (APSB24-76) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-47417 CVE - 2024-47417 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-47410: Security updates available for Adobe Animate (APSB24-76) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-47410 CVE - 2024-47410 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Adobe Animate: CVE-2024-47411: Security updates available for Adobe Animate (APSB24-76) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/10/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-47411 CVE - 2024-47411 https://helpx.adobe.com/security/products/animate/apsb24-76.html

Gentoo Linux: CVE-2024-9026: PHP: Multiple Vulnerabilities Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 10/08/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. Solution(s) gentoo-linux-upgrade-dev-lang-php References https://attackerkb.com/topics/cve-2024-9026 CVE - 2024-9026 202501-11

Alpine Linux: CVE-2024-45231: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/08/2024 Created 10/12/2024 Added 10/10/2024 Modified 01/28/2025 Description An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). Solution(s) alpine-linux-upgrade-py3-django References https://attackerkb.com/topics/cve-2024-45231 CVE - 2024-45231 https://security.alpinelinux.org/vuln/CVE-2024-45231

Gentoo Linux: CVE-2024-8927: PHP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/08/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. Solution(s) gentoo-linux-upgrade-dev-lang-php References https://attackerkb.com/topics/cve-2024-8927 CVE - 2024-8927 202501-11

Gentoo Linux: CVE-2024-9602: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-9602 CVE - 2024-9602 202501-09

Alpine Linux: CVE-2024-45230: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/12/2024 Added 10/10/2024 Modified 01/28/2025 Description An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. Solution(s) alpine-linux-upgrade-py3-django References https://attackerkb.com/topics/cve-2024-45230 CVE - 2024-45230 https://security.alpinelinux.org/vuln/CVE-2024-45230

Gentoo Linux: CVE-2024-9603: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-9603 CVE - 2024-9603 202501-09

Oracle Linux: CVE-2024-43483: ELSA-2024-7868:.NET 8.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/07/2025 Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-6-0 oracle-linux-upgrade-aspnetcore-runtime-8-0 oracle-linux-upgrade-aspnetcore-runtime-dbg-8-0 oracle-linux-upgrade-aspnetcore-targeting-pack-6-0 oracle-linux-upgrade-aspnetcore-targeting-pack-8-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-6-0 oracle-linux-upgrade-dotnet-apphost-pack-8-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-6-0 oracle-linux-upgrade-dotnet-hostfxr-8-0 oracle-linux-upgrade-dotnet-runtime-6-0 oracle-linux-upgrade-dotnet-runtime-8-0 oracle-linux-upgrade-dotnet-runtime-dbg-8-0 oracle-linux-upgrade-dotnet-sdk-6-0 oracle-linux-upgrade-dotnet-sdk-6-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-8-0 oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-dbg-8-0 oracle-linux-upgrade-dotnet-targeting-pack-6-0 oracle-linux-upgrade-dotnet-targeting-pack-8-0 oracle-linux-upgrade-dotnet-templates-6-0 oracle-linux-upgrade-dotnet-templates-8-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2024-43483 CVE - 2024-43483 ELSA-2024-7868 ELSA-2024-7851 ELSA-2024-7867 ELSA-2024-7869

Gentoo Linux: CVE-2024-8925: PHP: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/08/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. Solution(s) gentoo-linux-upgrade-dev-lang-php References https://attackerkb.com/topics/cve-2024-8925 CVE - 2024-8925 202501-11

Ubuntu: USN-7058-1 (CVE-2024-43484): .NET vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-6-0 ubuntu-upgrade-aspnetcore-runtime-8-0 ubuntu-upgrade-dotnet-host ubuntu-upgrade-dotnet-host-8-0 ubuntu-upgrade-dotnet-hostfxr-6-0 ubuntu-upgrade-dotnet-hostfxr-8-0 ubuntu-upgrade-dotnet-runtime-6-0 ubuntu-upgrade-dotnet-runtime-8-0 ubuntu-upgrade-dotnet-sdk-6-0 ubuntu-upgrade-dotnet-sdk-8-0 ubuntu-upgrade-dotnet6 ubuntu-upgrade-dotnet8 References https://attackerkb.com/topics/cve-2024-43484 CVE - 2024-43484 USN-7058-1

Ubuntu: USN-7058-1 (CVE-2024-43483): .NET vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-6-0 ubuntu-upgrade-aspnetcore-runtime-8-0 ubuntu-upgrade-dotnet-host ubuntu-upgrade-dotnet-host-8-0 ubuntu-upgrade-dotnet-hostfxr-6-0 ubuntu-upgrade-dotnet-hostfxr-8-0 ubuntu-upgrade-dotnet-runtime-6-0 ubuntu-upgrade-dotnet-runtime-8-0 ubuntu-upgrade-dotnet-sdk-6-0 ubuntu-upgrade-dotnet-sdk-8-0 ubuntu-upgrade-dotnet6 ubuntu-upgrade-dotnet8 References https://attackerkb.com/topics/cve-2024-43483 CVE - 2024-43483 USN-7058-1

Microsoft Windows: CVE-2024-43529: Windows Print Spooler Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43529: Windows Print Spooler Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2022-21h2-kb5044281 microsoft-windows-windows_server_2022-22h2-kb5044281 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43529 CVE - 2024-43529 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044281 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044288 View more

Microsoft Windows: CVE-2024-43551: Windows Storage Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43551: Windows Storage Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5044293 microsoft-windows-windows_10-1809-kb5044277 microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2016-1607-kb5044293 microsoft-windows-windows_server_2019-1809-kb5044277 microsoft-windows-windows_server_2022-21h2-kb5044281 microsoft-windows-windows_server_2022-22h2-kb5044281 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43551 CVE - 2024-43551 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044277 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044281 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044288 https://support.microsoft.com/help/5044293 View more

Microsoft Windows: CVE-2024-43554: Windows Kernel-Mode Driver Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43554: Windows Kernel-Mode Driver Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5044286 microsoft-windows-windows_10-1607-kb5044293 microsoft-windows-windows_10-1809-kb5044277 microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2016-1607-kb5044293 microsoft-windows-windows_server_2019-1809-kb5044277 microsoft-windows-windows_server_2022-21h2-kb5044281 microsoft-windows-windows_server_2022-22h2-kb5044281 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43554 CVE - 2024-43554 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044277 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044281 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044286 https://support.microsoft.com/help/5044288 https://support.microsoft.com/help/5044293 View more

Microsoft Windows: CVE-2024-43559: Windows Mobile Broadband Driver Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43559: Windows Mobile Broadband Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5044277 microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2019-1809-kb5044277 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43559 CVE - 2024-43559 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044277 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044288 View more

Microsoft Windows: CVE-2024-43561: Windows Mobile Broadband Driver Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 10/08/2024 Created 10/09/2024 Added 10/08/2024 Modified 11/12/2024 Description Microsoft Windows: CVE-2024-43561: Windows Mobile Broadband Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5044277 microsoft-windows-windows_10-21h2-kb5044273 microsoft-windows-windows_10-22h2-kb5044273 microsoft-windows-windows_11-21h2-kb5044280 microsoft-windows-windows_11-22h2-kb5044285 microsoft-windows-windows_11-23h2-kb5044285 microsoft-windows-windows_11-24h2-kb5044284 microsoft-windows-windows_server_2019-1809-kb5044277 microsoft-windows-windows_server_2022-23h2-kb5044288 References https://attackerkb.com/topics/cve-2024-43561 CVE - 2024-43561 https://support.microsoft.com/help/5044273 https://support.microsoft.com/help/5044277 https://support.microsoft.com/help/5044280 https://support.microsoft.com/help/5044284 https://support.microsoft.com/help/5044285 https://support.microsoft.com/help/5044288 View more

Oracle Linux: CVE-2024-38229: ELSA-2024-7868:.NET 8.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/08/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/07/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-8-0 oracle-linux-upgrade-aspnetcore-runtime-dbg-8-0 oracle-linux-upgrade-aspnetcore-targeting-pack-8-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-8-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-8-0 oracle-linux-upgrade-dotnet-runtime-8-0 oracle-linux-upgrade-dotnet-runtime-dbg-8-0 oracle-linux-upgrade-dotnet-sdk-8-0 oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-dbg-8-0 oracle-linux-upgrade-dotnet-targeting-pack-8-0 oracle-linux-upgrade-dotnet-templates-8-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2024-38229 CVE - 2024-38229 ELSA-2024-7868 ELSA-2024-7869