ISHACK AI BOT

Debian: CVE-2024-53157: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/24/2024 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). |Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 |Mem abort info: |ESR = 0x96000004 |Exception class = DABT (current EL), IL = 32 bits |SET = 0, FnV = 0 |EA = 0, S1PTW = 0 |Data abort info: |ISV = 0, ISS = 0x00000004 |CM = 0, WnR = 0 |user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c |[0000000000000028] pgd=0000000000000000 |Internal error: Oops: 96000004 [#1] SMP |scpi-hwmon: probe of PHYT000D:00 failed with error -110 |Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) |CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 |Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS |pstate: 60000005 (nZCv daif -PAN -UAO) |pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] |lr : clk_register+0x438/0x720 |Call trace: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | platform_drv_probe+0x58/0xa8 | really_probe+0x260/0x3d0 | driver_probe_device+0x12c/0x148 | device_driver_attach+0x74/0x98 | __driver_attach+0xb4/0xe8 | bus_for_each_dev+0x88/0xe0 | driver_attach+0x30/0x40 | bus_add_driver+0x178/0x2b0 | driver_register+0x64/0x118 | __platform_driver_register+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | do_one_initcall+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 |Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) |---[ end trace 06feb22469d89fa8 ]--- |Kernel panic - not syncing: Fatal exception |SMP: stopping secondary CPUs |Kernel Offset: disabled |CPU features: 0x10,a0002008 |Memory Limit: none Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-53157 CVE - 2024-53157

Debian: CVE-2024-53158: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/24/2024 Created 01/14/2025 Added 01/13/2025 Modified 01/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration.However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-53158 CVE - 2024-53158

Amazon Linux 2023: CVE-2024-56201: Important priority package update for ansible-core Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/23/2024 Created 02/05/2025 Added 02/14/2025 Modified 02/14/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. Solution(s) amazon-linux-2023-upgrade-ansible-core amazon-linux-2023-upgrade-ansible-test References https://attackerkb.com/topics/cve-2024-56201 CVE - 2024-56201 https://alas.aws.amazon.com/AL2023/ALAS-2025-811.html

Oracle Linux: CVE-2024-53151: ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 12/24/2024 Created 02/13/2025 Added 02/11/2025 Modified 02/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static checker warning: > >net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() >warn: potential user controlled sizeof overflow 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt) > 489 { > 490 u32 segcount; > 491 __be32 *p; > 492 > 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount)) > ^^^^^^^^ > > 494 return false; > 495 > 496 /* A bogus segcount causes this buffer overflow check to fail. */ > 497 p = xdr_inline_decode(&rctxt->rc_stream, > --> 498 segcount * rpcrdma_segment_maxsz * sizeof(*p)); > > > segcount is an untrusted u32.On 32bit systems anything >= SIZE_MAX / 16 will > have an integer overflow and some those values will be accepted by > xdr_inline_decode(). Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-53151 CVE - 2024-53151 ELSA-2025-20095

VMware Photon OS: CVE-2022-21505 Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 12/24/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-21505 CVE - 2022-21505

Oracle Linux: CVE-2024-56326: ELSA-2025-0308:fence-agents security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 12/23/2024 Created 01/18/2025 Added 01/16/2025 Modified 02/05/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. Solution(s) oracle-linux-upgrade-fence-agents-all oracle-linux-upgrade-fence-agents-amt-ws oracle-linux-upgrade-fence-agents-apc oracle-linux-upgrade-fence-agents-apc-snmp oracle-linux-upgrade-fence-agents-bladecenter oracle-linux-upgrade-fence-agents-brocade oracle-linux-upgrade-fence-agents-cisco-mds oracle-linux-upgrade-fence-agents-cisco-ucs oracle-linux-upgrade-fence-agents-common oracle-linux-upgrade-fence-agents-compute oracle-linux-upgrade-fence-agents-drac5 oracle-linux-upgrade-fence-agents-eaton-snmp oracle-linux-upgrade-fence-agents-emerson oracle-linux-upgrade-fence-agents-eps oracle-linux-upgrade-fence-agents-heuristics-ping oracle-linux-upgrade-fence-agents-hpblade oracle-linux-upgrade-fence-agents-ibmblade oracle-linux-upgrade-fence-agents-ibm-powervs oracle-linux-upgrade-fence-agents-ibm-vpc oracle-linux-upgrade-fence-agents-ifmib oracle-linux-upgrade-fence-agents-ilo2 oracle-linux-upgrade-fence-agents-ilo-moonshot oracle-linux-upgrade-fence-agents-ilo-mp oracle-linux-upgrade-fence-agents-ilo-ssh oracle-linux-upgrade-fence-agents-intelmodular oracle-linux-upgrade-fence-agents-ipdu oracle-linux-upgrade-fence-agents-ipmilan oracle-linux-upgrade-fence-agents-kdump oracle-linux-upgrade-fence-agents-kubevirt oracle-linux-upgrade-fence-agents-lpar oracle-linux-upgrade-fence-agents-mpath oracle-linux-upgrade-fence-agents-redfish oracle-linux-upgrade-fence-agents-rhevm oracle-linux-upgrade-fence-agents-rsa oracle-linux-upgrade-fence-agents-rsb oracle-linux-upgrade-fence-agents-sbd oracle-linux-upgrade-fence-agents-scsi oracle-linux-upgrade-fence-agents-virsh oracle-linux-upgrade-fence-agents-vmware-rest oracle-linux-upgrade-fence-agents-vmware-soap oracle-linux-upgrade-fence-agents-wti oracle-linux-upgrade-fence-virt oracle-linux-upgrade-fence-virtd oracle-linux-upgrade-fence-virtd-cpg oracle-linux-upgrade-fence-virtd-libvirt oracle-linux-upgrade-fence-virtd-multicast oracle-linux-upgrade-fence-virtd-serial oracle-linux-upgrade-fence-virtd-tcp oracle-linux-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-56326 CVE - 2024-56326 ELSA-2025-0308 ELSA-2025-0667 ELSA-2025-0711

Amazon Linux AMI 2: CVE-2024-56326: Security patch for python-jinja2, python3-jinja2 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/28/2025 Added 01/27/2025 Modified 01/27/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. Solution(s) amazon-linux-ami-2-upgrade-python-jinja2 amazon-linux-ami-2-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-56326 AL2/ALAS-2025-2734 AL2/ALAS-2025-2735 CVE - 2024-56326

Red Hat OpenShift: CVE-2024-56201: jinja2: Jinja has a sandbox breakout through malicious filenames Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/31/2025 Added 01/30/2025 Modified 02/14/2025 Description Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. Solution(s) linuxrpm-upgrade-python-jinja2 References https://attackerkb.com/topics/cve-2024-56201 CVE - 2024-56201 RHSA-2025:0308 RHSA-2025:0335 RHSA-2025:0338 RHSA-2025:0341 RHSA-2025:0345 RHSA-2025:0656 RHSA-2025:0721 RHSA-2025:0722 RHSA-2025:0753 RHSA-2025:0777 RHSA-2025:0830 RHSA-2025:0834 RHSA-2025:0842 RHSA-2025:0875 RHSA-2025:1101 RHSA-2025:1118 RHSA-2025:1123 RHSA-2025:1130 RHSA-2025:1249 View more

Huawei EulerOS: CVE-2024-56326: python-jinja2 security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. Solution(s) huawei-euleros-2_0_sp11-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-56326 CVE - 2024-56326 EulerOS-SA-2025-1164

VMware Photon OS: CVE-2024-40896 Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 12/23/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-40896 CVE - 2024-40896

Ubuntu: USN-7244-1 (CVE-2024-56326): Jinja2 vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/31/2025 Added 01/30/2025 Modified 01/31/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. Solution(s) ubuntu-pro-upgrade-python-jinja2 ubuntu-pro-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-56326 CVE - 2024-56326 USN-7244-1 https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 https://github.com/pallets/jinja/releases/tag/3.1.5 https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h https://ubuntu.com/security/notices/USN-7244-1 https://www.cve.org/CVERecord?id=CVE-2024-56326 View more

Ubuntu: USN-7244-1 (CVE-2024-56201): Jinja2 vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/31/2025 Added 01/30/2025 Modified 01/31/2025 Description Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. Solution(s) ubuntu-pro-upgrade-python-jinja2 ubuntu-pro-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-56201 CVE - 2024-56201 USN-7244-1 https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f https://github.com/pallets/jinja/issues/1792 https://github.com/pallets/jinja/releases/tag/3.1.5 https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699 https://ubuntu.com/security/notices/USN-7244-1 https://www.cve.org/CVERecord?id=CVE-2024-56201 View more

Ubuntu: USN-7213-1 (CVE-2024-56378): poppler vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. Solution(s) ubuntu-pro-upgrade-libpoppler118 ubuntu-pro-upgrade-libpoppler134 ubuntu-pro-upgrade-libpoppler140 ubuntu-pro-upgrade-libpoppler58 ubuntu-pro-upgrade-libpoppler73 ubuntu-pro-upgrade-libpoppler97 ubuntu-pro-upgrade-poppler-utils References https://attackerkb.com/topics/cve-2024-56378 CVE - 2024-56378 USN-7213-1

Oracle Linux: CVE-2024-56201: ELSA-2025-0308:fence-agents security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/23/2024 Created 01/18/2025 Added 01/16/2025 Modified 01/23/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. Solution(s) oracle-linux-upgrade-fence-agents-all oracle-linux-upgrade-fence-agents-amt-ws oracle-linux-upgrade-fence-agents-apc oracle-linux-upgrade-fence-agents-apc-snmp oracle-linux-upgrade-fence-agents-bladecenter oracle-linux-upgrade-fence-agents-brocade oracle-linux-upgrade-fence-agents-cisco-mds oracle-linux-upgrade-fence-agents-cisco-ucs oracle-linux-upgrade-fence-agents-common oracle-linux-upgrade-fence-agents-compute oracle-linux-upgrade-fence-agents-drac5 oracle-linux-upgrade-fence-agents-eaton-snmp oracle-linux-upgrade-fence-agents-emerson oracle-linux-upgrade-fence-agents-eps oracle-linux-upgrade-fence-agents-heuristics-ping oracle-linux-upgrade-fence-agents-hpblade oracle-linux-upgrade-fence-agents-ibmblade oracle-linux-upgrade-fence-agents-ibm-powervs oracle-linux-upgrade-fence-agents-ibm-vpc oracle-linux-upgrade-fence-agents-ifmib oracle-linux-upgrade-fence-agents-ilo2 oracle-linux-upgrade-fence-agents-ilo-moonshot oracle-linux-upgrade-fence-agents-ilo-mp oracle-linux-upgrade-fence-agents-ilo-ssh oracle-linux-upgrade-fence-agents-intelmodular oracle-linux-upgrade-fence-agents-ipdu oracle-linux-upgrade-fence-agents-ipmilan oracle-linux-upgrade-fence-agents-kdump oracle-linux-upgrade-fence-agents-kubevirt oracle-linux-upgrade-fence-agents-lpar oracle-linux-upgrade-fence-agents-mpath oracle-linux-upgrade-fence-agents-redfish oracle-linux-upgrade-fence-agents-rhevm oracle-linux-upgrade-fence-agents-rsa oracle-linux-upgrade-fence-agents-rsb oracle-linux-upgrade-fence-agents-sbd oracle-linux-upgrade-fence-agents-scsi oracle-linux-upgrade-fence-agents-virsh oracle-linux-upgrade-fence-agents-vmware-rest oracle-linux-upgrade-fence-agents-vmware-soap oracle-linux-upgrade-fence-agents-wti oracle-linux-upgrade-fence-virt oracle-linux-upgrade-fence-virtd oracle-linux-upgrade-fence-virtd-cpg oracle-linux-upgrade-fence-virtd-libvirt oracle-linux-upgrade-fence-virtd-multicast oracle-linux-upgrade-fence-virtd-serial oracle-linux-upgrade-fence-virtd-tcp References https://attackerkb.com/topics/cve-2024-56201 CVE - 2024-56201 ELSA-2025-0308

Amazon Linux 2023: CVE-2024-56326: Important priority package update for python-jinja2 (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 12/23/2024 Created 02/05/2025 Added 02/14/2025 Modified 02/14/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. Solution(s) amazon-linux-2023-upgrade-ansible-core amazon-linux-2023-upgrade-ansible-test amazon-linux-2023-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-56326 CVE - 2024-56326 https://alas.aws.amazon.com/AL2023/ALAS-2025-810.html https://alas.aws.amazon.com/AL2023/ALAS-2025-811.html

Ubuntu: USN-7215-1 (CVE-2024-40896): libxml2 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. Solution(s) ubuntu-upgrade-libxml2 References https://attackerkb.com/topics/cve-2024-40896 CVE - 2024-40896 USN-7215-1

Red Hat OpenShift: CVE-2024-56326: jinja2: Jinja has a sandbox breakout through indirect reference to format method Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/23/2024 Created 01/31/2025 Added 01/30/2025 Modified 02/14/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. Solution(s) linuxrpm-upgrade-python-jinja2 References https://attackerkb.com/topics/cve-2024-56326 CVE - 2024-56326 RHSA-2025:0308 RHSA-2025:0335 RHSA-2025:0338 RHSA-2025:0341 RHSA-2025:0345 RHSA-2025:0656 RHSA-2025:0667 RHSA-2025:0711 RHSA-2025:0721 RHSA-2025:0722 RHSA-2025:0753 RHSA-2025:0777 RHSA-2025:0830 RHSA-2025:0834 RHSA-2025:0842 RHSA-2025:0850 RHSA-2025:0875 RHSA-2025:0883 RHSA-2025:0950 RHSA-2025:0951 RHSA-2025:0978 RHSA-2025:1101 RHSA-2025:1109 RHSA-2025:1118 RHSA-2025:1123 RHSA-2025:1130 RHSA-2025:1241 RHSA-2025:1249 RHSA-2025:1250 View more

Red Hat: CVE-2024-56201: jinja2: Jinja has a sandbox breakout through malicious filenames (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/23/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/16/2025 Description Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. Solution(s) redhat-upgrade-fence-agents-aliyun redhat-upgrade-fence-agents-all redhat-upgrade-fence-agents-amt-ws redhat-upgrade-fence-agents-apc redhat-upgrade-fence-agents-apc-snmp redhat-upgrade-fence-agents-aws redhat-upgrade-fence-agents-azure-arm redhat-upgrade-fence-agents-bladecenter redhat-upgrade-fence-agents-brocade redhat-upgrade-fence-agents-cisco-mds redhat-upgrade-fence-agents-cisco-ucs redhat-upgrade-fence-agents-common redhat-upgrade-fence-agents-compute redhat-upgrade-fence-agents-debuginfo redhat-upgrade-fence-agents-debugsource redhat-upgrade-fence-agents-drac5 redhat-upgrade-fence-agents-eaton-snmp redhat-upgrade-fence-agents-emerson redhat-upgrade-fence-agents-eps redhat-upgrade-fence-agents-gce redhat-upgrade-fence-agents-heuristics-ping redhat-upgrade-fence-agents-hpblade redhat-upgrade-fence-agents-ibm-powervs redhat-upgrade-fence-agents-ibm-vpc redhat-upgrade-fence-agents-ibmblade redhat-upgrade-fence-agents-ifmib redhat-upgrade-fence-agents-ilo-moonshot redhat-upgrade-fence-agents-ilo-mp redhat-upgrade-fence-agents-ilo-ssh redhat-upgrade-fence-agents-ilo2 redhat-upgrade-fence-agents-intelmodular redhat-upgrade-fence-agents-ipdu redhat-upgrade-fence-agents-ipmilan redhat-upgrade-fence-agents-kdump redhat-upgrade-fence-agents-kdump-debuginfo redhat-upgrade-fence-agents-kubevirt redhat-upgrade-fence-agents-kubevirt-debuginfo redhat-upgrade-fence-agents-lpar redhat-upgrade-fence-agents-mpath redhat-upgrade-fence-agents-openstack redhat-upgrade-fence-agents-redfish redhat-upgrade-fence-agents-rhevm redhat-upgrade-fence-agents-rsa redhat-upgrade-fence-agents-rsb redhat-upgrade-fence-agents-sbd redhat-upgrade-fence-agents-scsi redhat-upgrade-fence-agents-virsh redhat-upgrade-fence-agents-vmware-rest redhat-upgrade-fence-agents-vmware-soap redhat-upgrade-fence-agents-wti redhat-upgrade-fence-agents-zvm redhat-upgrade-fence-virt redhat-upgrade-fence-virt-debuginfo redhat-upgrade-fence-virtd redhat-upgrade-fence-virtd-cpg redhat-upgrade-fence-virtd-cpg-debuginfo redhat-upgrade-fence-virtd-debuginfo redhat-upgrade-fence-virtd-libvirt redhat-upgrade-fence-virtd-libvirt-debuginfo redhat-upgrade-fence-virtd-multicast redhat-upgrade-fence-virtd-multicast-debuginfo redhat-upgrade-fence-virtd-serial redhat-upgrade-fence-virtd-serial-debuginfo redhat-upgrade-fence-virtd-tcp redhat-upgrade-fence-virtd-tcp-debuginfo redhat-upgrade-ha-cloud-support redhat-upgrade-ha-cloud-support-debuginfo References CVE-2024-56201 RHSA-2025:0308 RHSA-2025:0335 RHSA-2025:0338

Google Chrome Vulnerability: CVE-2024-12694 Use after free in Compositing Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/19/2024 Created 12/20/2024 Added 12/19/2024 Modified 02/14/2025 Description Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-12694 CVE - 2024-12694 https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html

Red Hat: CVE-2024-56326: jinja2: Jinja has a sandbox breakout through indirect reference to format method (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 12/23/2024 Created 01/16/2025 Added 01/15/2025 Modified 02/10/2025 Description Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. Solution(s) redhat-upgrade-fence-agents-aliyun redhat-upgrade-fence-agents-all redhat-upgrade-fence-agents-amt-ws redhat-upgrade-fence-agents-apc redhat-upgrade-fence-agents-apc-snmp redhat-upgrade-fence-agents-aws redhat-upgrade-fence-agents-azure-arm redhat-upgrade-fence-agents-bladecenter redhat-upgrade-fence-agents-brocade redhat-upgrade-fence-agents-cisco-mds redhat-upgrade-fence-agents-cisco-ucs redhat-upgrade-fence-agents-common redhat-upgrade-fence-agents-compute redhat-upgrade-fence-agents-debuginfo redhat-upgrade-fence-agents-debugsource redhat-upgrade-fence-agents-drac5 redhat-upgrade-fence-agents-eaton-snmp redhat-upgrade-fence-agents-emerson redhat-upgrade-fence-agents-eps redhat-upgrade-fence-agents-gce redhat-upgrade-fence-agents-heuristics-ping redhat-upgrade-fence-agents-hpblade redhat-upgrade-fence-agents-ibm-powervs redhat-upgrade-fence-agents-ibm-vpc redhat-upgrade-fence-agents-ibmblade redhat-upgrade-fence-agents-ifmib redhat-upgrade-fence-agents-ilo-moonshot redhat-upgrade-fence-agents-ilo-mp redhat-upgrade-fence-agents-ilo-ssh redhat-upgrade-fence-agents-ilo2 redhat-upgrade-fence-agents-intelmodular redhat-upgrade-fence-agents-ipdu redhat-upgrade-fence-agents-ipmilan redhat-upgrade-fence-agents-kdump redhat-upgrade-fence-agents-kdump-debuginfo redhat-upgrade-fence-agents-kubevirt redhat-upgrade-fence-agents-kubevirt-debuginfo redhat-upgrade-fence-agents-lpar redhat-upgrade-fence-agents-mpath redhat-upgrade-fence-agents-openstack redhat-upgrade-fence-agents-redfish redhat-upgrade-fence-agents-rhevm redhat-upgrade-fence-agents-rsa redhat-upgrade-fence-agents-rsb redhat-upgrade-fence-agents-sbd redhat-upgrade-fence-agents-scsi redhat-upgrade-fence-agents-virsh redhat-upgrade-fence-agents-vmware-rest redhat-upgrade-fence-agents-vmware-soap redhat-upgrade-fence-agents-wti redhat-upgrade-fence-agents-zvm redhat-upgrade-fence-virt redhat-upgrade-fence-virt-debuginfo redhat-upgrade-fence-virtd redhat-upgrade-fence-virtd-cpg redhat-upgrade-fence-virtd-cpg-debuginfo redhat-upgrade-fence-virtd-debuginfo redhat-upgrade-fence-virtd-libvirt redhat-upgrade-fence-virtd-libvirt-debuginfo redhat-upgrade-fence-virtd-multicast redhat-upgrade-fence-virtd-multicast-debuginfo redhat-upgrade-fence-virtd-serial redhat-upgrade-fence-virtd-serial-debuginfo redhat-upgrade-fence-virtd-tcp redhat-upgrade-fence-virtd-tcp-debuginfo redhat-upgrade-ha-cloud-support redhat-upgrade-ha-cloud-support-debuginfo redhat-upgrade-python3-jinja2 References CVE-2024-56326 RHSA-2025:0308 RHSA-2025:0335 RHSA-2025:0338 RHSA-2025:0667 RHSA-2025:0711 RHSA-2025:0850 RHSA-2025:0883 RHSA-2025:0978 View more

Debian: CVE-2024-45819: xen -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/19/2024 Created 12/31/2024 Added 12/30/2024 Modified 12/30/2024 Description PVH guests have their ACPI tables constructed by the toolstack.The construction involves building the tables in local memory, which are then copied into guest memory.While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. Solution(s) debian-upgrade-xen References https://attackerkb.com/topics/cve-2024-45819 CVE - 2024-45819 DSA-5836-1

Debian: CVE-2024-11614: dpdk -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/19/2024 Created 12/20/2024 Added 12/19/2024 Modified 12/20/2024 Description An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. Solution(s) debian-upgrade-dpdk References https://attackerkb.com/topics/cve-2024-11614 CVE - 2024-11614 DSA-5833-1

Fortinet FortiOS: Out-of-bounds Write (CVE-2020-12820) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 12/19/2024 Created 01/28/2025 Added 01/27/2025 Modified 01/28/2025 Description Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. Solution(s) fortios-upgrade-5_6_13 fortios-upgrade-6_0_11 References https://attackerkb.com/topics/cve-2020-12820 CVE - 2020-12820 https://fortiguard.fortinet.com/psirt/FG-IR-20-083

Craft CMS Twig Template Injection RCE via FTP Templates Path Disclosed 12/19/2024 Created 01/24/2025 Description This module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to Remote Code Execution (RCE). Author(s) jheysel-r7 Valentin Lobstein AssetNote Platform Linux,Unix Architectures cmd Development Source Code History

A Local File Inclusion (LFI) vulnerability in the /h/rest endpoint, allowing authorized remote attackers to access sensitive files in the WebRoot using their valid auth tokens, has been fixed to prevent unauthorized file access. Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/19/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-54663 CVE - 2024-54663 https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.3#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.11#Security_Fixes