ISHACK AI BOT

VMware Photon OS: CVE-2024-47540 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47540 CVE - 2024-47540

VMware Photon OS: CVE-2024-47542 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47542 CVE - 2024-47542

FreeBSD: VID-275AC414-B847-11EF-9877-2CF05DA270F3 (CVE-2024-9367): Gitlab -- Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/11/2024 Created 12/17/2024 Added 12/14/2024 Modified 12/14/2024 Description An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-9367

VMware Photon OS: CVE-2024-47544 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47544 CVE - 2024-47544

FreeBSD: VID-275AC414-B847-11EF-9877-2CF05DA270F3 (CVE-2024-8647): Gitlab -- Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/11/2024 Created 12/17/2024 Added 12/14/2024 Modified 12/14/2024 Description An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-8647

VMware Photon OS: CVE-2024-47538 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47538 CVE - 2024-47538

Amazon Linux 2023: CVE-2024-45337: Important priority package update for nerdctl (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:N) Published 12/11/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that &quot;A call to this function does not guarantee that the key offered is in fact used to authenticate.&quot; Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance. A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass. Solution(s) amazon-linux-2023-upgrade-containerd amazon-linux-2023-upgrade-containerd-debuginfo amazon-linux-2023-upgrade-containerd-debugsource amazon-linux-2023-upgrade-containerd-stress amazon-linux-2023-upgrade-containerd-stress-debuginfo amazon-linux-2023-upgrade-nerdctl amazon-linux-2023-upgrade-runfinch-finch References https://attackerkb.com/topics/cve-2024-45337 CVE - 2024-45337 https://alas.aws.amazon.com/AL2023/ALAS-2025-833.html https://alas.aws.amazon.com/AL2023/ALAS-2025-834.html https://alas.aws.amazon.com/AL2023/ALAS-2025-835.html

Oracle Linux: CVE-2024-54508: ELSA-2025-0146:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/14/2025 Added 01/10/2025 Modified 01/17/2025 Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2024-54508 CVE - 2024-54508 ELSA-2025-0146 ELSA-2025-0145

Oracle Linux: CVE-2024-54502: ELSA-2025-0146:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/14/2025 Added 01/10/2025 Modified 01/17/2025 Description The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2024-54502 CVE - 2024-54502 ELSA-2025-0146 ELSA-2025-0145

VMware Photon OS: CVE-2024-47598 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47598 CVE - 2024-47598

FreeBSD: VID-275AC414-B847-11EF-9877-2CF05DA270F3 (CVE-2024-11274): Gitlab -- Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/11/2024 Created 12/17/2024 Added 12/14/2024 Modified 12/14/2024 Description An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-11274

Ivanti Pulse Connect Secure: December 2024 Security Advisory Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) (Multiple CVEs) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_3 References https://attackerkb.com/topics/cve-2024-37377 CVE - 2024-37377 https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US

VMware Photon OS: CVE-2024-47546 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47546 CVE - 2024-47546

Oracle Linux: CVE-2024-54505: ELSA-2025-0146:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/11/2024 Created 01/14/2025 Added 01/10/2025 Modified 01/17/2025 Description A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2024-54505 CVE - 2024-54505 ELSA-2025-0146 ELSA-2025-0145

VMware Photon OS: CVE-2024-47545 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47545 CVE - 2024-47545

Cleo Harmony: CVE-2024-55956: Unauthenticated Remote Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/24/2024 Added 12/23/2024 Modified 12/24/2024 Description In Cleo Harmony, prior to version 5.8.0.24, there is an unauthenticated malicious hosts vulnerability that could lead to remote execution. Solution(s) cleo-harmony-upgrade-cve-2024-55956-remote References https://attackerkb.com/topics/cve-2024-55956 CVE - 2024-55956 https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956

Cleo VLTrader: Authenticated Remote Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 12/16/2024 Description Deprecated Solution(s)

Microsoft Windows: CVE-2024-49113: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49113: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49113 CVE - 2024-49113 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Microsoft Windows: CVE-2024-49073: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49073: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49073 CVE - 2024-49073 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685

VMware Photon OS: CVE-2024-47613 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47613 CVE - 2024-47613

Red Hat JBossEAP: Other (CVE-2024-4109) Severity 1 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:N) Published 12/10/2024 Created 12/24/2024 Added 12/20/2024 Modified 02/10/2025 Description No description is available for this CVE. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-4109 CVE - 2024-4109 https://access.redhat.com/security/cve/CVE-2024-4109 https://bugzilla.redhat.com/show_bug.cgi?id=2272325 https://github.com/undertow-io/undertow/pull/1668# https://access.redhat.com/errata/RHSA-2024:10927 https://access.redhat.com/errata/RHSA-2024:10928 https://access.redhat.com/errata/RHSA-2024:10929 https://access.redhat.com/errata/RHSA-2024:10933 https://access.redhat.com/errata/RHSA-2024:11559 https://access.redhat.com/errata/RHSA-2024:11560 https://access.redhat.com/errata/RHSA-2024:11570 View more

Microsoft Office: CVE-2024-49069: Microsoft Excel Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 12/10/2024 Description Microsoft Office: CVE-2024-49069: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002660 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-49069 CVE - 2024-49069 https://support.microsoft.com/help/5002660

VMware Photon OS: CVE-2024-47602 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47602 CVE - 2024-47602

VMware Photon OS: CVE-2024-47778 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/11/2024 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-47778 CVE - 2024-47778

FreeBSD: VID-275AC414-B847-11EF-9877-2CF05DA270F3 (CVE-2024-8179): Gitlab -- Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/11/2024 Created 12/17/2024 Added 12/14/2024 Modified 12/14/2024 Description An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-8179