ISHACK AI BOT

Huawei EulerOS: CVE-2024-53093: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes available or all paths are torn down, but that action also occurs within scan_work, so it would deadlock. Defer the partion scan to a different context that does not block scan_work. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-53093 CVE - 2024-53093 EulerOS-SA-2025-1192

Microsoft Edge Chromium: CVE-2024-49054 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/22/2024 Created 11/23/2024 Added 11/22/2024 Modified 11/25/2024 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-49054 CVE - 2024-49054 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49054

Red Hat: CVE-2024-52804: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/22/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue. Solution(s) redhat-upgrade-python-tornado-debugsource redhat-upgrade-python3-tornado redhat-upgrade-python3-tornado-debuginfo References CVE-2024-52804 RHSA-2024:10590 RHSA-2024:10836 RHSA-2024:10843

Wireshark : CVE-2024-11595 : FiveCo RAP dissector infinite loop Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 11/26/2024 Added 11/25/2024 Modified 11/25/2024 Description FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-4_2_9 wireshark-upgrade-4_4_2 References https://attackerkb.com/topics/cve-2024-11595 CVE - 2024-11595 https://www.wireshark.org/security/wnpa-sec-2024-14.html

Huawei EulerOS: CVE-2024-53095: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server.[0] The workload runs on Kubernetes, and some pods mount CIFS servers in non-root network namespaces.The problem rarely happened, but it was always while the pod was dying. The root cause is wrong reference counting for network namespace. CIFS uses kernel sockets, which do not hold refcnt of the netns that the socket belongs to.That means CIFS must ensure the socket is always freed before its netns; otherwise, use-after-free happens. The repro steps are roughly: 1. mount CIFS in a non-root netns 2. drop packets from the netns 3. destroy the netns 4. unmount CIFS We can reproduce the issue quickly with the script [1] below and see the splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled. When the socket is TCP, it is hard to guarantee the netns lifetime without holding refcnt due to async timers. Let's hold netns refcnt for each socket as done for SMC in commit 9744d2bf1976 ("smc: Fix use-after-free in tcp_write_timer_handler()."). Note that we need to move put_net() from cifs_put_tcp_session() to clean_demultiplex_info(); otherwise, __sock_create() still could touch a freed netns while cifsd tries to reconnect from cifs_demultiplex_thread(). Also, maybe_get_net() cannot be put just before __sock_create() because the code is not under RCU and there is a small chance that the same address happened to be reallocated to another netns. [0]: CIFS: VFS: \\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting... CIFS: Serverclose failed 4 times, giving up Unable to handle kernel paging request at virtual address 14de99e461f84a07 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [14de99e461f84a07] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs CPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1 Hardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : fib_rules_lookup+0x44/0x238 lr : __fib_lookup+0x64/0xbc sp : ffff8000265db790 x29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01 x26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580 x23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500 x20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002 x11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294 x8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000 x5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0 x2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500 Call trace: fib_rules_lookup+0x44/0x238 __fib_lookup+0x64/0xbc ip_route_output_key_hash_rcu+0x2c4/0x398 ip_route_output_key_hash+0x60/0x8c tcp_v4_connect+0x290/0x488 __inet_stream_connect+0x108/0x3d0 inet_stream_connect+0x50/0x78 kernel_connect+0x6c/0xac generic_ip_conne ---truncated--- Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-53095 CVE - 2024-53095 EulerOS-SA-2025-1159

SUSE: CVE-2024-11596: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 01/04/2025 Added 01/03/2025 Modified 01/03/2025 Description ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark17 suse-upgrade-libwiretap14 suse-upgrade-libwsutil15 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2024-11596 CVE - 2024-11596

Huawei EulerOS: CVE-2024-53095: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server.[0] The workload runs on Kubernetes, and some pods mount CIFS servers in non-root network namespaces.The problem rarely happened, but it was always while the pod was dying. The root cause is wrong reference counting for network namespace. CIFS uses kernel sockets, which do not hold refcnt of the netns that the socket belongs to.That means CIFS must ensure the socket is always freed before its netns; otherwise, use-after-free happens. The repro steps are roughly: 1. mount CIFS in a non-root netns 2. drop packets from the netns 3. destroy the netns 4. unmount CIFS We can reproduce the issue quickly with the script [1] below and see the splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled. When the socket is TCP, it is hard to guarantee the netns lifetime without holding refcnt due to async timers. Let's hold netns refcnt for each socket as done for SMC in commit 9744d2bf1976 ("smc: Fix use-after-free in tcp_write_timer_handler()."). Note that we need to move put_net() from cifs_put_tcp_session() to clean_demultiplex_info(); otherwise, __sock_create() still could touch a freed netns while cifsd tries to reconnect from cifs_demultiplex_thread(). Also, maybe_get_net() cannot be put just before __sock_create() because the code is not under RCU and there is a small chance that the same address happened to be reallocated to another netns. [0]: CIFS: VFS: \\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting... CIFS: Serverclose failed 4 times, giving up Unable to handle kernel paging request at virtual address 14de99e461f84a07 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [14de99e461f84a07] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs CPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1 Hardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : fib_rules_lookup+0x44/0x238 lr : __fib_lookup+0x64/0xbc sp : ffff8000265db790 x29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01 x26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580 x23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500 x20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002 x11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294 x8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000 x5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0 x2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500 Call trace: fib_rules_lookup+0x44/0x238 __fib_lookup+0x64/0xbc ip_route_output_key_hash_rcu+0x2c4/0x398 ip_route_output_key_hash+0x60/0x8c tcp_v4_connect+0x290/0x488 __inet_stream_connect+0x108/0x3d0 inet_stream_connect+0x50/0x78 kernel_connect+0x6c/0xac generic_ip_conne ---truncated--- Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-53095 CVE - 2024-53095 EulerOS-SA-2025-1192

Red Hat JBossEAP: HTTP Request/Response Smuggling (CVE-2024-9666) Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 11/21/2024 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.. A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-9666 CVE - 2024-9666 https://access.redhat.com/security/cve/CVE-2024-9666 https://bugzilla.redhat.com/show_bug.cgi?id=2317440

SUSE: CVE-2024-11595: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 01/04/2025 Added 01/03/2025 Modified 01/03/2025 Description FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark17 suse-upgrade-libwiretap14 suse-upgrade-libwsutil15 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2024-11595 CVE - 2024-11595

VMware Photon OS: CVE-2024-11595 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/21/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-11595 CVE - 2024-11595

Wireshark : CVE-2024-11596 : ECMP dissector crash Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 11/26/2024 Added 11/25/2024 Modified 11/25/2024 Description ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-4_2_9 wireshark-upgrade-4_4_2 References https://attackerkb.com/topics/cve-2024-11596 CVE - 2024-11596 https://www.wireshark.org/security/wnpa-sec-2024-15.html

Amazon Linux AMI 2: CVE-2024-52615: Security patch for avahi (ALAS-2024-2704) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/21/2024 Created 12/21/2024 Added 12/20/2024 Modified 01/28/2025 Description A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. Solution(s) amazon-linux-ami-2-upgrade-avahi amazon-linux-ami-2-upgrade-avahi-autoipd amazon-linux-ami-2-upgrade-avahi-compat-howl amazon-linux-ami-2-upgrade-avahi-compat-howl-devel amazon-linux-ami-2-upgrade-avahi-compat-libdns_sd amazon-linux-ami-2-upgrade-avahi-compat-libdns_sd-devel amazon-linux-ami-2-upgrade-avahi-debuginfo amazon-linux-ami-2-upgrade-avahi-devel amazon-linux-ami-2-upgrade-avahi-dnsconfd amazon-linux-ami-2-upgrade-avahi-glib amazon-linux-ami-2-upgrade-avahi-glib-devel amazon-linux-ami-2-upgrade-avahi-gobject amazon-linux-ami-2-upgrade-avahi-gobject-devel amazon-linux-ami-2-upgrade-avahi-libs amazon-linux-ami-2-upgrade-avahi-qt3 amazon-linux-ami-2-upgrade-avahi-qt3-devel amazon-linux-ami-2-upgrade-avahi-qt4 amazon-linux-ami-2-upgrade-avahi-qt4-devel amazon-linux-ami-2-upgrade-avahi-tools amazon-linux-ami-2-upgrade-avahi-ui amazon-linux-ami-2-upgrade-avahi-ui-devel amazon-linux-ami-2-upgrade-avahi-ui-gtk3 amazon-linux-ami-2-upgrade-avahi-ui-tools References https://attackerkb.com/topics/cve-2024-52615 AL2/ALAS-2024-2704 CVE - 2024-52615

A stored XSS vulnerability in the `contacts/print` endpoint has been addressed. Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 11/21/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-45513 CVE - 2024-45513 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes

Debian: CVE-2024-53093: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/21/2024 Created 12/03/2024 Added 12/02/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes available or all paths are torn down, but that action also occurs within scan_work, so it would deadlock. Defer the partion scan to a different context that does not block scan_work. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-53093 CVE - 2024-53093 DSA-5818-1

A Cross-Site Scripting (XSS) vulnerability caused by a non-sanitized `packages` parameter has been resolved. Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 11/21/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-45514 CVE - 2024-45514 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes View more

Ubuntu: USN-7227-1 (CVE-2024-53432): PCL vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/21/2024 Created 01/28/2025 Added 01/27/2025 Modified 01/27/2025 Description While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY files. Solution(s) ubuntu-pro-upgrade-libpcl-io1-10 ubuntu-pro-upgrade-libpcl-io1-12 ubuntu-pro-upgrade-libpcl-io1-14 ubuntu-pro-upgrade-libpcl-io1-7 ubuntu-pro-upgrade-libpcl-io1-8 ubuntu-pro-upgrade-libpcl-recognition1-10 ubuntu-pro-upgrade-libpcl-recognition1-12 ubuntu-pro-upgrade-libpcl-recognition1-14 ubuntu-pro-upgrade-libpcl-recognition1-7 ubuntu-pro-upgrade-libpcl-recognition1-8 ubuntu-pro-upgrade-libpcl-visualization1-10 ubuntu-pro-upgrade-libpcl-visualization1-12 ubuntu-pro-upgrade-libpcl-visualization1-14 ubuntu-pro-upgrade-libpcl-visualization1-7 ubuntu-pro-upgrade-libpcl-visualization1-8 ubuntu-pro-upgrade-pcl-tools References https://attackerkb.com/topics/cve-2024-53432 CVE - 2024-53432 USN-7227-1

Fixed a Stored Cross-Site Scripting (XSS) vulnerability in the Briefcase module that could execute malicious code when interacting with folder share notifications. Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 11/21/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with the folder share notification, the malicious script executes in their browser. This stored Cross-Site Scripting (XSS) vulnerability can lead to unauthorized actions within the victim's session. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-45512 CVE - 2024-45512 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes

Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password Disclosed 11/21/2024 Created 01/09/2025 Description Pandora FMS is a monitoring solution that provides full observability for your organization's technology. This module exploits an command injection vulnerability in the LDAP authentication mechanism of Pandora FMS. You need have admin access at the Pandora FMS Web application in order to execute this RCE. This access can be achieved leveraging a default password vulnerability in Pandora FMS that allows an attacker to access the Pandora FMS MySQL database, create a new admin user and gain administrative access to the Pandora FMS Web application. This attack can be remotely executed over the WAN as long as the MySQL services are exposed to the outside world. This issue affects Community, Free and Enterprise editions: from v7.0NG.718 through <= v7.0NG.777.4 Author(s) h00die-gr3y <[email protected]> Askar mhaskar Platform Linux,PHP,Unix Architectures cmd, php Development Source Code History

A Cross-Site Scripting (XSS) issue that allowed an attacker to inject and execute malicious code via email account configurations has been resolved. Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 11/21/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This injected code is stored on the server and executed in the context of the victim's browser when interacting with specific elements in the web interface. (The vulnerability can be mitigated by properly sanitizing input parameters to prevent the injection of malicious code.) Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-45194 CVE - 2024-45194 https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes

Amazon Linux AMI 2: CVE-2024-44308: Security patch for webkitgtk4 (ALAS-2024-2434) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/20/2024 Created 01/08/2025 Added 01/07/2025 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2024-44308 AL2/ALAS-2024-2434 CVE - 2024-44308

mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407) Disclosed 11/21/2024 Created 02/11/2025 Description Unauthenticated Command Injection in MyPRO Manager <= v1.2 from mySCADA. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of the myscada9 administrative user that is automatically added by the product. Author(s) Michael Heinzl Platform Windows Architectures cmd Development Source Code History

Debian: CVE-2024-44309: webkit2gtk, wpewebkit -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/20/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-44309 CVE - 2024-44309 DLA-3982-1 DSA-5823-1

Debian: CVE-2024-44308: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/20/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-44308 CVE - 2024-44308 DLA-3982-1 DSA-5823-1

Alma Linux: CVE-2024-44309: Important: webkit2gtk3 security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/20/2024 Created 12/05/2024 Added 12/04/2024 Modified 01/28/2025 Description A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2024-44309 CVE - 2024-44309 https://errata.almalinux.org/8/ALSA-2024-10481.html https://errata.almalinux.org/9/ALSA-2024-10472.html

Ubuntu: USN-7142-1 (CVE-2024-44308): WebKitGTK vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/20/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2024-44308 CVE - 2024-44308 USN-7142-1