September Linux Patch Wednesday. 460 vulnerabilities. Of these, 279 are in the Linux Kernel.
2 vulnerabilities with signs of exploitation in the wild, but without public exploits:
🔻 Security Feature Bypass - Chromium (CVE-2024-7965)
🔻 Memory Corruption - Chromium (CVE-2024-7971)
29 vulnerabilities with no sign of exploitation in the wild, but with a link to a public exploit or a sign of its existence. Can be highlighted:
🔸 Remote Code Execution - pgAdmin (CVE-2024-2044), SPIP (CVE-2024-7954), InVesalius (CVE-2024-42845)
🔸 Command Injection - SPIP (CVE-2024-8517)
Among them are vulnerabilities from 2023, fixed in repos only now (in RedOS):
🔸 Remote Code Execution - webmin (CVE-2023-38303)
🔸 Code Injection - webmin (CVE-2023-38306, CVE-2023-38308)
🔸 Information Disclosure - KeePass (CVE-2023-24055)
Debian brought "Google Chrome on Windows" vulnerabilities. 😣👎
🗒 Vulristics September Linux Patch Wednesday Report
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю подписаться на мой канал @avleonovrus "Управление Уязвимостями и прочее" в MAX или в Telegram.