Report Name: Linux Patch Wednesday August 2024
Generated: 2024-08-22 16:56:58

Product Name	Prevalence	U	C	H	M	L	A	Comment
Apache HTTP Server	0.9		1	1			2	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
Intel(R) Processor	0.9			1	1		2	Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
Linux Kernel	0.9			2	116	262	380	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Chromium	0.8			3	20		23	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GLPI	0.8	1	7	11	23		42	GLPI is an open source IT Asset Management, issue tracking system and service desk system
Mozilla Firefox	0.8		1	4	10	1	16	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js	0.8			1	2		3	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
PHP	0.8	1	2	1	1	1	6	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
RPC	0.8				1		1	Remote Procedure Call Runtime
Safari	0.8				5	2	7	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Zabbix	0.8				4		4	Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
.NET and Visual Studio	0.7				1		1	.NET and Visual Studio
Apache Traffic Server	0.7			3			3	The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
BIND	0.7				4		4	BIND is a suite of software for interacting with the Domain Name System
Calibre	0.7		1	2			3	Calibre is a cross-platform free and open-source suite of e-book software
Curl	0.7			1	1		2	Curl is a command-line tool for transferring data specified with URL syntax
Envoy	0.7			1	1		2	Envoy is a cloud-native, open-source edge and service proxy
FFmpeg	0.7			1	1		2	FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Kubernetes	0.7				1		1	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
Minio	0.7	2		1			3	Minio is a Multi-Cloud Object Storage framework
Neat VNC	0.7		1				1	A liberally licensed VNC server library with a clean interface
Oracle MySQL	0.7				15		15	MySQL is an open-source relational database management system
Oracle VM VirtualBox	0.7		1	8	2		11	Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
QEMU	0.7				1		1	QEMU is a generic and open source machine & userspace emulator and virtualizer
vim	0.7			1	1		2	Vim is a free and open-source, screen-based text editor program
Oracle Java SE	0.6				3		3	Oracle Java SE
Perl	0.6				1	2	3	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Python	0.6			1	5		6	Python is a high-level, general-purpose programming language
Roundcube	0.6				3		3	Roundcube is a web-based IMAP email client
Rust Standard Library	0.6		1				1	The Rust Standard Library is the foundation of portable Rust software, a set of minimal and battle-tested shared abstractions for the broader Rust ecosystem
wpa_supplicant	0.6				1		1	wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
Consul	0.5				1		1	Product detected by a:hashicorp:consul (exists in CPE dict)
FRRouting	0.5				1		1	Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
Filebeat	0.5				1		1	Product detected by a:elastic:filebeat (exists in CPE dict)
Flask	0.5		1		1		2	Flask is a lightweight WSGI web application framework
HID	0.5				1		1	HID
JupyterHub	0.5				1		1	Product detected by a:jupyter:jupyterhub (exists in CPE dict)
Moby Project	0.5			1			1	Moby is an open-source project, created by Docker, to enable and accelerate software containerization
NVIDIA GPU Display Driver	0.5				1		1	A NVIDIA driver is a software program that enables communication between your computer and the NVIDIA graphics processor installed in your system
Newlib	0.5			1			1	Product detected by a:newlib_project:newlib (exists in CPE dict)
Nova	0.5			1			1	Product detected by a:openstack:nova (exists in CPE dict)
RabbitMQ Java Client	0.5			1			1	Product detected by a:vmware:rabbitmq_java_client (exists in CPE dict)
TLS	0.5				3	1	4	TLS
Vault	0.5				3		3	Product detected by a:hashicorp:vault (exists in CPE dict)
Virtual GPU	0.5				2		2	Product detected by a:nvidia:virtual_gpu (exists in CPE dict)
assimp	0.5				1		1	Product detected by a:assimp:assimp (exists in CPE dict)
django	0.5			1	4		5	Product detected by a:djangoproject:django (exists in CPE dict)
fugit	0.5				1		1	Product detected by a:floraison:fugit (does NOT exist in CPE dict)
libcurl	0.5			1			1	Product detected by a:haxx:libcurl (exists in CPE dict)
libtiff	0.5				1		1	Product detected by a:libtiff:libtiff (exists in CPE dict)
moodle	0.5				1		1	Product detected by a:moodle:moodle (exists in CPE dict)
nginx_open_source	0.5				1		1	Product detected by a:f5:nginx_open_source (does NOT exist in CPE dict)
ofono	0.5				4		4	Product detected by a:ofono_project:ofono (does NOT exist in CPE dict)
pdfio	0.5			1			1	Product detected by a:msweet:pdfio (does NOT exist in CPE dict)
postgresql	0.5				1		1	Product detected by a:postgresql:postgresql (exists in CPE dict)
stb_image.h	0.5			1			1	Product detected by a:nothings:stb_image.h (exists in CPE dict)
webob	0.5			1			1	Product detected by a:pylonsproject:webob (does NOT exist in CPE dict)
Flatpak	0.4				1		1	Flatpak is a utility for software deployment and package management for Linux
GPAC	0.4			2			2	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Git	0.4				2		2	Git
Oracle WebLogic Server	0.4	1					1	Unified and extensible platform for developing, deploying and running enterprise applications
Unknown Product	0				31	27	58	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	1	3	4	22		30
Authentication Bypass	0.98		5	17	7		29
Code Injection	0.97	1	4	6	4		15
Command Injection	0.97	1	3	4	2		10
Security Feature Bypass	0.9			6	22		28
Elevation of Privilege	0.85			1	5		6
Information Disclosure	0.83	1			7		8
Cross Site Scripting	0.8			4	19	1	24
Open Redirect	0.75			1			1
Denial of Service	0.7	1	1	8	47	4	61
Path Traversal	0.7				1		1
Incorrect Calculation	0.5				7		7
Memory Corruption	0.5			3	101	5	109
Spoofing	0.4				1		1
Unknown Vulnerability Type	0				42	286	328

Source	U	C	H	M	L	A
almalinux			3	14	5	22
debian		3	26	210	244	483
oraclelinux			3	15	13	31
redhat			4	16	10	30
redos	4	13	32	69	6	124
ubuntu	1		8	52	42	103

Urgent (5)

1. Remote Code Execution - PHP (CVE-2024-4577) - Urgent [966]

Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

redos: CVE-2024-4577 was patched at 2024-08-16

2. Information Disclosure - Minio (CVE-2023-28432) - Urgent [895]

Description: Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

redos: CVE-2023-28432 was patched at 2024-08-07

3. Command Injection - Oracle WebLogic Server (CVE-2015-4852) - Urgent [894]

Description: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

ubuntu: CVE-2015-4852 was patched at 2024-07-31

4. Denial of Service - Minio (CVE-2023-28434) - Urgent [872]

Description: Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.

redos: CVE-2023-28434 was patched at 2024-08-07

5. Code Injection - GLPI (CVE-2023-36808) - Urgent [800]

Description: GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

redos: CVE-2023-36808 was patched at 2024-08-12

Critical (16)

6. Code Injection - GLPI (CVE-2023-35924) - Critical [788]

Description: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

redos: CVE-2023-35924 was patched at 2024-08-12

7. Authentication Bypass - GLPI (CVE-2023-35940) - Critical [778]

Description: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.

redos: CVE-2023-35940 was patched at 2024-08-12

8. Authentication Bypass - GLPI (CVE-2023-35939) - Critical [766]

Description: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.

redos: CVE-2023-35939 was patched at 2024-08-12

9. Code Injection - GLPI (CVE-2024-27096) - Critical [741]

Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.

redos: CVE-2024-27096 was patched at 2024-08-12

10. Code Injection - GLPI (CVE-2024-29889) - Critical [717]

Description: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.

redos: CVE-2024-29889 was patched at 2024-08-12

11. Code Injection - GLPI (CVE-2022-31061) - Critical [699]

Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

redos: CVE-2022-31061 was patched at 2024-07-26

12. Command Injection - PHP (CVE-2024-5585) - Critical [699]

Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

redos: CVE-2024-5585 was patched at 2024-08-16

13. Denial of Service - PHP (CVE-2024-2757) - Critical [692]

Description: In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. 

redos: CVE-2024-2757 was patched at 2024-08-16

14. Remote Code Execution - Calibre (CVE-2024-6782) - Critical [688]

Description: Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.

debian: CVE-2024-6782 was patched at 2024-08-21

15. Command Injection - Apache HTTP Server (CVE-2024-40898) - Critical [668]

Description: SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

redos: CVE-2024-40898 was patched at 2024-07-29

16. Remote Code Execution - Mozilla Firefox (CVE-2024-2605) - Critical [651]

Description: An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

redos: CVE-2024-2605 was patched at 2024-08-20

17. Authentication Bypass - Neat VNC (CVE-2024-42458) - Critical [625]

Description: {'nvd_cve_data_all': 'server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-42458 was patched at 2024-08-21

18. Remote Code Execution - GLPI (CVE-2023-33971) - Critical [621]

Description: Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields.

redos: CVE-2023-33971 was patched at 2024-08-12

19. Command Injection - Rust Standard Library (CVE-2024-24576) - Critical [618]

Description: Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.

redos: CVE-2024-24576 was patched at 2024-08-05

20. Authentication Bypass - Flask (CVE-2024-6221) - Critical [603]

Description: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

debian: CVE-2024-6221 was patched at 2024-08-21

21. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21103) - Critical [601]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

redos: CVE-2024-21103 was patched at 2024-07-24

High (54)

22. Authentication Bypass - Moby Project (CVE-2024-41110) - High [591]

Description: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.

debian: CVE-2024-41110 was patched at 2024-08-01

redos: CVE-2024-41110 was patched at 2024-07-29

23. Command Injection - GLPI (CVE-2022-39276) - High [580]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds.

redos: CVE-2022-39276 was patched at 2024-07-26

24. Authentication Bypass - Nova (CVE-2024-40767) - High [579]

Description: In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.

redhat: CVE-2024-40767 was patched at 2024-08-07, 2024-08-08

ubuntu: CVE-2024-40767 was patched at 2024-07-23

25. Code Injection - Calibre (CVE-2024-7009) - High [563]

Description: Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

debian: CVE-2024-7009 was patched at 2024-08-21

26. Denial of Service - Curl (CVE-2024-6197) - High [563]

Description: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.

redos: CVE-2024-6197 was patched at 2024-08-12

27. Denial of Service - Envoy (CVE-2024-27919) - High [563]

Description: Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.

redos: CVE-2024-27919 was patched at 2024-08-05

28. Cross Site Scripting - GLPI (CVE-2022-39262) - High [561]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.

redos: CVE-2022-39262 was patched at 2024-07-26

29. Cross Site Scripting - GLPI (CVE-2022-39277) - High [561]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.

redos: CVE-2022-39277 was patched at 2024-07-26

30. Cross Site Scripting - Calibre (CVE-2024-7008) - High [557]

Description: Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

debian: CVE-2024-7008 was patched at 2024-08-21

31. Denial of Service - stb_image.h (CVE-2023-43281) - High [553]

Description: Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

debian: CVE-2023-43281 was patched at 2024-08-21

32. Denial of Service - Python (CVE-2024-7592) - High [546]

Description: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

debian: CVE-2024-7592 was patched at 2024-08-21

33. Denial of Service - RabbitMQ Java Client (CVE-2023-46120) - High [541]

Description: The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

redos: CVE-2023-46120 was patched at 2024-08-06

34. Authentication Bypass - Apache HTTP Server (CVE-2024-40725) - High [539]

Description: {'nvd_cve_data_all': 'A partial fix for\xa0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A partial fix for\xa0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-40725 was patched at 2024-07-18

redos: CVE-2024-40725 was patched at 2024-08-12

ubuntu: CVE-2024-40725 was patched at 2024-07-18

35. Memory Corruption - FFmpeg (CVE-2024-7272) - High [539]

Description: A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.

debian: CVE-2024-7272 was patched at 2024-08-14, 2024-08-21

36. Security Feature Bypass - Linux Kernel (CVE-2024-42318) - High [525]

Description: In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

debian: CVE-2024-42318 was patched at 2024-08-21

37. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21113) - High [523]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2024-21113 was patched at 2024-07-24

38. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21114) - High [523]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2024-21114 was patched at 2024-07-24

39. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21115) - High [523]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2024-21115 was patched at 2024-07-24

40. Open Redirect - webob (CVE-2024-42353) - High [514]

Description: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.

debian: CVE-2024-42353 was patched at 2024-08-21

41. Denial of Service - GPAC (CVE-2023-46929) - High [513]

Description: An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.

redos: CVE-2023-46929 was patched at 2024-08-07

42. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21116) - High [511]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

redos: CVE-2024-21116 was patched at 2024-07-24

43. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21110) - High [500]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

redos: CVE-2024-21110 was patched at 2024-07-24

44. Code Injection - GLPI (CVE-2022-35947) - High [497]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration.

redos: CVE-2022-35947 was patched at 2024-07-26

45. Denial of Service - pdfio (CVE-2024-42358) - High [494]

Description: PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2024-42358 was patched at 2024-08-21

46. Memory Corruption - libcurl (CVE-2024-7264) - High [482]

Description: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

debian: CVE-2024-7264 was patched at 2024-08-01

redos: CVE-2024-7264 was patched at 2024-08-16

ubuntu: CVE-2024-7264 was patched at 2024-08-05, 2024-08-20

47. Denial of Service - GPAC (CVE-2023-50120) - High [477]

Description: MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

redos: CVE-2023-50120 was patched at 2024-08-07

48. Authentication Bypass - GLPI (CVE-2022-24867) - High [463]

Description: GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the source code of the rendered page, we can see the password for the root dn. Users are advised to upgrade. There is no known workaround for this issue.

redos: CVE-2022-24867 was patched at 2024-07-26

49. Authentication Bypass - Minio (CVE-2023-28433) - High [458]

Description: {'nvd_cve_data_all': 'Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-28433 was patched at 2024-08-07

50. Command Injection - Apache Traffic Server (CVE-2024-35161) - High [456]

Description: Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

debian: CVE-2024-35161 was patched at 2024-08-01

51. Remote Code Execution - Mozilla Firefox (CVE-2024-7520) - High [454]

Description: A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

almalinux: CVE-2024-7520 was patched at 2024-08-14, 2024-08-15

oraclelinux: CVE-2024-7520 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7520 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7520 was patched at 2024-08-19

52. Authentication Bypass - Mozilla Firefox (CVE-2024-7525) - High [451]

Description: It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

almalinux: CVE-2024-7525 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7525 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7525 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7525 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7525 was patched at 2024-08-19

53. Code Injection - GLPI (CVE-2022-39323) - High [449]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.

redos: CVE-2022-39323 was patched at 2024-07-26

54. Command Injection - Apache Traffic Server (CVE-2023-38522) - High [444]

Description: Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

debian: CVE-2023-38522 was patched at 2024-08-01

55. Authentication Bypass - Chromium (CVE-2024-6995) - High [439]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-6995 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6995 was patched at 2024-08-07

56. Authentication Bypass - GLPI (CVE-2023-34106) - High [439]

Description: GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch.

redos: CVE-2023-34106 was patched at 2024-08-12

57. Authentication Bypass - GLPI (CVE-2023-34107) - High [439]

Description: GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.

redos: CVE-2023-34107 was patched at 2024-08-12

58. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21112) - High [434]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2024-21112 was patched at 2024-07-24

59. Memory Corruption - vim (CVE-2024-41965) - High [434]

Description: Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.

debian: CVE-2024-41965 was patched at 2024-08-21

60. Remote Code Execution - Chromium (CVE-2024-7256) - High [430]

Description: Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-7256 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7256 was patched at 2024-08-07

61. Security Feature Bypass - Chromium (CVE-2024-7005) - High [425]

Description: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)

debian: CVE-2024-7005 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7005 was patched at 2024-08-07

62. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21109) - High [422]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

redos: CVE-2024-21109 was patched at 2024-07-24

63. Code Injection - GLPI (CVE-2022-35946) - High [413]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script.

redos: CVE-2022-35946 was patched at 2024-07-26

64. Code Injection - PHP (CVE-2023-41884) - High [413]

Description: ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.

debian: CVE-2023-41884 was patched at 2024-08-21

65. Command Injection - GLPI (CVE-2024-27098) - High [413]

Description: GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.

redos: CVE-2024-27098 was patched at 2024-08-12

66. Security Feature Bypass - Mozilla Firefox (CVE-2024-7529) - High [413]

Description: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

almalinux: CVE-2024-7529 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7529 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7529 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7529 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7529 was patched at 2024-08-19

67. Code Injection - django (CVE-2024-42005) - High [411]

Description: An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

debian: CVE-2024-42005 was patched at 2024-08-21

ubuntu: CVE-2024-42005 was patched at 2024-08-06

68. Remote Code Execution - Linux Kernel (CVE-2024-42243) - High [411]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from the WARN_ON() statement in xas_split_alloc(). In our test whose code is attached below, we hit the WARN_ON() on ARM64 system where the base page size is 64KB and huge page size is 512MB. The issue was reported long time ago and some discussions on it can be found here [1]. [1] https://www.spinics.net/lists/linux-xfs/msg75404.html In order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one supported by xarray and avoid PMD-sized page cache if needed. The code changes are suggested by David Hildenbrand. PATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray PATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path PATCH[4] avoids PMD-sized page cache for shmem files if needed Test program ============ # cat test.c #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <fcntl.h> #include <errno.h> #include <sys/syscall.h> #include <sys/mman.h> #define TEST_XFS_FILENAME "/tmp/data" #define TEST_SHMEM_FILENAME "/dev/shm/data" #define TEST_MEM_SIZE 0x20000000 int main(int argc, char **argv) { const char *filename; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret; if (pgsize != 0x10000) { fprintf(stderr, "64KB base page size is required\n"); return -EPERM; } system("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled"); system("rm -fr /tmp/data"); system("rm -fr /dev/shm/data"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ filename = TEST_XFS_FILENAME; if (argc > 1 && !strcmp(argv[1], "shmem")) filename = TEST_SHMEM_FILENAME; fd = open(filename, O_CREAT | O_RDWR | O_TRUNC); if (fd < 0) { fprintf(stderr, "Unable to open <%s>\n", filename); return -EIO; } /* Extend file size */ ret = ftruncate(fd, TEST_MEM_SIZE); if (ret) { fprintf(stderr, "Error %d to ftruncate()\n", ret); goto cleanup; } /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf == (void *)-1) { fprintf(stderr, "Unable to mmap <%s>\n", filename); goto cleanup; } fprintf(stdout, "mapped buffer at 0x%p\n", buf); ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); if (ret) { fprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\n"); goto cleanup; } /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE); if (ret) { fprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\n", ret); goto cleanup; } /* Punch the file to enforce xarray split */ ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); if (ret) fprintf(stderr, "Error %d to fallocate()\n", ret); cleanup: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return 0; } # gcc test.c -o test # cat /proc/1/smaps | grep KernelPageSize | head -n 1 KernelPageSize: 64 kB # ./test shmem : ------------[ cut here ]------------ WARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon \ drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ virtio_net sha1_ce net_failover failover virtio_console virtio_blk \ dimlib virtio_mmio CPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TC ---truncated---

debian: CVE-2024-42243 was patched at 2024-08-21

69. Authentication Bypass - Oracle VM VirtualBox (CVE-2024-21121) - High [410]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

redos: CVE-2024-21121 was patched at 2024-07-24

70. Elevation of Privilege - Intel(R) Processor (CVE-2023-49141) - High [408]

Description: Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.

debian: CVE-2023-49141 was patched at 2024-08-21

ubuntu: CVE-2023-49141 was patched at 2024-08-20

71. Security Feature Bypass - Apache Traffic Server (CVE-2024-35296) - High [408]

Description: Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

debian: CVE-2024-35296 was patched at 2024-08-01

72. Cross Site Scripting - GLPI (CVE-2023-34244) - High [407]

Description: GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.

redos: CVE-2023-34244 was patched at 2024-08-12

73. Remote Code Execution - Newlib (CVE-2024-30949) - High [404]

Description: An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

debian: CVE-2024-30949 was patched at 2024-08-21

74. Security Feature Bypass - Mozilla Firefox (CVE-2024-5692) - High [401]

Description: {'nvd_cve_data_all': 'On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-5692 was patched at 2024-08-14

75. Security Feature Bypass - Node.js (CVE-2024-42461) - High [401]

Description: In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

debian: CVE-2024-42461 was patched at 2024-08-21

Medium (287)

76. Elevation of Privilege - Intel(R) Processor (CVE-2024-24853) - Medium [397]

Description: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.

debian: CVE-2024-24853 was patched at 2024-08-21

ubuntu: CVE-2024-24853 was patched at 2024-08-20

77. Cross Site Scripting - GLPI (CVE-2023-22722) - Medium [395]

Description: GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.

redos: CVE-2023-22722 was patched at 2024-07-29

78. Information Disclosure - .NET and Visual Studio (CVE-2024-38167) - Medium [395]

Description: .NET and Visual Studio Information Disclosure Vulnerability

almalinux: CVE-2024-38167 was patched at 2024-08-13, 2024-08-15

oraclelinux: CVE-2024-38167 was patched at 2024-08-13

redhat: CVE-2024-38167 was patched at 2024-08-13, 2024-08-15

ubuntu: CVE-2024-38167 was patched at 2024-08-13

79. Denial of Service - Linux Kernel (CVE-2024-38384) - Medium [394]

Description: In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in the loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one stat instance being added in blk_cgroup_bio_start(), then the local list in __blkcg_rstat_flush() could be corrupted. Fix the issue by adding one barrier.

redhat: CVE-2024-38384 was patched at 2024-08-07

80. Remote Code Execution - Flask (CVE-2024-32484) - Medium [392]

Description: An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

debian: CVE-2024-32484 was patched at 2024-08-01

81. Remote Code Execution - Curl (CVE-2024-42365) - Medium [390]

Description: Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.

debian: CVE-2024-42365 was patched at 2024-08-21

82. Code Injection - GLPI (CVE-2022-39375) - Medium [389]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.

redos: CVE-2022-39375 was patched at 2024-07-26

83. Incorrect Calculation - Mozilla Firefox (CVE-2024-7521) - Medium [389]

Description: Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

almalinux: CVE-2024-7521 was patched at 2024-08-14, 2024-08-15

debian: CVE-2024-7521 was patched at 2024-08-07, 2024-08-08, 2024-08-21

oraclelinux: CVE-2024-7521 was patched at 2024-08-13, 2024-08-14

redhat: CVE-2024-7521 was patched at 2024-08-13, 2024-08-14, 2024-08-15, 2024-08-19

ubuntu: CVE-2024-7521 was patched at 2024-08-19

84. Memory Corruption - Mozilla Firefox (CVE-2024-7530) - Medium [389]

Description: Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.

ubuntu: CVE-2024-7530 was patched at 2024-08-19

85. Cross Site Scripting - GLPI (CVE-2022-24868) - Medium [383]

Description: GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user viewing the avatar will be subject to a cross site scripting attack. Users of GLPI are advised to upgrade. Users unable to upgrade should disallow SVG avatars.

redos: CVE-2022-24868 was patched at 2024-07-26

86. Cross Site Scripting - GLPI (CVE-2022-31187) - Medium [383]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search.

redos: CVE-2022-31187 was patched at 2024-07-26

87. Cross Site Scripting - GLPI (CVE-2022-35945) - Medium [383]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal a GLPI administrator cookie. Users are advised to upgrade to 10.0.3. There are no known workarounds for this issue. ### Workarounds Do not use a registration key created by an untrusted person.

redos: CVE-2022-35945 was patched at 2024-07-26

88. Cross Site Scripting - GLPI (CVE-2022-39181) - Medium [383]

Description: GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser.

redos: CVE-2022-39181 was patched at 2024-07-29

89. Cross Site Scripting - GLPI (CVE-2024-23645) - Medium [383]

Description: GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.

redos: CVE-2024-23645 was patched at 2024-08-12

90. Cross Site Scripting - Safari (CVE-2024-40785) - Medium [383]

Description: This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

debian: CVE-2024-40785 was patched at 2024-08-21

91. Authentication Bypass - Chromium (CVE-2024-6999) - Medium [379]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-6999 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-6999 was patched at 2024-08-07

92. Authentication Bypass - Chromium (CVE-2024-7001) - Medium [379]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-7001 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7001 was patched at 2024-08-07

93. Authentication Bypass - Chromium (CVE-2024-7003) - Medium [379]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-7003 was patched at 2024-07-31, 2024-08-01

redos: CVE-2024-7003 was patched at 2024-08-07

94. Authentication Bypass - GLPI (CVE-2022-39370) - Medium [379]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script.

redos: CVE-2022-39370 was patched at 2024-07-26

95. Security Feature Bypass - Python (CVE-2024-41671) - Medium [379]

Description: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

debian: CVE-2024-41671 was patched at 2024-08-01

96. Command Injection - GLPI (CVE-2022-36112) - Medium [377]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds.

redos: CVE-2022-36112 was patched at 2024-07-26

97. Denial of Service - GLPI (CVE-2023-23610) - Medium [377]