November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 😱
2 vulnerabilities in Chromium with signs of exploitation in the wild:
🔻 Security Feature Bypass - Chromium (CVE-2024-10229)
🔻 Memory Corruption - Chromium (CVE-2024-10230, CVE-2024-10231)
There are no signs of exploitation in the wild for 27 vulnerabilities yet, but there are public exploits. Of these, I would draw attention to:
🔸 Remote Code Execution - PyTorch (CVE-2024-48063)
🔸 Remote Code Execution - OpenRefine Butterfly (CVE-2024-47883) - "web application framework"
🔸 Code Injection - OpenRefine tool (CVE-2024-47881)
🔸 Command Injection - Eclipse Jetty (CVE-2024-6763)
🔸 Memory Corruption - pure-ftpd (CVE-2024-48208)
🗒 Vulristics November Linux Patch Wednesday Report
На русском
@avleonovcom #LinuxPatchWednesday #Vulristics #Linux
2 vulnerabilities in Chromium with signs of exploitation in the wild:
🔻 Security Feature Bypass - Chromium (CVE-2024-10229)
🔻 Memory Corruption - Chromium (CVE-2024-10230, CVE-2024-10231)
There are no signs of exploitation in the wild for 27 vulnerabilities yet, but there are public exploits. Of these, I would draw attention to:
🔸 Remote Code Execution - PyTorch (CVE-2024-48063)
🔸 Remote Code Execution - OpenRefine Butterfly (CVE-2024-47883) - "web application framework"
🔸 Code Injection - OpenRefine tool (CVE-2024-47881)
🔸 Command Injection - Eclipse Jetty (CVE-2024-6763)
🔸 Memory Corruption - pure-ftpd (CVE-2024-48208)
🗒 Vulristics November Linux Patch Wednesday Report
На русском
@avleonovcom #LinuxPatchWednesday #Vulristics #Linux