ISHACK AI BOT

FreeBSD: VID-ADDC71B8-6024-11EF-86A1-8C164567CA3C (CVE-2024-7347): nginx -- Vulnerability in the ngx_http_mp4_module Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:C) Published 08/14/2024 Created 08/24/2024 Added 08/22/2024 Modified 01/28/2025 Description NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) freebsd-upgrade-package-nginx freebsd-upgrade-package-nginx-devel References CVE-2024-7347

F5 Networks: CVE-2024-41727: K000138833: BIG-IP TMM vulnerability CVE-2024-41727 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/14/2024 Created 08/27/2024 Added 08/23/2024 Modified 01/28/2025 Description In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2024-41727 CVE - 2024-41727 https://my.f5.com/manage/s/article/K000138833

VMware Photon OS: CVE-2024-7347 Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 08/14/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-7347 CVE - 2024-7347

Ubuntu: USN-6959-1 (CVE-2024-38167): .NET vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description .NET and Visual Studio Information Disclosure Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-8-0 ubuntu-upgrade-dotnet-host-8-0 ubuntu-upgrade-dotnet-hostfxr-8-0 ubuntu-upgrade-dotnet-runtime-8-0 ubuntu-upgrade-dotnet-sdk-8-0 ubuntu-upgrade-dotnet8 References https://attackerkb.com/topics/cve-2024-38167 CVE - 2024-38167 USN-6959-1

Debian: CVE-2023-49141: intel-microcode -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/14/2024 Created 08/20/2024 Added 08/19/2024 Modified 08/19/2024 Description Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) debian-upgrade-intel-microcode References https://attackerkb.com/topics/cve-2023-49141 CVE - 2023-49141

Adobe Illustrator: CVE-2024-34134: Security updates available for Adobe Illustrator (APSB24-45) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory leak and application denial-of-service. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-34134 CVE - 2024-34134 https://helpx.adobe.com/security/products/illustrator/apsb24-45.html

Adobe Illustrator: CVE-2024-34136: Security updates available for Adobe Illustrator (APSB24-45) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory leak and application denial-of-service. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-34136 CVE - 2024-34136 https://helpx.adobe.com/security/products/illustrator/apsb24-45.html

Adobe Illustrator: CVE-2024-34138: Security updates available for Adobe Illustrator (APSB24-45) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory leak and application denial-of-service. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-34138 CVE - 2024-34138 https://helpx.adobe.com/security/products/illustrator/apsb24-45.html

Microsoft Windows: CVE-2024-38215: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38215: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38215 CVE - 2024-38215 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 View more

Microsoft Windows: CVE-2024-38187: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38187: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38187 CVE - 2024-38187 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 View more

Adobe Illustrator: CVE-2024-34137: Security updates available for Adobe Illustrator (APSB24-45) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory leak and application denial-of-service. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-34137 CVE - 2024-34137 https://helpx.adobe.com/security/products/illustrator/apsb24-45.html

Microsoft Windows: CVE-2024-38185: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38185: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38185 CVE - 2024-38185 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 View more

Microsoft Windows: CVE-2024-38138: Windows Deployment Services Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 11/15/2024 Description Microsoft Windows: CVE-2024-38138: Windows Deployment Services Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5043125 microsoft-windows-windows_server_2012_r2-kb5043138 microsoft-windows-windows_server_2016-1607-kb5043051 microsoft-windows-windows_server_2019-1809-kb5044277 microsoft-windows-windows_server_2022-21h2-kb5042881 microsoft-windows-windows_server_2022-22h2-kb5042881 microsoft-windows-windows_server_2022-23h2-kb5043055 References https://attackerkb.com/topics/cve-2024-38138 CVE - 2024-38138 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5042881 https://support.microsoft.com/help/5043051 https://support.microsoft.com/help/5043055 https://support.microsoft.com/help/5043125 https://support.microsoft.com/help/5043126 https://support.microsoft.com/help/5043138 https://support.microsoft.com/help/5044277 View more

Microsoft Windows: CVE-2024-38159: Windows Network Virtualization Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38159: Windows Network Virtualization Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_server_2016-1607-kb5041773 References https://attackerkb.com/topics/cve-2024-38159 CVE - 2024-38159 https://support.microsoft.com/help/5041773

Alma Linux: CVE-2023-20584: Important: linux-firmware security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:C/A:N) Published 08/13/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. Solution(s) alma-upgrade-iwl100-firmware alma-upgrade-iwl1000-firmware alma-upgrade-iwl105-firmware alma-upgrade-iwl135-firmware alma-upgrade-iwl2000-firmware alma-upgrade-iwl2030-firmware alma-upgrade-iwl3160-firmware alma-upgrade-iwl3945-firmware alma-upgrade-iwl4965-firmware alma-upgrade-iwl5000-firmware alma-upgrade-iwl5150-firmware alma-upgrade-iwl6000-firmware alma-upgrade-iwl6000g2a-firmware alma-upgrade-iwl6000g2b-firmware alma-upgrade-iwl6050-firmware alma-upgrade-iwl7260-firmware alma-upgrade-libertas-sd8686-firmware alma-upgrade-libertas-sd8787-firmware alma-upgrade-libertas-usb8388-firmware alma-upgrade-libertas-usb8388-olpc-firmware alma-upgrade-linux-firmware alma-upgrade-linux-firmware-whence alma-upgrade-netronome-firmware References https://attackerkb.com/topics/cve-2023-20584 CVE - 2023-20584 https://errata.almalinux.org/8/ALSA-2024-7481.html https://errata.almalinux.org/9/ALSA-2024-7484.html

Adobe Photoshop: CVE-2024-34117: Security updates available for Adobe Photoshop (APSB24-49) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 11/19/2024 Added 11/18/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2024-34117 CVE - 2024-34117 https://helpx.adobe.com/security/products/photoshop/apsb24-49.html

Red Hat: CVE-2023-20584: kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:C/A:N) Published 08/13/2024 Created 10/08/2024 Added 10/07/2024 Modified 12/16/2024 Description IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. Solution(s) redhat-upgrade-iwl100-firmware redhat-upgrade-iwl1000-firmware redhat-upgrade-iwl105-firmware redhat-upgrade-iwl135-firmware redhat-upgrade-iwl2000-firmware redhat-upgrade-iwl2030-firmware redhat-upgrade-iwl3160-firmware redhat-upgrade-iwl3945-firmware redhat-upgrade-iwl4965-firmware redhat-upgrade-iwl5000-firmware redhat-upgrade-iwl5150-firmware redhat-upgrade-iwl6000-firmware redhat-upgrade-iwl6000g2a-firmware redhat-upgrade-iwl6000g2b-firmware redhat-upgrade-iwl6050-firmware redhat-upgrade-iwl7260-firmware redhat-upgrade-libertas-sd8686-firmware redhat-upgrade-libertas-sd8787-firmware redhat-upgrade-libertas-usb8388-firmware redhat-upgrade-libertas-usb8388-olpc-firmware redhat-upgrade-linux-firmware redhat-upgrade-linux-firmware-whence redhat-upgrade-netronome-firmware References CVE-2023-20584 RHSA-2024:7481 RHSA-2024:7483 RHSA-2024:7484

Microsoft Windows: CVE-2024-29995: Windows Kerberos Elevation of Privilege Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-29995: Windows Kerberos Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-29995 CVE - 2024-29995 5041160 5041578 5041580 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Alpine Linux: CVE-2024-38167: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/14/2024 Description .NET and Visual Studio Information Disclosure Vulnerability Solution(s) alpine-linux-upgrade-dotnet8-runtime References https://attackerkb.com/topics/cve-2024-38167 CVE - 2024-38167 https://security.alpinelinux.org/vuln/CVE-2024-38167

Alma Linux: CVE-2024-38167: Moderate: .NET 8.0 security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 08/23/2024 Added 08/22/2024 Modified 01/28/2025 Description .NET and Visual Studio Information Disclosure Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-8.0 alma-upgrade-aspnetcore-runtime-dbg-8.0 alma-upgrade-aspnetcore-targeting-pack-8.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-8.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-8.0 alma-upgrade-dotnet-runtime-8.0 alma-upgrade-dotnet-runtime-dbg-8.0 alma-upgrade-dotnet-sdk-8.0 alma-upgrade-dotnet-sdk-8.0-source-built-artifacts alma-upgrade-dotnet-sdk-dbg-8.0 alma-upgrade-dotnet-targeting-pack-8.0 alma-upgrade-dotnet-templates-8.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2024-38167 CVE - 2024-38167 https://errata.almalinux.org/8/ALSA-2024-5337.html https://errata.almalinux.org/9/ALSA-2024-5334.html

Red Hat: CVE-2024-38167: dotnet8.0: Information disclosure vulnerability in TlsStream (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 09/04/2024 Added 09/03/2024 Modified 09/13/2024 Description .NET and Visual Studio Information Disclosure Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-runtime-dbg-8-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-8-0 redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-sdk-dbg-8-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2024-38167 RHSA-2024:5334 RHSA-2024:5337

Oracle Linux: CVE-2023-20584: ELSA-2024-12797: linux-firmware security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:C/A:N) Published 08/13/2024 Created 11/13/2024 Added 11/11/2024 Modified 12/01/2024 Description IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. Solution(s) oracle-linux-upgrade-iwl1000-firmware oracle-linux-upgrade-iwl100-firmware oracle-linux-upgrade-iwl105-firmware oracle-linux-upgrade-iwl135-firmware oracle-linux-upgrade-iwl2000-firmware oracle-linux-upgrade-iwl2030-firmware oracle-linux-upgrade-iwl3160-firmware oracle-linux-upgrade-iwl3945-firmware oracle-linux-upgrade-iwl4965-firmware oracle-linux-upgrade-iwl5000-firmware oracle-linux-upgrade-iwl5150-firmware oracle-linux-upgrade-iwl6000-firmware oracle-linux-upgrade-iwl6000g2a-firmware oracle-linux-upgrade-iwl6000g2b-firmware oracle-linux-upgrade-iwl6050-firmware oracle-linux-upgrade-iwl7260-firmware oracle-linux-upgrade-iwlax2xx-firmware oracle-linux-upgrade-libertas-sd8686-firmware oracle-linux-upgrade-libertas-sd8787-firmware oracle-linux-upgrade-libertas-usb8388-firmware oracle-linux-upgrade-libertas-usb8388-olpc-firmware oracle-linux-upgrade-linux-firmware oracle-linux-upgrade-linux-firmware-core oracle-linux-upgrade-linux-firmware-whence oracle-linux-upgrade-liquidio-firmware oracle-linux-upgrade-netronome-firmware References https://attackerkb.com/topics/cve-2023-20584 CVE - 2023-20584 ELSA-2024-12797

Microsoft Windows: CVE-2024-38165: Windows Compressed Folder Tampering Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38165: Windows Compressed Folder Tampering Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 References https://attackerkb.com/topics/cve-2024-38165 CVE - 2024-38165 https://support.microsoft.com/help/5040442

Microsoft Windows: CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38140 CVE - 2024-38140 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Alma Linux: CVE-2023-31356: Important: linux-firmware security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/13/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/07/2024 Description Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. Solution(s) alma-upgrade-iwl100-firmware alma-upgrade-iwl1000-firmware alma-upgrade-iwl105-firmware alma-upgrade-iwl135-firmware alma-upgrade-iwl2000-firmware alma-upgrade-iwl2030-firmware alma-upgrade-iwl3160-firmware alma-upgrade-iwl3945-firmware alma-upgrade-iwl4965-firmware alma-upgrade-iwl5000-firmware alma-upgrade-iwl5150-firmware alma-upgrade-iwl6000-firmware alma-upgrade-iwl6000g2a-firmware alma-upgrade-iwl6000g2b-firmware alma-upgrade-iwl6050-firmware alma-upgrade-iwl7260-firmware alma-upgrade-libertas-sd8686-firmware alma-upgrade-libertas-sd8787-firmware alma-upgrade-libertas-usb8388-firmware alma-upgrade-libertas-usb8388-olpc-firmware alma-upgrade-linux-firmware alma-upgrade-linux-firmware-whence alma-upgrade-netronome-firmware References https://attackerkb.com/topics/cve-2023-31356 CVE - 2023-31356 https://errata.almalinux.org/8/ALSA-2024-7481.html https://errata.almalinux.org/9/ALSA-2024-7484.html