ISHACK AI BOT

Microsoft Office: CVE-2024-38171: Microsoft PowerPoint Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description Microsoft Office: CVE-2024-38171: Microsoft PowerPoint Remote Code Execution Vulnerability Solution(s) microsoft-powerpoint_2016-kb5002586 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-38171 CVE - 2024-38171 https://support.microsoft.com/help/5002586

Microsoft Windows: CVE-2024-38125: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38125: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38125 CVE - 2024-38125 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38114: Windows IP Routing Management Snapin Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38114: Windows IP Routing Management Snapin Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38114 CVE - 2024-38114 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-37968: Windows DNS Spoofing Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-37968: Windows DNS Spoofing Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-37968 CVE - 2024-37968 5041160 5041573 5041578 5041773 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38132: Windows Network Address Translation (NAT) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38132: Windows Network Address Translation (NAT) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38132 CVE - 2024-38132 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041828 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 View more

Microsoft Windows: CVE-2024-38144: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38144: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38144 CVE - 2024-38144 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38130: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38130: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38130 CVE - 2024-38130 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38152: Windows OLE Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38152: Windows OLE Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38152 CVE - 2024-38152 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38153: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38153: Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38153 CVE - 2024-38153 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38145: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38145: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38145 CVE - 2024-38145 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041828 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38193 CVE - 2024-38193 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38180: Windows SmartScreen Security Feature Bypass Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38180: Windows SmartScreen Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38180 CVE - 2024-38180 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38198: Windows Print Spooler Elevation of Privilege Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38198: Windows Print Spooler Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38198 CVE - 2024-38198 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Adobe Acrobat: CVE-2024-45107: Security updates available for Adobe Acrobat and Reader (APSB24-57) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 09/13/2024 Added 09/12/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak. Adobe is aware that CVE-2024-39383 has a known proof-of-concept that could cause Adobe Acrobat and Reader to crash. Adobe is not aware of this issue being exploited in the wild. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2024-45107 https://helpx.adobe.com/security/products/acrobat/apsb24-57.html CVE - 2024-45107

Adobe Acrobat: CVE-2024-41835: Security updates available for Adobe Acrobat and Reader (APSB24-57) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/14/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak. Adobe is aware that CVE-2024-39383 has a known proof-of-concept that could cause Adobe Acrobat and Reader to crash. Adobe is not aware of this issue being exploited in the wild. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2024-41835 https://helpx.adobe.com/security/products/acrobat/apsb24-57.html CVE - 2024-41835

Adobe Acrobat: CVE-2024-39383: Security updates available for Adobe Acrobat and Reader (APSB24-57) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/14/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak. Adobe is aware that CVE-2024-39383 has a known proof-of-concept that could cause Adobe Acrobat and Reader to crash. Adobe is not aware of this issue being exploited in the wild. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2024-39383 https://helpx.adobe.com/security/products/acrobat/apsb24-57.html CVE - 2024-39383

Microsoft Windows: CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38106 CVE - 2024-38106 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 View more

Debian: CVE-2024-36460: zabbix -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 08/12/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2024-36460 CVE - 2024-36460 DLA-3909-1

Adobe Acrobat: CVE-2024-39420: Security updates available for Adobe Acrobat and Reader (APSB24-57) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 09/13/2024 Added 09/12/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak. Adobe is aware that CVE-2024-39383 has a known proof-of-concept that could cause Adobe Acrobat and Reader to crash. Adobe is not aware of this issue being exploited in the wild. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2024-39420 https://helpx.adobe.com/security/products/acrobat/apsb24-57.html CVE - 2024-39420

Debian: CVE-2024-22122: zabbix -- security update Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 08/12/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2024-22122 CVE - 2024-22122 DLA-3909-1

An XSS vulnerability was observed due to the execution of malicious JavaScript code from an externally shared file via non-sanitized parameter Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 08/12/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-33536 CVE - 2024-33536 https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes

Huawei EulerOS: CVE-2024-43167: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/12/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. Solution(s) huawei-euleros-2_0_sp10-upgrade-python3-unbound huawei-euleros-2_0_sp10-upgrade-unbound huawei-euleros-2_0_sp10-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-43167 CVE - 2024-43167 EulerOS-SA-2024-2917

Huawei EulerOS: CVE-2024-7006: libtiff security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/12/2024 Created 11/06/2024 Added 11/05/2024 Modified 01/28/2025 Description A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. Solution(s) huawei-euleros-2_0_sp12-upgrade-libtiff References https://attackerkb.com/topics/cve-2024-7006 CVE - 2024-7006 EulerOS-SA-2024-2801

Huawei EulerOS: CVE-2024-43168: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/12/2024 Created 11/27/2024 Added 11/26/2024 Modified 11/26/2024 Description DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3-unbound huawei-euleros-2_0_sp12-upgrade-unbound huawei-euleros-2_0_sp12-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-43168 CVE - 2024-43168 EulerOS-SA-2024-2930

Amazon Linux 2023: CVE-2024-42258: Medium priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/12/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1].It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/ Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-106-116-188 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-42258 CVE - 2024-42258 https://alas.aws.amazon.com/AL2023/ALAS-2024-709.html