ISHACK AI BOT

Red Hat: CVE-2023-31315: hw: amd: SMM Lock Bypass (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 08/12/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/07/2024 Description Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. Solution(s) redhat-upgrade-iwl100-firmware redhat-upgrade-iwl1000-firmware redhat-upgrade-iwl105-firmware redhat-upgrade-iwl135-firmware redhat-upgrade-iwl2000-firmware redhat-upgrade-iwl2030-firmware redhat-upgrade-iwl3160-firmware redhat-upgrade-iwl3945-firmware redhat-upgrade-iwl4965-firmware redhat-upgrade-iwl5000-firmware redhat-upgrade-iwl5150-firmware redhat-upgrade-iwl6000-firmware redhat-upgrade-iwl6000g2a-firmware redhat-upgrade-iwl6000g2b-firmware redhat-upgrade-iwl6050-firmware redhat-upgrade-iwl7260-firmware redhat-upgrade-libertas-sd8686-firmware redhat-upgrade-libertas-sd8787-firmware redhat-upgrade-libertas-usb8388-firmware redhat-upgrade-libertas-usb8388-olpc-firmware redhat-upgrade-linux-firmware References CVE-2023-31315 RHSA-2024:7481

Debian: CVE-2024-7006: tiff -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/12/2024 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2024-7006 CVE - 2024-7006 DLA-4026-1

Huawei EulerOS: CVE-2024-43168: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/12/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. Solution(s) huawei-euleros-2_0_sp9-upgrade-python3-unbound huawei-euleros-2_0_sp9-upgrade-unbound huawei-euleros-2_0_sp9-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-43168 CVE - 2024-43168 EulerOS-SA-2024-2840

Huawei EulerOS: CVE-2024-43167: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/12/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. Solution(s) huawei-euleros-2_0_sp9-upgrade-python3-unbound huawei-euleros-2_0_sp9-upgrade-unbound huawei-euleros-2_0_sp9-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-43167 CVE - 2024-43167 EulerOS-SA-2024-2840

Huawei EulerOS: CVE-2024-43167: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/12/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/29/2024 Description DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. Solution(s) huawei-euleros-2_0_sp11-upgrade-python3-unbound huawei-euleros-2_0_sp11-upgrade-unbound huawei-euleros-2_0_sp11-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-43167 CVE - 2024-43167 EulerOS-SA-2024-2595

Huawei EulerOS: CVE-2024-7006: libtiff security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/12/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2024-7006 CVE - 2024-7006 EulerOS-SA-2024-2833

Microsoft Windows: CVE-2024-38122: Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38122: Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 msft-kb5041847-4d9cc014-448f-49f3-bc16-f9fc14378e9c msft-kb5041847-63a8ef5d-1856-402b-9a6e-446f772a3882 References https://attackerkb.com/topics/cve-2024-38122 CVE - 2024-38122 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041847 5041850 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

Microsoft Windows: CVE-2024-38127: Windows Hyper-V Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/11/2024 Description Microsoft Windows: CVE-2024-38127: Windows Hyper-V Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5041782 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2012-kb5041851 microsoft-windows-windows_server_2012_r2-kb5041828 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 msft-kb5041823-fa579db5-9512-46c4-8ade-a01dcf632759 References https://attackerkb.com/topics/cve-2024-38127 CVE - 2024-38127 5041160 5041571 5041573 5041578 5041580 5041585 5041592 5041773 5041782 5041823 5041828 5041838 5041851 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 https://support.microsoft.com/help/5041782 https://support.microsoft.com/help/5041828 https://support.microsoft.com/help/5041851 View more

FreeBSD: VID-9D8E9952-5A42-11EF-A219-1C697A616631 (CVE-2024-25939): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/13/2024 Created 08/16/2024 Added 08/14/2024 Modified 08/14/2024 Description Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-25939

Microsoft Office: CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/10/2024 Description Microsoft Office: CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability Solution(s) microsoft-project_2016-kb5002561 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-38189 CVE - 2024-38189 https://support.microsoft.com/help/5002561

FreeBSD: VID-9D8E9952-5A42-11EF-A219-1C697A616631 (CVE-2023-49141): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/13/2024 Created 08/16/2024 Added 08/14/2024 Modified 08/14/2024 Description Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2023-49141

Oracle Linux: CVE-2023-31356: ELSA-2024-12797: linux-firmware security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:C/A:N) Published 08/13/2024 Created 11/13/2024 Added 11/11/2024 Modified 12/01/2024 Description Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. Solution(s) oracle-linux-upgrade-iwl1000-firmware oracle-linux-upgrade-iwl100-firmware oracle-linux-upgrade-iwl105-firmware oracle-linux-upgrade-iwl135-firmware oracle-linux-upgrade-iwl2000-firmware oracle-linux-upgrade-iwl2030-firmware oracle-linux-upgrade-iwl3160-firmware oracle-linux-upgrade-iwl3945-firmware oracle-linux-upgrade-iwl4965-firmware oracle-linux-upgrade-iwl5000-firmware oracle-linux-upgrade-iwl5150-firmware oracle-linux-upgrade-iwl6000-firmware oracle-linux-upgrade-iwl6000g2a-firmware oracle-linux-upgrade-iwl6000g2b-firmware oracle-linux-upgrade-iwl6050-firmware oracle-linux-upgrade-iwl7260-firmware oracle-linux-upgrade-iwlax2xx-firmware oracle-linux-upgrade-libertas-sd8686-firmware oracle-linux-upgrade-libertas-sd8787-firmware oracle-linux-upgrade-libertas-usb8388-firmware oracle-linux-upgrade-libertas-usb8388-olpc-firmware oracle-linux-upgrade-linux-firmware oracle-linux-upgrade-linux-firmware-core oracle-linux-upgrade-linux-firmware-whence oracle-linux-upgrade-liquidio-firmware oracle-linux-upgrade-netronome-firmware References https://attackerkb.com/topics/cve-2023-31356 CVE - 2023-31356 ELSA-2024-12797

Microsoft Windows: CVE-2024-38137: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38137: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38137 CVE - 2024-38137 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 View more

Microsoft Windows: CVE-2024-38133: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38133: Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38133 CVE - 2024-38133 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 View more

Microsoft Windows: CVE-2024-38123: Windows Bluetooth Driver Information Disclosure Vulnerability Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 08/19/2024 Description Microsoft Windows: CVE-2024-38123: Windows Bluetooth Driver Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_11-24h2-kb5041571 References https://attackerkb.com/topics/cve-2024-38123 CVE - 2024-38123 https://support.microsoft.com/help/5041571

Microsoft Windows: CVE-2024-21302: Windows Secure Kernel Mode Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-21302: Windows Secure Kernel Mode Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5041773 microsoft-windows-windows_10-1809-kb5041578 microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2016-1607-kb5041773 microsoft-windows-windows_server_2019-1809-kb5041578 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-21302 CVE - 2024-21302 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041578 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 https://support.microsoft.com/help/5041773 View more

Microsoft Windows: CVE-2024-38148: Windows Secure Channel Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38148: Windows Secure Channel Denial of Service Vulnerability Solution(s) microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38148 CVE - 2024-38148 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592

Microsoft Windows: CVE-2024-38147: Microsoft DWM Core Library Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38147: Microsoft DWM Core Library Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5041580 microsoft-windows-windows_10-22h2-kb5041580 microsoft-windows-windows_11-21h2-kb5041592 microsoft-windows-windows_11-22h2-kb5041585 microsoft-windows-windows_11-23h2-kb5041585 microsoft-windows-windows_11-24h2-kb5041571 microsoft-windows-windows_server_2022-21h2-kb5041160 microsoft-windows-windows_server_2022-22h2-kb5041160 microsoft-windows-windows_server_2022-23h2-kb5041573 References https://attackerkb.com/topics/cve-2024-38147 CVE - 2024-38147 https://support.microsoft.com/help/5041160 https://support.microsoft.com/help/5041571 https://support.microsoft.com/help/5041573 https://support.microsoft.com/help/5041580 https://support.microsoft.com/help/5041585 https://support.microsoft.com/help/5041592 View more

Adobe Illustrator: CVE-2024-34118: Security updates available for Adobe Illustrator (APSB24-45) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory leak and application denial-of-service. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-34118 CVE - 2024-34118 https://helpx.adobe.com/security/products/illustrator/apsb24-45.html

Alpine Linux: CVE-2024-38168: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/13/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/14/2024 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) alpine-linux-upgrade-dotnet8-runtime References https://attackerkb.com/topics/cve-2024-38168 CVE - 2024-38168 https://security.alpinelinux.org/vuln/CVE-2024-38168

Microsoft Office: CVE-2024-38170: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description Microsoft Office: CVE-2024-38170: Microsoft Excel Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-38170 CVE - 2024-38170

Microsoft Windows: CVE-2024-38184: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38184: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38184 CVE - 2024-38184 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 View more

Microsoft Windows: CVE-2024-38161: Windows Mobile Broadband Driver Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/13/2024 Created 08/14/2024 Added 08/13/2024 Modified 09/03/2024 Description Microsoft Windows: CVE-2024-38161: Windows Mobile Broadband Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2019-1809-kb5040430 References https://attackerkb.com/topics/cve-2024-38161 CVE - 2024-38161 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040442

MongoDB: Unspecified Security Vulnerability (CVE-2024-6384) Severity 6 CVSS (AV:N/AC:M/Au:S/C:C/I:N/A:N) Published 08/13/2024 Created 08/20/2024 Added 08/19/2024 Modified 01/30/2025 Description "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 Solution(s) mongodb-upgrade-6_0_16 mongodb-upgrade-7_0_11 mongodb-upgrade-7_3_3 References https://attackerkb.com/topics/cve-2024-6384 CVE - 2024-6384 https://jira.mongodb.org/browse/SERVER-93516 https://security.netapp.com/advisory/ntap-20241115-0001/

Adobe Acrobat: CVE-2024-41833: Security updates available for Adobe Acrobat and Reader (APSB24-57) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 08/13/2024 Created 08/14/2024 Added 08/14/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak. Adobe is aware that CVE-2024-39383 has a known proof-of-concept that could cause Adobe Acrobat and Reader to crash. Adobe is not aware of this issue being exploited in the wild. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2024-41833 https://helpx.adobe.com/security/products/acrobat/apsb24-57.html CVE - 2024-41833