ISHACK AI BOT

Microsoft CVE-2024-37327: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37327: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37327 CVE - 2024-37327 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

MFSA2024-29 Firefox: Security Vulnerabilities fixed in Firefox 128 (CVE-2024-6603) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 07/18/2024 Description In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-firefox-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6603 CVE - 2024-6603 http://www.mozilla.org/security/announce/2024/mfsa2024-29.html

Microsoft CVE-2024-37328: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37328: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37328 CVE - 2024-37328 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-37330: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37330: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37330 CVE - 2024-37330 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

MFSA2024-29 Firefox: Security Vulnerabilities fixed in Firefox 128 (CVE-2024-6602) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 11/29/2024 Description A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-firefox-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6602 CVE - 2024-6602 http://www.mozilla.org/security/announce/2024/mfsa2024-29.html

Microsoft CVE-2024-37331: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37331: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37331 CVE - 2024-37331 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

MFSA2024-29 Firefox: Security Vulnerabilities fixed in Firefox 128 (CVE-2024-6601) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 07/18/2024 Description A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-firefox-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6601 CVE - 2024-6601 http://www.mozilla.org/security/announce/2024/mfsa2024-29.html

Microsoft CVE-2024-37332: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37332: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37332 CVE - 2024-37332 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-37333: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37333: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37333 CVE - 2024-37333 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-37318: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37318: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37318 CVE - 2024-37318 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft Windows: CVE-2024-3596: CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-3596 CVE - 2024-3596 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-35270: Windows iSCSI Service Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:M/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows iSCSI Service Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-35270 CVE - 2024-35270 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-30013: Windows MultiPoint Services Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 08/13/2024 Description Windows MultiPoint Services Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-30013 CVE - 2024-30013 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 View more

Microsoft CVE-2024-21333: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21333: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21333 CVE - 2024-21333 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft Windows: CVE-2024-37971: Secure Boot Security Feature Bypass Vulnerability Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-37971 CVE - 2024-37971 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Red Hat: CVE-2024-39487: kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/09/2024 Created 08/13/2024 Added 08/12/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-39487 RHSA-2024:5101 RHSA-2024:5102 RHSA-2024:5363

Huawei EulerOS: CVE-2024-5569: python-zipp security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 11/06/2024 Added 11/05/2024 Modified 11/05/2024 Description A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3-zipp References https://attackerkb.com/topics/cve-2024-5569 CVE - 2024-5569 EulerOS-SA-2024-2804

Microsoft CVE-2024-37334: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/11/2024 Description Microsoft CVE-2024-37334: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37334 CVE - 2024-37334 5040711 5040712 5040936 5040939 5040948 5040986 View more

Microsoft CVE-2024-38081: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 10/04/2024 Description Microsoft CVE-2024-38081: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Solution(s) msft-kb5039879-5c2555a3-6485-450e-a5e8-6e97e24cdbbb msft-kb5039879-71501772-90d8-487b-b6de-989496ee81ae msft-kb5039879-98afe6b4-7cb4-4827-a8ad-9d7e0f9c10d0 msft-kb5039880-22a909be-2db3-4945-ac6e-19921436040d msft-kb5039881-3da4f55d-f42f-4986-b8e9-95398379a170 msft-kb5039882-0461a5c5-9c30-469b-89ea-d75cd009c2b4 msft-kb5039882-5f1f8591-2333-4bd4-bda7-0b3a3e62bedb msft-kb5039882-9e089058-47b0-44f3-9951-421515af9825 msft-kb5039884-8b67726d-1132-495b-9fb9-1192b6c1216b msft-kb5039884-98011209-19ed-4b89-83b2-e984fd8294f7 msft-kb5039884-f3d62c07-93e0-4a06-bbb3-9906e5e79709 msft-kb5039884-f8764080-1c5a-4f62-ae44-f76f5c1fb26a msft-kb5039885-27354877-4133-4588-bb75-4a9dc322a75c msft-kb5039885-98d84420-8ecd-48f4-a864-4b6fe6b3f614 msft-kb5039885-bb971d61-05ff-48e6-be18-bb812ee73461 msft-kb5039886-315b6689-f6ec-4750-a330-c6a7c4c42d6f msft-kb5039886-53dbe717-b873-4aed-b8bc-0cbe8a05dc6c msft-kb5039886-b4b0c4b3-9685-4727-90b3-f742d8b88eed msft-kb5039887-980b8a1b-af78-4f29-90fe-296afc55c0c0 msft-kb5039888-092ac4c4-8220-40e7-b3e3-495e587608bd msft-kb5039889-2f4dcd35-cd9a-4a94-a77f-2623abd3aaa9 msft-kb5039889-58ea9d63-ae8c-45ad-a75c-922834c9db3f msft-kb5039890-d70eb7d9-9731-4aba-9c1d-781c4723fea0 msft-kb5039891-2204c67b-f133-4209-8811-47543066bef9 msft-kb5039893-3c120983-8cb7-44b5-99c9-0483e1b66c6f msft-kb5039893-52ddddba-a145-443b-831c-2fc24df92d89 msft-kb5039893-6f79dbb6-70d2-49d7-91da-8e4ced0ed891 msft-kb5039893-dc43a012-90d0-4c5c-955b-68dc75e68d25 msft-kb5039895-82a393f7-5604-4951-a2cb-ba475b840594 msft-kb5039895-c79f3adb-d9dd-4d07-9819-2ce1590b1a10 msft-kb5039906-ae5e3991-d24a-4c6d-92ab-d9fca6daa6b5 msft-kb5039907-51196fce-9664-4228-8218-5c7485806dcc msft-kb5039907-d65c39e6-aeb7-41c2-94af-4659e29be41c msft-kb5039908-bf42e93c-b8af-4eae-89a6-c0d35e938e92 msft-kb5039909-a2bdb2a7-786a-453d-94f8-8d55c4cefd50 msft-kb5039910-87855d42-fae5-48d5-8a53-53dac2317253 msft-kb5039911-c11e36d9-b681-486c-81a5-31c16352bb4d msft-kb5039911-faff5d86-547a-4562-a806-71bf68959ae5 msft-kb5040118-6f292fbf-1f5c-42cd-af38-1ac8d3133b14 msft-kb5040118-c5a5e461-a8c9-4309-a355-7240089a25e0 msft-kb5040119-cb909b17-0e21-4347-98d0-7b5b81ff56b2 msft-kb5040122-94fed9b5-c34d-4e1f-b5c4-14b3efbdf45b msft-kb5040122-a06eb5dd-d826-4b74-bf6b-f104269aa0b7 msft-kb5040122-dec7a394-4c24-4738-b00d-d21244bace36 msft-kb5040123-b6cb0538-b29c-427a-88bd-da7e9903720f microsoft-windows-windows_server_2016-1607-kb5040434 msft-kb5040434-6330ce65-cf6e-45f9-bd2d-1c0348e36329 msft-kb5040434-29e720bd-ebf8-41ff-9cdb-57dd925bfc12 msft-kb5040434-936b1890-d17f-4af3-b627-89887a2d445f References https://attackerkb.com/topics/cve-2024-38081 CVE - 2024-38081 5039879 5039880 5039881 5039882 5039884 5039885 5039886 5039887 5039888 5039889 5039890 5039891 5039893 5039895 5039906 5039907 5039908 5039909 5039910 5039911 5040118 5040119 5040122 5040123 5040434 5040438 5040448 5040673 5040680 5041016 5041017 5041018 5041019 5041020 5041021 5041022 5041023 5041024 5041026 5041027 5041080 5041081 View more

Microsoft Windows: CVE-2024-38048: Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38048 CVE - 2024-38048 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Oracle Linux: CVE-2024-39487: ELSA-2024-12610: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/09/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval-&gt;string is an empty string, newval-&gt;string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-39487 CVE - 2024-39487 ELSA-2024-12610 ELSA-2024-5101 ELSA-2024-12618 ELSA-2024-12779 ELSA-2024-5363 ELSA-2024-12612 ELSA-2024-12851 View more

Microsoft CVE-2024-37329: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37329: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37329 CVE - 2024-37329 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft Windows: CVE-2024-38055: Microsoft Windows Codecs Library Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Microsoft Windows Codecs Library Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38055 CVE - 2024-38055 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 08/13/2024 Description Windows Hyper-V Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38080 CVE - 2024-38080 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442

Microsoft Windows: CVE-2024-38043: PowerShell Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 08/13/2024 Description PowerShell Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38043 CVE - 2024-38043 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 View more