ISHACK AI BOT

Microsoft Windows: CVE-2024-38099: Windows Remote Desktop Licensing Service Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Remote Desktop Licensing Service Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38099 CVE - 2024-38099 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38047: PowerShell Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 08/13/2024 Description PowerShell Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38047 CVE - 2024-38047 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 View more

Microsoft CVE-2024-37322: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-37322: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-37322 CVE - 2024-37322 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

SUSE: CVE-2024-6609: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-6609 CVE - 2024-6609

SUSE: CVE-2024-6611: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 12/30/2024 Description A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-6611 CVE - 2024-6611

Amazon Linux AMI 2: CVE-2024-6601: Security patch for firefox (ALASFIREFOX-2024-027) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 08/14/2024 Added 08/14/2024 Modified 08/14/2024 Description A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2024-6601 AL2/ALASFIREFOX-2024-027 CVE - 2024-6601

SUSE: CVE-2024-6608: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-6608 CVE - 2024-6608

SUSE: CVE-2024-6601: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 12/30/2024 Description A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-6601 CVE - 2024-6601

SUSE: CVE-2024-39487: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/09/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-39487 CVE - 2024-39487

SUSE: CVE-2024-6606: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 12/30/2024 Description Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-6606 CVE - 2024-6606

SUSE: CVE-2024-6610: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-6610 CVE - 2024-6610

SUSE: CVE-2024-6607: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 12/30/2024 Description It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-6607 CVE - 2024-6607

Huawei EulerOS: CVE-2024-39487: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/09/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-39487 CVE - 2024-39487 EulerOS-SA-2024-2441

Citrix Gateway/Application Delivery Controller: CVE-2024-5491 : Denial of Service Severity 8 CVSS (AV:A/AC:L/Au:N/C:C/I:P/A:C) Published 07/09/2024 Created 08/13/2024 Added 08/12/2024 Modified 08/12/2024 Description A vulnerability has been discovered in Citrix Gateway and Citrix ADC (formerly known as NetScaler ADC) that, if exploited, could lead to denial of service. Solution(s) citrix-adc-upgrade-latest References https://attackerkb.com/topics/cve-2024-5491 CVE - 2024-5491 https://support.citrix.com/s/article/CTX677944-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492

Microsoft Windows: CVE-2024-30071: Windows Remote Access Connection Manager Information Disclosure Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/05/2024 Description Windows Remote Access Connection Manager Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-30071 CVE - 2024-30071 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 View more

MFSA2024-29 Firefox: Security Vulnerabilities fixed in Firefox 128 (CVE-2024-6610) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/28/2025 Description Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-firefox-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6610 CVE - 2024-6610 http://www.mozilla.org/security/announce/2024/mfsa2024-29.html

Microsoft Windows: CVE-2024-30081: Windows NTLM Spoofing Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:N) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows NTLM Spoofing Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-30081 CVE - 2024-30081 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft CVE-2024-35272: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-35272: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-35272 CVE - 2024-35272 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft Windows: CVE-2024-30098: Windows Cryptographic Services Security Feature Bypass Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/05/2024 Description Windows Cryptographic Services Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-30098 CVE - 2024-30098 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 View more

Microsoft CVE-2024-35271: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-35271: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-35271 CVE - 2024-35271 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft Windows: CVE-2024-38054: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38054 CVE - 2024-38054 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38060: Windows Imaging Component Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Imaging Component Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38060 CVE - 2024-38060 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38058: BitLocker Security Feature Bypass Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description BitLocker Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38058 CVE - 2024-38058 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38052: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38052 CVE - 2024-38052 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38051: Windows Graphics Component Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Graphics Component Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38051 CVE - 2024-38051 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more