ISHACK AI BOT

Microsoft Windows: CVE-2024-38051: Windows Graphics Component Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Graphics Component Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38051 CVE - 2024-38051 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-37972: Secure Boot Security Feature Bypass Vulnerability Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-37972 CVE - 2024-37972 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-37974: Secure Boot Security Feature Bypass Vulnerability Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-37974 CVE - 2024-37974 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38033: PowerShell Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 12/10/2024 Description PowerShell Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38033 CVE - 2024-38033 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048735 View more

Microsoft CVE-2024-21449: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21449: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21449 CVE - 2024-21449 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-21373: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21373: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21373 CVE - 2024-21373 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Debian: CVE-2024-6603: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/12/2024 Added 07/12/2024 Modified 07/22/2024 Description In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-6603 CVE - 2024-6603 DSA-5727-1

Microsoft CVE-2024-21332: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21332: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21332 CVE - 2024-21332 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-21331: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21331: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21331 CVE - 2024-21331 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-21425: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21425: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21425 CVE - 2024-21425 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Debian: CVE-2024-6604: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/12/2024 Added 07/12/2024 Modified 07/22/2024 Description Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-6604 CVE - 2024-6604 DSA-5727-1

Microsoft CVE-2024-21317: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21317: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21317 CVE - 2024-21317 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-20701: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-20701: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-20701 CVE - 2024-20701 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Microsoft CVE-2024-21428: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-21428: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-21428 CVE - 2024-21428 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

Citrix Gateway/Application Delivery Controller: CVE-2024-5492 : Denial of Service Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 07/09/2024 Created 08/13/2024 Added 08/12/2024 Modified 08/12/2024 Description Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway. Solution(s) citrix-adc-upgrade-latest References https://attackerkb.com/topics/cve-2024-5492 CVE - 2024-5492 https://support.citrix.com/s/article/CTX677944-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492

Oracle Linux: CVE-2024-30105: ELSA-2024-4450:dotnet8.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/12/2024 Added 07/10/2024 Modified 01/07/2025 Description .NET Core and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. This issue can cause a denial of service in the System.Text.Json deserialization. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-8-0 oracle-linux-upgrade-aspnetcore-runtime-dbg-8-0 oracle-linux-upgrade-aspnetcore-targeting-pack-8-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-8-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-8-0 oracle-linux-upgrade-dotnet-runtime-8-0 oracle-linux-upgrade-dotnet-runtime-dbg-8-0 oracle-linux-upgrade-dotnet-sdk-8-0 oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-dbg-8-0 oracle-linux-upgrade-dotnet-targeting-pack-8-0 oracle-linux-upgrade-dotnet-templates-8-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2024-30105 CVE - 2024-30105 ELSA-2024-4450 ELSA-2024-4451

Ubuntu: (Multiple Advisories) (CVE-2024-38875): Django vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 11/15/2024 Description An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. Solution(s) ubuntu-pro-upgrade-python-django ubuntu-pro-upgrade-python3-django References https://attackerkb.com/topics/cve-2024-38875 CVE - 2024-38875 USN-6888-1 USN-6888-2

Microsoft Windows: CVE-2024-38067: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38067 CVE - 2024-38067 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Debian: CVE-2024-6609: nss -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 10/30/2024 Added 10/29/2024 Modified 01/28/2025 Description When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) debian-upgrade-nss References https://attackerkb.com/topics/cve-2024-6609 CVE - 2024-6609 DLA-3937-1

Microsoft Windows: CVE-2024-38022: Windows Image Acquisition Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Image Acquisition Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38022 CVE - 2024-38022 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38019: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38019 CVE - 2024-38019 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

MFSA2024-29 Firefox: Security Vulnerabilities fixed in Firefox 128 (CVE-2024-6615) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 07/18/2024 Description Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-firefox-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6615 CVE - 2024-6615 http://www.mozilla.org/security/announce/2024/mfsa2024-29.html

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6607) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/18/2024 Description It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6607 CVE - 2024-6607 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

Ubuntu: USN-6890-1 (CVE-2024-6610): Firefox vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/09/2024 Created 07/12/2024 Added 07/11/2024 Modified 01/28/2025 Description Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-6610 CVE - 2024-6610 USN-6890-1

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6600) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 02/14/2025 Description Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6600 CVE - 2024-6600 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html