ISHACK AI BOT

Microsoft Windows: CVE-2024-30079: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/05/2024 Description Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-30079 CVE - 2024-30079 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 View more

MFSA2024-32 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128 (CVE-2024-6601) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/17/2024 Added 07/17/2024 Modified 02/14/2025 Description A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-thunderbird-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6601 CVE - 2024-6601 http://www.mozilla.org/security/announce/2024/mfsa2024-32.html

Gentoo Linux: CVE-2024-6613: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-6613 CVE - 2024-6613 202412-04

Gentoo Linux: CVE-2024-6602: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-6602 CVE - 2024-6602 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-6611: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-6611 CVE - 2024-6611 202412-04

Gentoo Linux: CVE-2024-6609: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-6609 CVE - 2024-6609 202412-04

Gentoo Linux: CVE-2024-6604: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-6604 CVE - 2024-6604 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-6614: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-6614 CVE - 2024-6614 202412-04

Microsoft Windows: CVE-2024-38078: Xbox Wireless Adapter Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 01/28/2025 Description Xbox Wireless Adapter Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 References https://attackerkb.com/topics/cve-2024-38078 CVE - 2024-38078 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040442

Alma Linux: CVE-2024-6237: Moderate: 389-ds-base security update (ALSA-2024-5192) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 07/09/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service. Solution(s) alma-upgrade-389-ds-base alma-upgrade-389-ds-base-devel alma-upgrade-389-ds-base-libs alma-upgrade-python3-lib389 References https://attackerkb.com/topics/cve-2024-6237 CVE - 2024-6237 https://errata.almalinux.org/9/ALSA-2024-5192.html

Gentoo Linux: CVE-2024-6606: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-6606 CVE - 2024-6606 202412-04

Ubuntu: (Multiple Advisories) (CVE-2024-3596): FreeRADIUS vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 10/05/2024 Added 10/04/2024 Modified 02/06/2025 Description RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Solution(s) ubuntu-pro-upgrade-freeradius ubuntu-pro-upgrade-libk5crypto3 ubuntu-pro-upgrade-libkrad0 References https://attackerkb.com/topics/cve-2024-3596 CVE - 2024-3596 USN-7055-1 USN-7257-1

Amazon Linux 2023: CVE-2024-30105: Important priority package update for dotnet8.0 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description .NET Core and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. This issue can cause a denial of service in the System.Text.Json deserialization. Solution(s) amazon-linux-2023-upgrade-aspnetcore-runtime-8-0 amazon-linux-2023-upgrade-aspnetcore-runtime-dbg-8-0 amazon-linux-2023-upgrade-aspnetcore-targeting-pack-8-0 amazon-linux-2023-upgrade-dotnet amazon-linux-2023-upgrade-dotnet8-0-debuginfo amazon-linux-2023-upgrade-dotnet8-0-debugsource amazon-linux-2023-upgrade-dotnet-apphost-pack-8-0 amazon-linux-2023-upgrade-dotnet-apphost-pack-8-0-debuginfo amazon-linux-2023-upgrade-dotnet-host amazon-linux-2023-upgrade-dotnet-host-debuginfo amazon-linux-2023-upgrade-dotnet-hostfxr-8-0 amazon-linux-2023-upgrade-dotnet-hostfxr-8-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-8-0 amazon-linux-2023-upgrade-dotnet-runtime-8-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-dbg-8-0 amazon-linux-2023-upgrade-dotnet-sdk-8-0 amazon-linux-2023-upgrade-dotnet-sdk-8-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-8-0-source-built-artifacts amazon-linux-2023-upgrade-dotnet-sdk-dbg-8-0 amazon-linux-2023-upgrade-dotnet-targeting-pack-8-0 amazon-linux-2023-upgrade-dotnet-templates-8-0 amazon-linux-2023-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2024-30105 CVE - 2024-30105 https://alas.aws.amazon.com/AL2023/ALAS-2024-686.html

MFSA2024-29 Firefox: Security Vulnerabilities fixed in Firefox 128 (CVE-2024-6609) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/28/2025 Description When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-firefox-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6609 CVE - 2024-6609 http://www.mozilla.org/security/announce/2024/mfsa2024-29.html

Microsoft Windows: CVE-2024-38091: Microsoft WS-Discovery Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Microsoft WS-Discovery Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38091 CVE - 2024-38091 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft CVE-2024-38087: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/24/2024 Description Microsoft CVE-2024-38087: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Solution(s) msft-kb5040936-7fc6ee4b-10c8-4f0d-bfee-7af9fded9609-x64 msft-kb5040939-da31a30d-c2f7-4572-ba58-bf7768fdba81-x64 msft-kb5040940-e9a129ab-0013-46f1-ad94-774cdd4fbb50-x64 msft-kb5040942-03004e03-15c7-4451-b235-4988dfedd7e4-x64 msft-kb5040946-03a36e8c-1a66-4fc1-b864-e3e98bd3b365-x64 msft-kb5040948-8aff9f52-1745-404e-a0ba-c2abcd699a72-x64 msft-kb5040986-5d553aff-31db-4dd2-8bc7-3eccaf22bf65-x64 References https://attackerkb.com/topics/cve-2024-38087 CVE - 2024-38087 5040936 5040939 5040940 5040942 5040944 5040946 5040948 5040986 View more

MFSA2024-29 Firefox: Security Vulnerabilities fixed in Firefox 128 (CVE-2024-6612) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 07/18/2024 Description CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128. Solution(s) mozilla-firefox-upgrade-128_0 References https://attackerkb.com/topics/cve-2024-6612 CVE - 2024-6612 http://www.mozilla.org/security/announce/2024/mfsa2024-29.html

MFSA2024-30 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.13 (CVE-2024-6603) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/09/2024 Created 07/10/2024 Added 07/10/2024 Modified 07/18/2024 Description In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. Solution(s) mozilla-firefox-esr-upgrade-115_13 References https://attackerkb.com/topics/cve-2024-6603 CVE - 2024-6603 http://www.mozilla.org/security/announce/2024/mfsa2024-30.html

Microsoft Windows: CVE-2024-38100: Windows File Explorer Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 08/13/2024 Description Windows File Explorer Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38100 CVE - 2024-38100 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438

Microsoft Windows: CVE-2024-38101: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38101 CVE - 2024-38101 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38102: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38102 CVE - 2024-38102 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38105: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 References https://attackerkb.com/topics/cve-2024-38105 CVE - 2024-38105 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38104: Windows Fax Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Fax Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012-kb5040485 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 msft-kb5040498-f961cc14-8b04-4069-ace4-5f938af42077 References https://attackerkb.com/topics/cve-2024-38104 CVE - 2024-38104 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 https://support.microsoft.com/help/5040485 View more

Microsoft Windows: CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/11/2024 Description Windows MSHTML Platform Spoofing Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-windows-windows_11-23h2-kb5040442 microsoft-windows-windows_server_2012_r2-kb5040456 microsoft-windows-windows_server_2016-1607-kb5040434 microsoft-windows-windows_server_2019-1809-kb5040430 microsoft-windows-windows_server_2022-21h2-kb5040437 microsoft-windows-windows_server_2022-22h2-kb5040437 microsoft-windows-windows_server_2022-23h2-kb5040438 msft-kb5040426-423f79a9-d258-474b-9545-91459897a778 msft-kb5040426-4a732f68-f2cf-4bd9-a4dd-724fb84519c5 msft-kb5040426-816ca114-6f28-404c-81ee-7becc1c43b49 msft-kb5040490-a33291f3-f1b2-46ec-995d-5a6bcd9b90c7 msft-kb5040490-ecd666b8-158c-4500-abdb-abf60983b463 References https://attackerkb.com/topics/cve-2024-38112 CVE - 2024-38112 https://support.microsoft.com/help/5040427 https://support.microsoft.com/help/5040430 https://support.microsoft.com/help/5040431 https://support.microsoft.com/help/5040434 https://support.microsoft.com/help/5040437 https://support.microsoft.com/help/5040438 https://support.microsoft.com/help/5040442 https://support.microsoft.com/help/5040448 https://support.microsoft.com/help/5040456 View more

Oracle Linux: CVE-2024-6409: ELSA-2024-4457:openssh security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:C) Published 07/08/2024 Created 07/12/2024 Added 08/16/2024 Modified 11/22/2024 Description A race condition vulnerability was discovered in how signals are handled by OpenSSH&apos;s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd&apos;s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. Solution(s) oracle-linux-upgrade-openssh oracle-linux-upgrade-openssh-askpass oracle-linux-upgrade-openssh-clients oracle-linux-upgrade-openssh-keycat oracle-linux-upgrade-openssh-server oracle-linux-upgrade-pam-ssh-agent-auth References https://attackerkb.com/topics/cve-2024-6409 CVE - 2024-6409 ELSA-2024-4457