ISHACK AI BOT

Debian: CVE-2024-5845: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5845 CVE - 2024-5845 DSA-5710-1

OS X update for Disk Images (CVE-2024-27832) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27832 CVE - 2024-27832 https://support.apple.com/en-us/120903

Debian: CVE-2024-5841: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5841 CVE - 2024-5841 DSA-5710-1

Debian: CVE-2024-5833: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5833 CVE - 2024-5833 DSA-5710-1

Debian: CVE-2024-5838: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5838 CVE - 2024-5838 DSA-5710-1

Debian: CVE-2024-5842: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5842 CVE - 2024-5842 DSA-5710-1

Microsoft Windows: CVE-2024-30068: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 08/13/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30068 CVE - 2024-30068 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 View more

Microsoft Windows: CVE-2024-30067: Winlogon Elevation of Privilege Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Winlogon Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30067 CVE - 2024-30067 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Microsoft Windows: CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30080 CVE - 2024-30080 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Microsoft Windows: CVE-2024-30063: Windows Distributed File System (DFS) Remote Code Execution Vulnerability Severity 7 CVSS (AV:A/AC:M/Au:S/C:C/I:C/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Distributed File System (DFS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30063 CVE - 2024-30063 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Debian: CVE-2024-5696: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/20/2024 Description By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5696 CVE - 2024-5696 DLA-3825-1 DSA-5709-1

Amazon Linux AMI 2: CVE-2024-35255: Security patch for amazon-cloudwatch-agent (ALAS-2024-2630) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 06/11/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/28/2025 Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Solution(s) amazon-linux-ami-2-upgrade-amazon-cloudwatch-agent References https://attackerkb.com/topics/cve-2024-35255 AL2/ALAS-2024-2630 CVE - 2024-35255

CentOS Linux: CVE-2024-5700: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/19/2024 Added 06/18/2024 Modified 06/21/2024 Description Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2024-5700

Ubuntu: (Multiple Advisories) (CVE-2024-5700): Thunderbird vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/24/2024 Added 06/24/2024 Modified 07/04/2024 Description Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5700 CVE - 2024-5700 USN-6840-1 USN-6862-1

Ubuntu: USN-6862-1 (CVE-2024-5694): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 06/11/2024 Created 07/04/2024 Added 07/04/2024 Modified 01/28/2025 Description An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-5694 CVE - 2024-5694 USN-6862-1

Alpine Linux: CVE-2024-5846: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2024-5846 CVE - 2024-5846 https://security.alpinelinux.org/vuln/CVE-2024-5846

Gentoo Linux: CVE-2024-5700: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 08/08/2024 Added 08/07/2024 Modified 12/09/2024 Description Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-5700 CVE - 2024-5700 202408-02 202412-06 202412-13

Alpine Linux: CVE-2024-35235: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 06/11/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. Solution(s) alpine-linux-upgrade-cups References https://attackerkb.com/topics/cve-2024-35235 CVE - 2024-35235 https://security.alpinelinux.org/vuln/CVE-2024-35235

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5691) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5691 CVE - 2024-5691 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html

Microsoft Windows: CVE-2024-30062: Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/05/2024 Description Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 References https://attackerkb.com/topics/cve-2024-30062 CVE - 2024-30062 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039294

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5695) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5695 CVE - 2024-5695 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html

Microsoft Windows: CVE-2024-30083: Windows Standards-Based Storage Management Service Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/05/2024 Description Windows Standards-Based Storage Management Service Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 References https://attackerkb.com/topics/cve-2024-30083 CVE - 2024-30083 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039294

Microsoft Windows: CVE-2024-35265: Windows Perception Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 08/13/2024 Description Windows Perception Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2019-1809-kb5039217 References https://attackerkb.com/topics/cve-2024-35265 CVE - 2024-35265 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039217

Microsoft Windows: CVE-2024-30076: Windows Container Manager Service Elevation of Privilege Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:S/C:N/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 08/13/2024 Description Windows Container Manager Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30076 CVE - 2024-30076 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 View more

Rocky Linux: CVE-2024-5693: thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 07/03/2024 Added 07/03/2024 Modified 11/18/2024 Description Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-5693 CVE - 2024-5693 https://errata.rockylinux.org/RLSA-2024:3954 https://errata.rockylinux.org/RLSA-2024:3955 https://errata.rockylinux.org/RLSA-2024:4002 https://errata.rockylinux.org/RLSA-2024:4036