ISHACK AI BOT

Microsoft Office: CVE-2024-30101: Microsoft Office Remote Code Execution Vulnerability Severity 4 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/10/2024 Description Microsoft Office Remote Code Execution Vulnerability Solution(s) microsoft-office_2016-kb5002575 microsoft-office_2016-kb5002591 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-30101 CVE - 2024-30101 https://support.microsoft.com/help/5002575 https://support.microsoft.com/help/5002591

Microsoft Windows: CVE-2024-30091: Win32k Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Win32k Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30091 CVE - 2024-30091 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Microsoft Windows: CVE-2024-30096: Windows Cryptographic Services Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 08/13/2024 Description Windows Cryptographic Services Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30096 CVE - 2024-30096 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 View more

Microsoft Windows: CVE-2024-30070: DHCP Server Service Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description DHCP Server Service Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 References https://attackerkb.com/topics/cve-2024-30070 CVE - 2024-30070 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294

Magento XXE Unserialize Arbitrary File Read Disclosed 06/11/2024 Created 07/18/2024 Description This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system. Author(s) Sergey Temnikov Heyder Development Source Code History

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5701) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/13/2024 Description Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5701 CVE - 2024-5701 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html

MFSA2024-26 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.12 (CVE-2024-5696) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/17/2024 Description By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) mozilla-firefox-esr-upgrade-115_12 References https://attackerkb.com/topics/cve-2024-5696 CVE - 2024-5696 http://www.mozilla.org/security/announce/2024/mfsa2024-26.html

MFSA2024-26 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.12 (CVE-2024-5700) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/17/2024 Description Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) mozilla-firefox-esr-upgrade-115_12 References https://attackerkb.com/topics/cve-2024-5700 CVE - 2024-5700 http://www.mozilla.org/security/announce/2024/mfsa2024-26.html

Red Hat: CVE-2024-5700: Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/19/2024 Added 06/18/2024 Modified 09/03/2024 Description Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-5700 RHSA-2024:3949 RHSA-2024:3950 RHSA-2024:3951 RHSA-2024:3954 RHSA-2024:3955 RHSA-2024:4002 RHSA-2024:4004 RHSA-2024:4016 RHSA-2024:4018 RHSA-2024:4036 View more

Oracle Linux: CVE-2024-5688: ELSA-2024-4016:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/19/2024 Added 06/17/2024 Modified 01/07/2025 Description If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox &lt; 127, Firefox ESR &lt; 115.12, and Thunderbird &lt; 115.12. The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5688 CVE - 2024-5688 ELSA-2024-4016 ELSA-2024-3954 ELSA-2024-3955 ELSA-2024-4036 ELSA-2024-3951 ELSA-2024-4002 View more

Oracle Linux: CVE-2024-5691: ELSA-2024-4016:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 06/11/2024 Created 06/19/2024 Added 06/17/2024 Modified 01/07/2025 Description By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox &lt; 127, Firefox ESR &lt; 115.12, and Thunderbird &lt; 115.12. The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5691 CVE - 2024-5691 ELSA-2024-4016 ELSA-2024-3954 ELSA-2024-3955 ELSA-2024-4036 ELSA-2024-3951 ELSA-2024-4002 View more

Microsoft Windows: CVE-2024-30064: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 08/13/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30064 CVE - 2024-30064 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236

Oracle Linux: CVE-2024-35235: ELSA-2024-4776:cups security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 06/11/2024 Created 07/04/2024 Added 07/03/2024 Modified 01/07/2025 Description OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. A flaw was found in the cupsd server. When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Since cupsd is often running as root, this issue can result in the change of permission of any user or system files to be world writable. Solution(s) oracle-linux-upgrade-cups oracle-linux-upgrade-cups-client oracle-linux-upgrade-cups-devel oracle-linux-upgrade-cups-filesystem oracle-linux-upgrade-cups-ipptool oracle-linux-upgrade-cups-libs oracle-linux-upgrade-cups-lpd oracle-linux-upgrade-cups-printerapp References https://attackerkb.com/topics/cve-2024-35235 CVE - 2024-35235 ELSA-2024-4776 ELSA-2024-4265

Microsoft Edge Chromium: CVE-2024-5832 Use after free in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-5832 CVE - 2024-5832 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5832

OS X update for Foundation (CVE-2024-27801) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27801 CVE - 2024-27801 https://support.apple.com/en-us/120903

Google Chrome Vulnerability: CVE-2024-3173 Insufficient data validation in Updater Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/11/2024 Added 06/11/2024 Modified 01/28/2025 Description Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-3173 CVE - 2024-3173 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html

Microsoft Edge Chromium: CVE-2024-5842 Use after free in Browser UI Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/28/2025 Description Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-5842 CVE - 2024-5842 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5842

Google Chrome Vulnerability: CVE-2023-7013 Inappropriate implementation in Compositing Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/11/2024 Created 06/11/2024 Added 06/11/2024 Modified 01/28/2025 Description Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-7013 CVE - 2023-7013

SUSE: CVE-2024-5691: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/11/2024 Created 06/14/2024 Added 06/13/2024 Modified 01/28/2025 Description By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-5691 CVE - 2024-5691

SUSE: CVE-2024-5839: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5839 CVE - 2024-5839

Microsoft Edge Chromium: CVE-2024-5834 Inappropriate implementation in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/28/2025 Description Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-5834 CVE - 2024-5834 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5834

OS X update for WebKit Web Inspector (CVE-2024-27820) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27820 CVE - 2024-27820 https://support.apple.com/en-us/120903

Microsoft Edge Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/28/2025 Description Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-5839 CVE - 2024-5839 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5839

Debian: CVE-2024-5839: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5839 CVE - 2024-5839 DSA-5710-1

OS X update for WebKit (CVE-2024-27851) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27851 CVE - 2024-27851 https://support.apple.com/en-us/120903