ISHACK AI BOT

Debian: CVE-2024-4317: postgresql-15 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 10/29/2024 Added 10/28/2024 Modified 02/14/2025 Description Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected. Solution(s) debian-upgrade-postgresql-15 References https://attackerkb.com/topics/cve-2024-4317 CVE - 2024-4317

Oracle Linux: CVE-2024-4367: ELSA-2024-2883:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/21/2024 Added 05/17/2024 Modified 01/07/2025 Description A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-4367 CVE - 2024-4367 ELSA-2024-2883 ELSA-2024-2881 ELSA-2024-2888 ELSA-2024-3783 ELSA-2024-2913 ELSA-2024-3784 View more

Microsoft Windows: CVE-2024-30035: Windows DWM Core Library Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 08/13/2024 Description Windows DWM Core Library Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5037770 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 References https://attackerkb.com/topics/cve-2024-30035 CVE - 2024-30035 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037770 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 View more

Microsoft Windows: CVE-2024-30032: Windows DWM Core Library Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 08/13/2024 Description Windows DWM Core Library Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5037770 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 References https://attackerkb.com/topics/cve-2024-30032 CVE - 2024-30032 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037770 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 View more

Oracle Linux: CVE-2024-4777: ELSA-2024-2883:firefox security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/14/2024 Created 05/21/2024 Added 05/17/2024 Modified 01/07/2025 Description Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-4777 CVE - 2024-4777 ELSA-2024-2883 ELSA-2024-2881 ELSA-2024-2888 ELSA-2024-3783 ELSA-2024-2913 ELSA-2024-3784 View more

Microsoft Windows: CVE-2024-30039: Windows Remote Access Connection Manager Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 09/06/2024 Description Windows Remote Access Connection Manager Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5037770 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2012-kb5037778 microsoft-windows-windows_server_2012_r2-kb5037823 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 msft-kb5037803-917baaff-bfb9-4b2f-b561-fb28357ada5f msft-kb5037836-9a6e4267-ddba-4af3-ae7b-b4bc66fd6601 msft-kb5037836-e81d6341-a6bf-46d2-8b19-4b1e9f89480e References https://attackerkb.com/topics/cve-2024-30039 CVE - 2024-30039 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037770 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037778 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 https://support.microsoft.com/help/5037823 View more

Microsoft Windows: CVE-2024-30049: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 09/06/2024 Description Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5037770 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2012-kb5037778 microsoft-windows-windows_server_2012_r2-kb5037823 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 msft-kb5037803-917baaff-bfb9-4b2f-b561-fb28357ada5f msft-kb5037836-9a6e4267-ddba-4af3-ae7b-b4bc66fd6601 msft-kb5037836-e81d6341-a6bf-46d2-8b19-4b1e9f89480e References https://attackerkb.com/topics/cve-2024-30049 CVE - 2024-30049 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037770 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037778 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 https://support.microsoft.com/help/5037823 View more

Debian: CVE-2024-32021: git -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/28/2024 Added 06/27/2024 Modified 06/27/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2024-32021 CVE - 2024-32021 DLA-3844-1

Debian: CVE-2024-31445: cacti -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/30/2025 Description Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue. Solution(s) debian-upgrade-cacti References https://attackerkb.com/topics/cve-2024-31445 CVE - 2024-31445 DLA-3884-1

OS X update for PackageKit (CVE-2024-27824) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 01/28/2025 Description This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges. Solution(s) apple-osx-upgrade-12_7_5 apple-osx-upgrade-13_6_7 apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27824 CVE - 2024-27824 https://support.apple.com/en-us/120899 https://support.apple.com/en-us/120900 https://support.apple.com/en-us/120903

Microsoft Office: CVE-2024-30042: Microsoft Excel Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 09/10/2024 Description Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002587 microsoft-office_online_server-kb5002503 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-30042 CVE - 2024-30042 https://support.microsoft.com/help/5002503 https://support.microsoft.com/help/5002587

MFSA2024-21 Firefox: Security Vulnerabilities fixed in Firefox 126 (CVE-2024-4777) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-firefox-upgrade-126_0 References https://attackerkb.com/topics/cve-2024-4777 CVE - 2024-4777 http://www.mozilla.org/security/announce/2024/mfsa2024-21.html

Debian: CVE-2024-27834: webkit2gtk, wpewebkit -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 05/14/2024 Created 05/24/2024 Added 05/23/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-27834 CVE - 2024-27834 DSA-5695-1

MFSA2024-22 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.11 (CVE-2024-4768) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-firefox-esr-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4768 CVE - 2024-4768 http://www.mozilla.org/security/announce/2024/mfsa2024-22.html

MFSA2024-22 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.11 (CVE-2024-4769) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses.This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-firefox-esr-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4769 CVE - 2024-4769 http://www.mozilla.org/security/announce/2024/mfsa2024-22.html

MFSA2024-22 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.11 (CVE-2024-4770) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-firefox-esr-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4770 CVE - 2024-4770 http://www.mozilla.org/security/announce/2024/mfsa2024-22.html

MFSA2024-22 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.11 (CVE-2024-4777) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-firefox-esr-upgrade-115_11 References https://attackerkb.com/topics/cve-2024-4777 CVE - 2024-4777 http://www.mozilla.org/security/announce/2024/mfsa2024-22.html

Huawei EulerOS: CVE-2024-27282: ruby security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Solution(s) huawei-euleros-2_0_sp11-upgrade-ruby huawei-euleros-2_0_sp11-upgrade-ruby-help huawei-euleros-2_0_sp11-upgrade-ruby-irb References https://attackerkb.com/topics/cve-2024-27282 CVE - 2024-27282 EulerOS-SA-2024-2594

Microsoft Windows: CVE-2024-30006: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 09/06/2024 Description Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5037770 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2012-kb5037778 microsoft-windows-windows_server_2012_r2-kb5037823 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 msft-kb5037803-917baaff-bfb9-4b2f-b561-fb28357ada5f msft-kb5037836-9a6e4267-ddba-4af3-ae7b-b4bc66fd6601 msft-kb5037836-e81d6341-a6bf-46d2-8b19-4b1e9f89480e References https://attackerkb.com/topics/cve-2024-30006 CVE - 2024-30006 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037770 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037778 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 https://support.microsoft.com/help/5037823 View more

Microsoft Windows: CVE-2024-30007: Microsoft Brokering File System Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 08/13/2024 Description Microsoft Brokering File System Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_server_2022-23h2-kb5037781 References https://attackerkb.com/topics/cve-2024-30007 CVE - 2024-30007 https://support.microsoft.com/help/5037781

Microsoft Windows: CVE-2024-30008: Windows DWM Core Library Information DisclosureVulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 08/13/2024 Description Windows DWM Core Library Information DisclosureVulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5037770 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 References https://attackerkb.com/topics/cve-2024-30008 CVE - 2024-30008 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037770 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 View more

MFSA2024-21 Firefox: Security Vulnerabilities fixed in Firefox 126 (CVE-2024-4767) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) mozilla-firefox-upgrade-126_0 References https://attackerkb.com/topics/cve-2024-4767 CVE - 2024-4767 http://www.mozilla.org/security/announce/2024/mfsa2024-21.html

Microsoft SharePoint: CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 12/10/2024 Description Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002598 microsoft-sharepoint-sharepoint_2019-kb5002596 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002599 References https://attackerkb.com/topics/cve-2024-30044 CVE - 2024-30044 https://support.microsoft.com/help/5002596 https://support.microsoft.com/help/5002598 https://support.microsoft.com/help/5002599

MFSA2024-21 Firefox: Security Vulnerabilities fixed in Firefox 126 (CVE-2024-4773) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 05/16/2024 Description When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. Solution(s) mozilla-firefox-upgrade-126_0 References https://attackerkb.com/topics/cve-2024-4773 CVE - 2024-4773 http://www.mozilla.org/security/announce/2024/mfsa2024-21.html

Microsoft Windows: CVE-2024-30023: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 09/06/2024 Description Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5037770 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2012-kb5037778 microsoft-windows-windows_server_2012_r2-kb5037823 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 msft-kb5037803-917baaff-bfb9-4b2f-b561-fb28357ada5f msft-kb5037836-9a6e4267-ddba-4af3-ae7b-b4bc66fd6601 msft-kb5037836-e81d6341-a6bf-46d2-8b19-4b1e9f89480e References https://attackerkb.com/topics/cve-2024-30023 CVE - 2024-30023 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037770 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037778 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 https://support.microsoft.com/help/5037823 View more