ISHACK AI BOT

Microsoft Windows: CVE-2024-26253: Windows rndismp6.sys Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows rndismp6.sys Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26253 CVE - 2024-26253 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26252: Windows rndismp6.sys Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows rndismp6.sys Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26252 CVE - 2024-26252 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26250: Secure Boot Security Feature Bypass Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26250 CVE - 2024-26250 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26248: Windows Kerberos Elevation of Privilege Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows Kerberos Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26248 CVE - 2024-26248 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26245: Windows SMB Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows SMB Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 References https://attackerkb.com/topics/cve-2024-26245 CVE - 2024-26245 https://support.microsoft.com/help/5036925

Microsoft CVE-2024-28932: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-28932: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-28932 CVE - 2024-28932 5035432 5035434 5036335 5036343 5037570 5037571 View more

Microsoft Windows: CVE-2024-26222: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26222 CVE - 2024-26222 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910

Microsoft CVE-2024-28941: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-28941: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-28941 CVE - 2024-28941 5035432 5035434 5036335 5036343 5037570 5037571 View more

Microsoft CVE-2024-28942: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-28942: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-28942 CVE - 2024-28942 5035432 5035434 5036335 5036343 5037572 5037573 View more

Microsoft Windows: CVE-2024-26207: Windows Remote Access Connection Manager Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/05/2024 Description Windows Remote Access Connection Manager Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5037788 microsoft-windows-windows_10-1607-kb5037763 microsoft-windows-windows_10-1809-kb5037765 microsoft-windows-windows_10-21h2-kb5037768 microsoft-windows-windows_10-22h2-kb5037768 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5037771 microsoft-windows-windows_11-23h2-kb5037771 microsoft-windows-windows_server_2012_r2-kb5037823 microsoft-windows-windows_server_2016-1607-kb5037763 microsoft-windows-windows_server_2019-1809-kb5037765 microsoft-windows-windows_server_2022-21h2-kb5037782 microsoft-windows-windows_server_2022-22h2-kb5037782 microsoft-windows-windows_server_2022-23h2-kb5037781 References https://attackerkb.com/topics/cve-2024-26207 CVE - 2024-26207 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5037763 https://support.microsoft.com/help/5037765 https://support.microsoft.com/help/5037768 https://support.microsoft.com/help/5037771 https://support.microsoft.com/help/5037781 https://support.microsoft.com/help/5037782 https://support.microsoft.com/help/5037788 https://support.microsoft.com/help/5037823 View more

Microsoft Windows: CVE-2024-26223: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26223 CVE - 2024-26223 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910

Microsoft Windows: CVE-2024-20678: Remote Procedure Call Runtime Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Remote Procedure Call Runtime Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-20678 CVE - 2024-20678 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26205: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26205 CVE - 2024-26205 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26224: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-26224 CVE - 2024-26224 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910

Microsoft CVE-2024-29044: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/11/2024 Description Microsoft CVE-2024-29044: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5035432-d97a1fcd-d0c8-40c3-9210-2d011a735734-x64 msft-kb5035434-2cd70150-9029-45c6-988e-1c461fbbf569-x64 msft-kb5036335-2e46842c-5d02-40bd-9d51-6b402081d64d-x64 msft-kb5036343-fc6968a8-4ca4-4135-b692-8ef1d5dc57dc-x64 References https://attackerkb.com/topics/cve-2024-29044 CVE - 2024-29044 5035432 5035434 5036335 5036343 5037572 5037573 View more

Microsoft Windows: CVE-2024-26228: Windows Cryptographic Services Security Feature Bypass Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows Cryptographic Services Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26228 CVE - 2024-26228 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-26194: Secure Boot Security Feature Bypass Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26194 CVE - 2024-26194 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Alpine Linux: CVE-2024-21409: Vulnerability in Multiple Components Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime alpine-linux-upgrade-dotnet7-build alpine-linux-upgrade-dotnet7-runtime alpine-linux-upgrade-dotnet8-runtime References https://attackerkb.com/topics/cve-2024-21409 CVE - 2024-21409 https://security.alpinelinux.org/vuln/CVE-2024-21409

Adobe Photoshop: CVE-2024-20770: Security updates available for Adobe Photoshop (APSB24-16) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 04/09/2024 Created 04/29/2024 Added 04/10/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves an important vulnerability. Successful exploitation could lead to memory leak. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2024-20770 CVE - 2024-20770 https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Alma Linux: CVE-2024-27983: Important: nodejs:20 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/09/2024 Created 05/10/2024 Added 05/13/2024 Modified 09/18/2024 Description An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-libs alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2024-27983 CVE - 2024-27983 https://errata.almalinux.org/8/ALSA-2024-2778.html https://errata.almalinux.org/8/ALSA-2024-2780.html https://errata.almalinux.org/9/ALSA-2024-2779.html https://errata.almalinux.org/9/ALSA-2024-2853.html https://errata.almalinux.org/9/ALSA-2024-2910.html

Microsoft Windows: CVE-2024-26242: Windows Telephony Server Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Windows Telephony Server Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26242 CVE - 2024-26242 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-28905: Microsoft Brokering File System Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 08/13/2024 Description Microsoft Brokering File System Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-28905 CVE - 2024-28905 https://support.microsoft.com/help/5036910

Microsoft Windows: CVE-2024-26244: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 msft-kb5036922-1b6c2afa-24b1-40e8-bc07-9cb3aaf3e493 msft-kb5036950-1619240b-73e4-49a5-9412-39489e0e1cb4 msft-kb5036950-aeb7362d-f252-4046-a3e1-7ead5d01e242 References https://attackerkb.com/topics/cve-2024-26244 CVE - 2024-26244 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

Microsoft Windows: CVE-2024-28903: Secure Boot Security Feature Bypass Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 04/09/2024 Created 04/10/2024 Added 04/09/2024 Modified 09/06/2024 Description Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5036925 microsoft-windows-windows_10-1607-kb5036899 microsoft-windows-windows_10-1809-kb5036896 microsoft-windows-windows_10-21h2-kb5036892 microsoft-windows-windows_10-22h2-kb5036892 microsoft-windows-windows_11-21h2-kb5036894 microsoft-windows-windows_11-22h2-kb5036893 microsoft-windows-windows_11-23h2-kb5036893 microsoft-windows-windows_server_2012-kb5036969 microsoft-windows-windows_server_2012_r2-kb5036960 microsoft-windows-windows_server_2016-1607-kb5036899 microsoft-windows-windows_server_2019-1809-kb5036896 microsoft-windows-windows_server_2022-21h2-kb5036909 microsoft-windows-windows_server_2022-22h2-kb5036909 microsoft-windows-windows_server_2022-23h2-kb5036910 References https://attackerkb.com/topics/cve-2024-28903 CVE - 2024-28903 https://support.microsoft.com/help/5036892 https://support.microsoft.com/help/5036893 https://support.microsoft.com/help/5036894 https://support.microsoft.com/help/5036896 https://support.microsoft.com/help/5036899 https://support.microsoft.com/help/5036909 https://support.microsoft.com/help/5036910 https://support.microsoft.com/help/5036925 https://support.microsoft.com/help/5036960 https://support.microsoft.com/help/5036969 View more

AVideo WWBNIndex Plugin Unauthenticated RCE Disclosed 04/09/2024 Created 05/21/2024 Description This module exploits an unauthenticated remote code execution (RCE) vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the `submitIndex.php` file, where user-supplied input is passed directly to the `require()` function without proper sanitization. By exploiting this, an attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability. Author(s) Valentin Lobstein Platform Linux,PHP,Unix,Windows Architectures php, cmd Development Source Code History