ISHACK AI BOT

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 11/13/2024 Created 11/15/2024 Added 11/14/2024 Modified 02/12/2025 Description Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_2 pulse-secure-pulse-connect-secure-upgrade-9_1r18_9 References https://attackerkb.com/topics/cve-2024-38656 CVE - 2024-38656 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 11/13/2024 Created 11/15/2024 Added 11/14/2024 Modified 02/12/2025 Description Argument injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_1 References https://attackerkb.com/topics/cve-2024-38655 CVE - 2024-38655 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Google Chrome Vulnerability: CVE-2024-11117 Inappropriate implementation in FileSystem Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/13/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-11117 CVE - 2024-11117

OS X update for ASP TCP (CVE-2024-44306) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/14/2024 Created 11/15/2024 Added 11/14/2024 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-14_6 References https://attackerkb.com/topics/cve-2024-44306 CVE - 2024-44306 https://support.apple.com/en-us/120911

Alma Linux: CVE-2024-10978: Important: postgresql:12 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/14/2024 Created 12/07/2024 Added 12/06/2024 Modified 12/11/2024 Description Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature.The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker.If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION.The attacker does not control which incorrect user ID applies.Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. Solution(s) alma-upgrade-pg_repack alma-upgrade-pgaudit alma-upgrade-pgvector alma-upgrade-postgres-decoderbufs alma-upgrade-postgresql alma-upgrade-postgresql-contrib alma-upgrade-postgresql-docs alma-upgrade-postgresql-plperl alma-upgrade-postgresql-plpython3 alma-upgrade-postgresql-pltcl alma-upgrade-postgresql-private-devel alma-upgrade-postgresql-private-libs alma-upgrade-postgresql-server alma-upgrade-postgresql-server-devel alma-upgrade-postgresql-static alma-upgrade-postgresql-test alma-upgrade-postgresql-test-rpm-macros alma-upgrade-postgresql-upgrade alma-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2024-10978 CVE - 2024-10978 https://errata.almalinux.org/8/ALSA-2024-10785.html https://errata.almalinux.org/8/ALSA-2024-10830.html https://errata.almalinux.org/8/ALSA-2024-10831.html https://errata.almalinux.org/8/ALSA-2024-10832.html https://errata.almalinux.org/9/ALSA-2024-10787.html https://errata.almalinux.org/9/ALSA-2024-10788.html https://errata.almalinux.org/9/ALSA-2024-10791.html View more

Ubuntu: USN-7149-1 (CVE-2024-21853): Intel Microcode vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 12/12/2024 Added 12/11/2024 Modified 12/11/2024 Description Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access. Solution(s) ubuntu-pro-upgrade-intel-microcode References https://attackerkb.com/topics/cve-2024-21853 CVE - 2024-21853 USN-7149-1

PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 01/08/2025 Added 01/07/2025 Modified 01/07/2025 Description An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate." Solution(s) palo-alto-networks-pan-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-5918 CVE - 2024-5918 https://security.paloaltonetworks.com/CVE-2024-5918

Debian: CVE-2024-21820: intel-microcode -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 12/28/2024 Added 12/27/2024 Modified 12/27/2024 Description Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) debian-upgrade-intel-microcode References https://attackerkb.com/topics/cve-2024-21820 CVE - 2024-21820 DLA-4002-1

PAN-OS: Server-Side Request Forgery in WildFire Severity 6 CVSS (AV:N/AC:L/Au:M/C:C/I:N/A:N) Published 11/13/2024 Created 01/08/2025 Added 01/07/2025 Modified 01/27/2025 Description A server-side request forgery in PAN-OS software enables an authenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. Solution(s) palo-alto-networks-pan-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-5917 CVE - 2024-5917 https://security.paloaltonetworks.com/CVE-2024-5917

Debian: CVE-2024-51996: symfony -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 11/19/2024 Added 11/18/2024 Modified 11/18/2024 Description Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8. Solution(s) debian-upgrade-symfony References https://attackerkb.com/topics/cve-2024-51996 CVE - 2024-51996 DSA-5813-1

PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 11/15/2024 Added 11/14/2024 Modified 01/08/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2024-11159: Important: thunderbird security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 11/13/2024 Created 12/07/2024 Added 12/06/2024 Modified 01/28/2025 Description Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. Solution(s) alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-11159 CVE - 2024-11159 https://errata.almalinux.org/8/ALSA-2024-10591.html https://errata.almalinux.org/9/ALSA-2024-10592.html

FreeBSD: VID-1EB4D32C-A245-11EF-998C-2CF05DA270F3 (CVE-2024-8648): Gitlab -- vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/13/2024 Created 11/16/2024 Added 11/15/2024 Modified 01/28/2025 Description An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-8648

Google Chrome Vulnerability: CVE-2024-11114 Inappropriate implementation in Views Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 11/13/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-11114 CVE - 2024-11114

Google Chrome Vulnerability: CVE-2024-11115 Insufficient policy enforcement in Navigation Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/13/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-11115 CVE - 2024-11115

Google Chrome Vulnerability: CVE-2024-11111 Inappropriate implementation in Autofill Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/13/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-11111 CVE - 2024-11111

Amazon Linux AMI 2: CVE-2024-21853: Security patch for microcode_ctl (ALAS-2024-2682) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access. Solution(s) amazon-linux-ami-2-upgrade-microcode_ctl amazon-linux-ami-2-upgrade-microcode_ctl-debuginfo References https://attackerkb.com/topics/cve-2024-21853 AL2/ALAS-2024-2682 CVE - 2024-21853

Amazon Linux AMI 2: CVE-2024-23918: Security patch for microcode_ctl (ALAS-2024-2682) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) amazon-linux-ami-2-upgrade-microcode_ctl amazon-linux-ami-2-upgrade-microcode_ctl-debuginfo References https://attackerkb.com/topics/cve-2024-23918 AL2/ALAS-2024-2682 CVE - 2024-23918

Amazon Linux AMI 2: CVE-2024-21820: Security patch for microcode_ctl (ALAS-2024-2682) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) amazon-linux-ami-2-upgrade-microcode_ctl amazon-linux-ami-2-upgrade-microcode_ctl-debuginfo References https://attackerkb.com/topics/cve-2024-21820 AL2/ALAS-2024-2682 CVE - 2024-21820

Oracle Linux: CVE-2024-11159: ELSA-2024-10592:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 11/13/2024 Created 12/10/2024 Added 12/03/2024 Modified 01/07/2025 Description Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird &lt; 128.4.3 and Thunderbird &lt; 132.0.1. The Mozilla Foundation Security Advisory describes this flaw as: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. Solution(s) oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-11159 CVE - 2024-11159 ELSA-2024-10592 ELSA-2024-10591

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 11/15/2024 Added 11/14/2024 Modified 01/08/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2024-4741: Low: openssl security update (ALSA-2024-9333) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 11/22/2024 Added 11/21/2024 Modified 11/21/2024 Description Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741 https://errata.almalinux.org/9/ALSA-2024-9333.html

PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 11/15/2024 Added 11/14/2024 Modified 01/08/2025 Description Deprecated Solution(s)

PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2024 Created 11/15/2024 Added 11/14/2024 Modified 01/08/2025 Description Deprecated Solution(s)

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 11/13/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_2 References https://attackerkb.com/topics/cve-2024-29211 CVE - 2024-29211 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US