ISHACK AI BOT

Debian: CVE-2024-11112: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/28/2025 Description Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-11112 CVE - 2024-11112 DSA-5817-1

Microsoft Windows: CVE-2024-43642: Windows SMB Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43642: Windows SMB Denial of Service Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5046633 microsoft-windows-windows_11-23h2-kb5046633 microsoft-windows-windows_11-24h2-kb5046617 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43642 CVE - 2024-43642 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046633 https://support.microsoft.com/help/5046696

MFSA2025-04 Thunderbird: Security Vulnerabilities fixed in Thunderbird 134 (CVE-2024-50336) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 12/13/2024 Added 12/12/2024 Modified 02/14/2025 Description matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1. Solution(s) mozilla-thunderbird-upgrade-134_0 References https://attackerkb.com/topics/cve-2024-50336 CVE - 2024-50336 http://www.mozilla.org/security/announce/2025/mfsa2025-04.html

Microsoft Office: CVE-2024-49027: Microsoft Excel Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft Office: CVE-2024-49027: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002653 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-49027 CVE - 2024-49027 https://support.microsoft.com/help/5002653

Microsoft Windows: CVE-2024-43639: Windows KDC Proxy Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43639: Windows KDC Proxy Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5046697 microsoft-windows-windows_server_2012_r2-kb5046682 microsoft-windows-windows_server_2016-1607-kb5046612 microsoft-windows-windows_server_2019-1809-kb5046615 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43639 CVE - 2024-43639 https://support.microsoft.com/help/5046612 https://support.microsoft.com/help/5046615 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046682 https://support.microsoft.com/help/5046696 https://support.microsoft.com/help/5046697 View more

IBM WebSphere Application Server: CVE-2024-45087: Vulnerability to cross-site scripting Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 01/28/2025 Description IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Solution(s) ibm-was-install-8-5-0-0-ph62952 ibm-was-install-9-0-0-0-ph62952 ibm-was-upgrade-8-5-0-0-8-5-5-27 ibm-was-upgrade-9-0-0-0-9-0-5-22 References https://attackerkb.com/topics/cve-2024-45087 CVE - 2024-45087 https://www.ibm.com/support/pages/node/7175393

Fortinet FortiOS: Missing Authentication for Critical Function (CVE-2024-26011) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 12/17/2024 Added 12/16/2024 Modified 01/28/2025 Description A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets. Solution(s) fortios-upgrade-7_0_15 fortios-upgrade-7_2_8 fortios-upgrade-7_4_4 References https://attackerkb.com/topics/cve-2024-26011 CVE - 2024-26011 https://fortiguard.fortinet.com/psirt/FG-IR-24-032

Adobe Illustrator: CVE-2024-47450: Security updates available for Adobe Illustrator (APSB24-87) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-47450 CVE - 2024-47450 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

Adobe Illustrator: CVE-2024-47456: Security updates available for Adobe Illustrator (APSB24-87) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-47456 CVE - 2024-47456 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

Adobe Illustrator: CVE-2024-47454: Security updates available for Adobe Illustrator (APSB24-87) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-47454 CVE - 2024-47454 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

Microsoft Windows: CVE-2024-43629: Windows DWM Core Library Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43629: Windows DWM Core Library Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5046615 microsoft-windows-windows_10-21h2-kb5046613 microsoft-windows-windows_10-22h2-kb5046613 microsoft-windows-windows_11-22h2-kb5046633 microsoft-windows-windows_11-23h2-kb5046633 microsoft-windows-windows_11-24h2-kb5046617 microsoft-windows-windows_server_2019-1809-kb5046615 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43629 CVE - 2024-43629 https://support.microsoft.com/help/5046613 https://support.microsoft.com/help/5046615 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046633 https://support.microsoft.com/help/5046696 View more

Microsoft Windows: CVE-2024-43626: Windows Telephony Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43626: Windows Telephony Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5046665 microsoft-windows-windows_10-1607-kb5046612 microsoft-windows-windows_10-1809-kb5046615 microsoft-windows-windows_10-21h2-kb5046613 microsoft-windows-windows_10-22h2-kb5046613 microsoft-windows-windows_11-22h2-kb5046633 microsoft-windows-windows_11-23h2-kb5046633 microsoft-windows-windows_11-24h2-kb5046617 microsoft-windows-windows_server_2012-kb5046697 microsoft-windows-windows_server_2012_r2-kb5046682 microsoft-windows-windows_server_2016-1607-kb5046612 microsoft-windows-windows_server_2019-1809-kb5046615 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43626 CVE - 2024-43626 https://support.microsoft.com/help/5046612 https://support.microsoft.com/help/5046613 https://support.microsoft.com/help/5046615 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046633 https://support.microsoft.com/help/5046665 https://support.microsoft.com/help/5046682 https://support.microsoft.com/help/5046696 https://support.microsoft.com/help/5046697 View more

Microsoft Windows: CVE-2024-43625: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43625: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5046633 microsoft-windows-windows_11-23h2-kb5046633 microsoft-windows-windows_11-24h2-kb5046617 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43625 CVE - 2024-43625 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046633 https://support.microsoft.com/help/5046696

Microsoft Windows: CVE-2024-43622: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43622: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5046665 microsoft-windows-windows_10-1607-kb5046612 microsoft-windows-windows_10-1809-kb5046615 microsoft-windows-windows_10-21h2-kb5046613 microsoft-windows-windows_10-22h2-kb5046613 microsoft-windows-windows_11-22h2-kb5046633 microsoft-windows-windows_11-23h2-kb5046633 microsoft-windows-windows_11-24h2-kb5046617 microsoft-windows-windows_server_2012-kb5046697 microsoft-windows-windows_server_2012_r2-kb5046682 microsoft-windows-windows_server_2016-1607-kb5046612 microsoft-windows-windows_server_2019-1809-kb5046615 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43622 CVE - 2024-43622 https://support.microsoft.com/help/5046612 https://support.microsoft.com/help/5046613 https://support.microsoft.com/help/5046615 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046633 https://support.microsoft.com/help/5046665 https://support.microsoft.com/help/5046682 https://support.microsoft.com/help/5046696 https://support.microsoft.com/help/5046697 View more

Ubuntu: USN-7218-1 (CVE-2024-11168): Python vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 01/24/2025 Added 01/23/2025 Modified 01/23/2025 Description The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. Solution(s) ubuntu-upgrade-python3-10 ubuntu-upgrade-python3-10-minimal ubuntu-upgrade-python3-8 ubuntu-upgrade-python3-8-minimal References https://attackerkb.com/topics/cve-2024-11168 CVE - 2024-11168 USN-7218-1

Microsoft Windows: CVE-2024-43620: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43620: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5046665 microsoft-windows-windows_10-1607-kb5046612 microsoft-windows-windows_10-1809-kb5046615 microsoft-windows-windows_10-21h2-kb5046613 microsoft-windows-windows_10-22h2-kb5046613 microsoft-windows-windows_11-22h2-kb5046633 microsoft-windows-windows_11-23h2-kb5046633 microsoft-windows-windows_11-24h2-kb5046617 microsoft-windows-windows_server_2012-kb5046697 microsoft-windows-windows_server_2012_r2-kb5046682 microsoft-windows-windows_server_2016-1607-kb5046612 microsoft-windows-windows_server_2019-1809-kb5046615 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43620 CVE - 2024-43620 https://support.microsoft.com/help/5046612 https://support.microsoft.com/help/5046613 https://support.microsoft.com/help/5046615 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046633 https://support.microsoft.com/help/5046665 https://support.microsoft.com/help/5046682 https://support.microsoft.com/help/5046696 https://support.microsoft.com/help/5046697 View more

SUSE: CVE-2024-11168: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 01/04/2025 Added 01/03/2025 Modified 01/14/2025 Description The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. Solution(s) suse-upgrade-libpython2_7-1_0 suse-upgrade-libpython2_7-1_0-32bit suse-upgrade-libpython3_10-1_0 suse-upgrade-libpython3_10-1_0-32bit suse-upgrade-libpython3_4m1_0 suse-upgrade-libpython3_4m1_0-32bit suse-upgrade-libpython3_6m1_0 suse-upgrade-libpython3_6m1_0-32bit suse-upgrade-libpython3_9-1_0 suse-upgrade-libpython3_9-1_0-32bit suse-upgrade-python suse-upgrade-python-32bit suse-upgrade-python-base suse-upgrade-python-base-32bit suse-upgrade-python-curses suse-upgrade-python-demo suse-upgrade-python-devel suse-upgrade-python-doc suse-upgrade-python-doc-pdf suse-upgrade-python-gdbm suse-upgrade-python-idle suse-upgrade-python-tk suse-upgrade-python-xml suse-upgrade-python3 suse-upgrade-python3-base suse-upgrade-python3-curses suse-upgrade-python3-dbm suse-upgrade-python3-devel suse-upgrade-python3-doc suse-upgrade-python3-doc-devhelp suse-upgrade-python3-idle suse-upgrade-python3-testsuite suse-upgrade-python3-tk suse-upgrade-python3-tools suse-upgrade-python310 suse-upgrade-python310-32bit suse-upgrade-python310-base suse-upgrade-python310-base-32bit suse-upgrade-python310-curses suse-upgrade-python310-dbm suse-upgrade-python310-devel suse-upgrade-python310-doc suse-upgrade-python310-doc-devhelp suse-upgrade-python310-idle suse-upgrade-python310-testsuite suse-upgrade-python310-tk suse-upgrade-python310-tools suse-upgrade-python36 suse-upgrade-python36-base suse-upgrade-python39 suse-upgrade-python39-32bit suse-upgrade-python39-base suse-upgrade-python39-base-32bit suse-upgrade-python39-curses suse-upgrade-python39-dbm suse-upgrade-python39-devel suse-upgrade-python39-doc suse-upgrade-python39-doc-devhelp suse-upgrade-python39-idle suse-upgrade-python39-testsuite suse-upgrade-python39-tk suse-upgrade-python39-tools References https://attackerkb.com/topics/cve-2024-11168 CVE - 2024-11168

Ubuntu: USN-7204-1 (CVE-2024-49393): NeoMutt vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/12/2024 Created 01/17/2025 Added 01/16/2025 Modified 01/28/2025 Description In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. Solution(s) ubuntu-pro-upgrade-neomutt References https://attackerkb.com/topics/cve-2024-49393 CVE - 2024-49393 USN-7204-1

MFSA2024-62 Thunderbird: Security Vulnerabilities fixed in Thunderbird 132.0.1 (CVE-2024-11159) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 11/12/2024 Created 11/15/2024 Added 11/14/2024 Modified 02/14/2025 Description Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. Solution(s) mozilla-thunderbird-upgrade-132_0_1 References https://attackerkb.com/topics/cve-2024-11159 CVE - 2024-11159 http://www.mozilla.org/security/announce/2024/mfsa2024-62.html

Microsoft Windows: CVE-2024-43447: Windows SMBv3 Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43447: Windows SMBv3 Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 References https://attackerkb.com/topics/cve-2024-43447 CVE - 2024-43447 https://support.microsoft.com/help/5046616

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 11/12/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r3 References https://attackerkb.com/topics/cve-2024-8539 CVE - 2024-8539 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/12/2024 Created 11/15/2024 Added 11/14/2024 Modified 02/12/2025 Description A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_3 References https://attackerkb.com/topics/cve-2024-47907 CVE - 2024-47907 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Microsoft Edge Chromium: CVE-2024-11110 Inappropriate implementation in Blink Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 11/12/2024 Created 11/16/2024 Added 11/15/2024 Modified 01/28/2025 Description Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-11110 CVE - 2024-11110 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-11110

Microsoft Windows: CVE-2024-43644: Windows Client-Side Caching Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-43644: Windows Client-Side Caching Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5046665 microsoft-windows-windows_10-1607-kb5046612 microsoft-windows-windows_10-1809-kb5046615 microsoft-windows-windows_10-21h2-kb5046613 microsoft-windows-windows_10-22h2-kb5046613 microsoft-windows-windows_11-22h2-kb5046633 microsoft-windows-windows_11-23h2-kb5046633 microsoft-windows-windows_11-24h2-kb5046617 microsoft-windows-windows_server_2012-kb5046697 microsoft-windows-windows_server_2012_r2-kb5046682 microsoft-windows-windows_server_2016-1607-kb5046612 microsoft-windows-windows_server_2019-1809-kb5046615 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-43644 CVE - 2024-43644 https://support.microsoft.com/help/5046612 https://support.microsoft.com/help/5046613 https://support.microsoft.com/help/5046615 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046633 https://support.microsoft.com/help/5046665 https://support.microsoft.com/help/5046682 https://support.microsoft.com/help/5046696 https://support.microsoft.com/help/5046697 View more

Adobe Illustrator: CVE-2024-45114: Security updates available for Adobe Illustrator (APSB24-87) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-45114 CVE - 2024-45114 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html