ISHACK AI BOT

Fortinet FortiManager: Missing Authentication for Critical Function (CVE-2024-26011) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 12/19/2024 Added 12/17/2024 Modified 01/28/2025 Description A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets. Solution(s) fortinet-fortimanager-upgrade-6_4_15 fortinet-fortimanager-upgrade-7_0_12 fortinet-fortimanager-upgrade-7_2_5 fortinet-fortimanager-upgrade-7_4_3 References https://attackerkb.com/topics/cve-2024-26011 CVE - 2024-26011 https://fortiguard.fortinet.com/psirt/FG-IR-24-032

Adobe Illustrator: CVE-2024-47452: Security updates available for Adobe Illustrator (APSB24-87) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-47452 CVE - 2024-47452 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

Microsoft Windows: CVE-2024-49019: Active Directory Certificate Services Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 12/10/2024 Description Microsoft Windows: CVE-2024-49019: Active Directory Certificate Services Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5046697 microsoft-windows-windows_server_2012_r2-kb5046682 microsoft-windows-windows_server_2016-1607-kb5046612 microsoft-windows-windows_server_2019-1809-kb5046615 microsoft-windows-windows_server_2022-21h2-kb5046616 microsoft-windows-windows_server_2022-22h2-kb5046616 microsoft-windows-windows_server_2022-23h2-kb5046618 microsoft-windows-windows_server_2025-24h2-kb5046617 microsoft-windows-windows_server_2025-24h2-kb5046696 References https://attackerkb.com/topics/cve-2024-49019 CVE - 2024-49019 https://support.microsoft.com/help/5046612 https://support.microsoft.com/help/5046615 https://support.microsoft.com/help/5046616 https://support.microsoft.com/help/5046617 https://support.microsoft.com/help/5046618 https://support.microsoft.com/help/5046682 https://support.microsoft.com/help/5046696 https://support.microsoft.com/help/5046697 View more

FreeBSD: VID-8FE4F296-A3EC-11EF-8C1C-A8A1599412C6 (CVE-2024-11111): chromium -- multiple security fixes Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/12/2024 Created 11/19/2024 Added 11/17/2024 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-11111

Alma Linux: CVE-2024-43498: Important: .NET 9.0 security update (ALSA-2024-9543) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/21/2024 Added 11/20/2024 Modified 01/28/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-9.0 alma-upgrade-aspnetcore-runtime-dbg-9.0 alma-upgrade-aspnetcore-targeting-pack-9.0 alma-upgrade-dotnet-apphost-pack-9.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-9.0 alma-upgrade-dotnet-runtime-9.0 alma-upgrade-dotnet-runtime-dbg-9.0 alma-upgrade-dotnet-sdk-9.0 alma-upgrade-dotnet-sdk-9.0-source-built-artifacts alma-upgrade-dotnet-sdk-aot-9.0 alma-upgrade-dotnet-sdk-dbg-9.0 alma-upgrade-dotnet-targeting-pack-9.0 alma-upgrade-dotnet-templates-9.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2024-43498 CVE - 2024-43498 https://errata.almalinux.org/9/ALSA-2024-9543.html

Gentoo Linux: CVE-2024-49369: icinga2: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. Solution(s) gentoo-linux-upgrade-net-analyzer-icinga2 References https://attackerkb.com/topics/cve-2024-49369 CVE - 2024-49369 202412-08

Alma Linux: CVE-2024-11168: Moderate: python3:3.6.8 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 12/07/2024 Added 12/06/2024 Modified 12/24/2024 Description The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. Solution(s) alma-upgrade-platform-python alma-upgrade-platform-python-debug alma-upgrade-platform-python-devel alma-upgrade-python-unversioned-command alma-upgrade-python3 alma-upgrade-python3-debug alma-upgrade-python3-devel alma-upgrade-python3-idle alma-upgrade-python3-libs alma-upgrade-python3-test alma-upgrade-python3-tkinter References https://attackerkb.com/topics/cve-2024-11168 CVE - 2024-11168 https://errata.almalinux.org/8/ALSA-2024-10779.html https://errata.almalinux.org/9/ALSA-2024-10983.html

Fortinet FortiOS: Session Fixation (CVE-2023-50176) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 12/17/2024 Added 12/16/2024 Modified 01/28/2025 Description A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link. Solution(s) fortios-upgrade-7_0_14 fortios-upgrade-7_2_8 fortios-upgrade-7_4_4 References https://attackerkb.com/topics/cve-2023-50176 CVE - 2023-50176 https://fortiguard.fortinet.com/psirt/FG-IR-23-475

Microsoft Exchange: CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft Exchange: CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability Solution(s) microsoft-exchange-exchange_server_2016_CU23-kb5044062 microsoft-exchange-exchange_server_2019_CU13-kb5044062 microsoft-exchange-exchange_server_2019_CU14-kb5044062 References https://attackerkb.com/topics/cve-2024-49040 CVE - 2024-49040 https://support.microsoft.com/help/5044062

Fortinet FortiManager: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2024-32116) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 02/05/2025 Added 02/02/2025 Modified 02/05/2025 Description Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. Solution(s) fortinet-fortimanager-upgrade-7_2_6 fortinet-fortimanager-upgrade-7_4_3 References https://attackerkb.com/topics/cve-2024-32116 CVE - 2024-32116 https://fortiguard.fortinet.com/psirt/FG-IR-24-099

Fortinet FortiManager: Out-of-bounds Write (CVE-2024-31496) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 02/05/2025 Added 02/02/2025 Modified 02/05/2025 Description A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. Solution(s) fortinet-fortimanager-upgrade-7_2_6 fortinet-fortimanager-upgrade-7_4_3 References https://attackerkb.com/topics/cve-2024-31496 CVE - 2024-31496 https://fortiguard.fortinet.com/psirt/FG-IR-24-098

Microsoft Edge Chromium: CVE-2024-11117 Inappropriate implementation in FileSystem Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/12/2024 Created 11/16/2024 Added 11/15/2024 Modified 01/28/2025 Description Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-11117 CVE - 2024-11117 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-11117

Microsoft Office: CVE-2024-49032: Microsoft Office Graphics Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft Office: CVE-2024-49032: Microsoft Office Graphics Remote Code Execution Vulnerability Solution(s) microsoft-office_2016-kb5002642 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-49032 CVE - 2024-49032 https://support.microsoft.com/help/5002642

Microsoft Office: CVE-2024-49033: Microsoft Word Security Feature Bypass Vulnerability Severity 4 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft Office: CVE-2024-49033: Microsoft Word Security Feature Bypass Vulnerability Solution(s) microsoft-word_2016-kb5002619 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-49033 CVE - 2024-49033 https://support.microsoft.com/help/5002619

Microsoft Office: CVE-2024-49030: Microsoft Excel Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft Office: CVE-2024-49030: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002653 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-49030 CVE - 2024-49030 https://support.microsoft.com/help/5002653

Microsoft CVE-2024-49002: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49002: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49002 CVE - 2024-49002 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49008: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49008: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49008 CVE - 2024-49008 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49003: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49003: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49003 CVE - 2024-49003 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49017: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49017: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49017 CVE - 2024-49017 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49006: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49006: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49006 CVE - 2024-49006 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-48999: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-48999: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-48999 CVE - 2024-48999 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-48997: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-48997: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-48997 CVE - 2024-48997 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-48993: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-48993: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-48993 CVE - 2024-48993 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49013: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49013: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49013 CVE - 2024-49013 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49014: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49014: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49014 CVE - 2024-49014 5046855 5046856 5046857 5046858 5046859 5046860 View more