ISHACK AI BOT

Microsoft CVE-2024-49011: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49011: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49011 CVE - 2024-49011 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49018: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49018: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49018 CVE - 2024-49018 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-38255: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-38255: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-38255 CVE - 2024-38255 5046855 5046856 5046857 5046858 5046859 5046860 View more

FreeBSD: VID-0A82BC4D-A129-11EF-8351-589CFC0F81B0 (CVE-2024-49369): icinga2 -- TLS Certificate Validation Bypass Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. Solution(s) freebsd-upgrade-package-icinga2 References CVE-2024-49369

Adobe Illustrator: CVE-2024-47451: Security updates available for Adobe Illustrator (APSB24-87) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-47451 CVE - 2024-47451 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

Microsoft CVE-2024-49015: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49015: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49015 CVE - 2024-49015 5046855 5046856 5046857 5046858 5046859 5046860 View more

Debian: CVE-2024-49369: icinga2 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 11/19/2024 Added 11/18/2024 Modified 11/18/2024 Description Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. Solution(s) debian-upgrade-icinga2 References https://attackerkb.com/topics/cve-2024-49369 CVE - 2024-49369 DLA-3953-1

Fortinet FortiAnalyzer: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CVE-2024-32118) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 11/12/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/30/2025 Description Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. Solution(s) fortinet-fortianalyzer-upgrade-7_2_6 fortinet-fortianalyzer-upgrade-7_4_3 References https://attackerkb.com/topics/cve-2024-32118 CVE - 2024-32118 https://fortiguard.fortinet.com/psirt/FG-IR-24-116

Fortinet FortiAnalyzer: Out-of-bounds Write (CVE-2024-33505) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests Solution(s) fortinet-fortianalyzer-upgrade-7_2_6 fortinet-fortianalyzer-upgrade-7_4_3 References https://attackerkb.com/topics/cve-2024-33505 CVE - 2024-33505 https://fortiguard.fortinet.com/psirt/FG-IR-24-125

FreeBSD: (Multiple Advisories) (CVE-2024-11116): qt6-webengine -- Multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/12/2024 Created 11/19/2024 Added 11/17/2024 Modified 01/28/2025 Description Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-11116

SUSE: CVE-2024-11110: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 11/12/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-11110 CVE - 2024-11110

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/12/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r4 References https://attackerkb.com/topics/cve-2024-7571 CVE - 2024-7571 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

SUSE: CVE-2024-11115: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 01/04/2025 Added 01/03/2025 Modified 01/28/2025 Description Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-11115 CVE - 2024-11115

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 11/12/2024 Created 11/15/2024 Added 11/14/2024 Modified 02/12/2025 Description Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_1 References https://attackerkb.com/topics/cve-2024-11006 CVE - 2024-11006 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Ivanti Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 11/12/2024 Created 11/15/2024 Added 11/14/2024 Modified 02/12/2025 Description A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_3 References https://attackerkb.com/topics/cve-2024-47905 CVE - 2024-47905 https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Red Hat: CVE-2024-43498: dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/28/2024 Added 11/27/2024 Modified 11/27/2024 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-9-0 redhat-upgrade-aspnetcore-runtime-dbg-9-0 redhat-upgrade-aspnetcore-targeting-pack-9-0 redhat-upgrade-dotnet-apphost-pack-9-0 redhat-upgrade-dotnet-apphost-pack-9-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-9-0 redhat-upgrade-dotnet-hostfxr-9-0-debuginfo redhat-upgrade-dotnet-runtime-9-0 redhat-upgrade-dotnet-runtime-9-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-9-0 redhat-upgrade-dotnet-sdk-9-0 redhat-upgrade-dotnet-sdk-9-0-debuginfo redhat-upgrade-dotnet-sdk-9-0-source-built-artifacts redhat-upgrade-dotnet-sdk-aot-9-0 redhat-upgrade-dotnet-sdk-aot-9-0-debuginfo redhat-upgrade-dotnet-sdk-dbg-9-0 redhat-upgrade-dotnet-targeting-pack-9-0 redhat-upgrade-dotnet-templates-9-0 redhat-upgrade-dotnet9-0-debuginfo redhat-upgrade-dotnet9-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2024-43498 RHSA-2024:9543

Microsoft CVE-2024-49012: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49012: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49012 CVE - 2024-49012 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49001: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49001: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49001 CVE - 2024-49001 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49000: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49000: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49000 CVE - 2024-49000 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-48998: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-48998: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-48998 CVE - 2024-48998 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-43462: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-43462: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-43462 CVE - 2024-43462 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-48995: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-48995: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-48995 CVE - 2024-48995 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49004: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49004: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49004 CVE - 2024-49004 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-43459: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-43459: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-43459 CVE - 2024-43459 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49005: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49005: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49005 CVE - 2024-49005 5046855 5046856 5046857 5046858 5046859 5046860 View more