ISHACK AI BOT

Microsoft Edge Chromium: CVE-2024-11115 Insufficient policy enforcement in Navigation Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/16/2024 Added 11/15/2024 Modified 01/28/2025 Description Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-11115 CVE - 2024-11115 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-11115

Ubuntu: USN-7105-1 (CVE-2024-43498): .NET vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/14/2024 Added 11/13/2024 Modified 01/28/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-9-0 ubuntu-upgrade-dotnet-host-9-0 ubuntu-upgrade-dotnet-hostfxr-9-0 ubuntu-upgrade-dotnet-runtime-9-0 ubuntu-upgrade-dotnet-sdk-9-0 ubuntu-upgrade-dotnet-sdk-aot-9-0 ubuntu-upgrade-dotnet9 References https://attackerkb.com/topics/cve-2024-43498 CVE - 2024-43498 USN-7105-1

Microsoft CVE-2024-49043: Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49043: Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 msft-kb5046861-7420684b-b6db-4402-b359-9f6356769e82-x64 msft-kb5046862-ac493942-0d6e-4e59-a7ea-9c20b55dccb2-x64 References https://attackerkb.com/topics/cve-2024-49043 CVE - 2024-49043 5046855 5046856 5046857 5046858 5046859 5046860 5046861 5046862 View more

Alma Linux: CVE-2024-43499: Important: .NET 9.0 security update (ALSA-2024-9543) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/12/2024 Created 11/21/2024 Added 11/20/2024 Modified 01/28/2025 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-9.0 alma-upgrade-aspnetcore-runtime-dbg-9.0 alma-upgrade-aspnetcore-targeting-pack-9.0 alma-upgrade-dotnet-apphost-pack-9.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-9.0 alma-upgrade-dotnet-runtime-9.0 alma-upgrade-dotnet-runtime-dbg-9.0 alma-upgrade-dotnet-sdk-9.0 alma-upgrade-dotnet-sdk-9.0-source-built-artifacts alma-upgrade-dotnet-sdk-aot-9.0 alma-upgrade-dotnet-sdk-dbg-9.0 alma-upgrade-dotnet-targeting-pack-9.0 alma-upgrade-dotnet-templates-9.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2024-43499 CVE - 2024-43499 https://errata.almalinux.org/9/ALSA-2024-9543.html

Red Hat: CVE-2024-43499: dotnet: .NET Core - DoS - (unbounded work factor) in NrbfDecoder component (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/12/2024 Created 11/28/2024 Added 11/27/2024 Modified 11/27/2024 Description .NET and Visual Studio Denial of Service Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-9-0 redhat-upgrade-aspnetcore-runtime-dbg-9-0 redhat-upgrade-aspnetcore-targeting-pack-9-0 redhat-upgrade-dotnet-apphost-pack-9-0 redhat-upgrade-dotnet-apphost-pack-9-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-9-0 redhat-upgrade-dotnet-hostfxr-9-0-debuginfo redhat-upgrade-dotnet-runtime-9-0 redhat-upgrade-dotnet-runtime-9-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-9-0 redhat-upgrade-dotnet-sdk-9-0 redhat-upgrade-dotnet-sdk-9-0-debuginfo redhat-upgrade-dotnet-sdk-9-0-source-built-artifacts redhat-upgrade-dotnet-sdk-aot-9-0 redhat-upgrade-dotnet-sdk-aot-9-0-debuginfo redhat-upgrade-dotnet-sdk-dbg-9-0 redhat-upgrade-dotnet-targeting-pack-9-0 redhat-upgrade-dotnet-templates-9-0 redhat-upgrade-dotnet9-0-debuginfo redhat-upgrade-dotnet9-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2024-43499 RHSA-2024:9543

Debian: CVE-2024-11079: ansible, ansible-core -- security update Severity 5 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:P) Published 11/12/2024 Created 11/19/2024 Added 11/18/2024 Modified 01/28/2025 Description A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. Solution(s) debian-upgrade-ansible debian-upgrade-ansible-core References https://attackerkb.com/topics/cve-2024-11079 CVE - 2024-11079

Debian: CVE-2024-11117: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/12/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/28/2025 Description Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-11117 CVE - 2024-11117 DSA-5817-1

Debian: CVE-2024-11168: python3.11, python3.9 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/12/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/13/2025 Description The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. Solution(s) debian-upgrade-python3-11 debian-upgrade-python3-9 References https://attackerkb.com/topics/cve-2024-11168 CVE - 2024-11168 DLA-3980-1

Debian: CVE-2024-11115: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/28/2025 Description Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-11115 CVE - 2024-11115 DSA-5817-1

Microsoft CVE-2024-49010: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49010: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49010 CVE - 2024-49010 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49016: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49016: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49016 CVE - 2024-49016 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft CVE-2024-49009: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-49009: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-49009 CVE - 2024-49009 5046855 5046856 5046857 5046858 5046859 5046860 View more

Oracle Linux: CVE-2024-43499: ELSA-2024-9543:.NET 9.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/12/2024 Created 11/23/2024 Added 11/21/2024 Modified 11/25/2024 Description .NET and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. Specifically .NET 9.0 Core - DoS - (unbounded work factor) in NrbfDecoder component Solution(s) oracle-linux-upgrade-aspnetcore-runtime-9-0 oracle-linux-upgrade-aspnetcore-runtime-dbg-9-0 oracle-linux-upgrade-aspnetcore-targeting-pack-9-0 oracle-linux-upgrade-dotnet-apphost-pack-9-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-9-0 oracle-linux-upgrade-dotnet-runtime-9-0 oracle-linux-upgrade-dotnet-runtime-dbg-9-0 oracle-linux-upgrade-dotnet-sdk-9-0 oracle-linux-upgrade-dotnet-sdk-9-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-aot-9-0 oracle-linux-upgrade-dotnet-sdk-dbg-9-0 oracle-linux-upgrade-dotnet-targeting-pack-9-0 oracle-linux-upgrade-dotnet-templates-9-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2024-43499 CVE - 2024-43499 ELSA-2024-9543

CVE-2024-49033: Microsoft Word Security Feature Bypass Vulnerability New [Office for Mac] Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 01/28/2025 Description CVE-2024-49033: Microsoft Word Security Feature Bypass Vulnerability New [Office for Mac] Solution(s) office-for-mac-upgrade-16_91_0 References https://attackerkb.com/topics/cve-2024-49033 CVE - 2024-49033 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#november-12-2024

Ubuntu: USN-7204-1 (CVE-2024-49394): NeoMutt vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/12/2024 Created 01/17/2025 Added 01/16/2025 Modified 01/28/2025 Description In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. Solution(s) ubuntu-pro-upgrade-neomutt References https://attackerkb.com/topics/cve-2024-49394 CVE - 2024-49394 USN-7204-1

Adobe Illustrator: CVE-2024-47455: Security updates available for Adobe Illustrator (APSB24-87) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-47455 CVE - 2024-47455 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

Adobe Illustrator: CVE-2024-47453: Security updates available for Adobe Illustrator (APSB24-87) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/12/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2024-47453 CVE - 2024-47453 https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

Microsoft CVE-2024-48994: SQL Server Native Client Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft CVE-2024-48994: SQL Server Native Client Remote Code Execution Vulnerability Solution(s) msft-kb5046855-da646485-f495-4248-aa8e-9e531bfb478e-x64 msft-kb5046857-d81a7e52-aa8b-4e06-9288-874b384ad072-x64 msft-kb5046858-ca49dcc2-efbc-474a-9173-9011755a2940-x64 msft-kb5046859-29715330-fc97-423c-90bb-95395877cd36-x64 msft-kb5046860-fa5d27b1-532f-4b24-94a8-deae76a2af30-x64 References https://attackerkb.com/topics/cve-2024-48994 CVE - 2024-48994 5046855 5046856 5046857 5046858 5046859 5046860 View more

Microsoft Office: CVE-2024-49026: Microsoft Excel Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/12/2024 Created 11/13/2024 Added 11/12/2024 Modified 11/12/2024 Description Microsoft Office: CVE-2024-49026: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-office_online_server-kb5002648 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-49026 CVE - 2024-49026 https://support.microsoft.com/help/5002648

Huawei EulerOS: CVE-2024-52530: libsoup security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsoup huawei-euleros-2_0_sp11-upgrade-libsoup-help References https://attackerkb.com/topics/cve-2024-52530 CVE - 2024-52530 EulerOS-SA-2025-1160

Huawei EulerOS: CVE-2024-52533: glib2 security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Solution(s) huawei-euleros-2_0_sp12-upgrade-glib2 References https://attackerkb.com/topics/cve-2024-52533 CVE - 2024-52533 EulerOS-SA-2025-1189

Ubuntu: USN-7114-1 (CVE-2024-52533): GLib vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 11/21/2024 Added 11/19/2024 Modified 11/19/2024 Description gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Solution(s) ubuntu-pro-upgrade-libglib2-0-0 ubuntu-pro-upgrade-libglib2-0-0t64 ubuntu-pro-upgrade-libglib2-0-bin References https://attackerkb.com/topics/cve-2024-52533 CVE - 2024-52533 USN-7114-1

Amazon Linux 2023: CVE-2024-52530: Important priority package update for libsoup Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/11/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Solution(s) amazon-linux-2023-upgrade-libsoup amazon-linux-2023-upgrade-libsoup-debuginfo amazon-linux-2023-upgrade-libsoup-debugsource amazon-linux-2023-upgrade-libsoup-devel amazon-linux-2023-upgrade-libsoup-doc References https://attackerkb.com/topics/cve-2024-52530 CVE - 2024-52530 https://alas.aws.amazon.com/AL2023/ALAS-2024-772.html

Debian: CVE-2024-52532: libsoup2.4, libsoup3 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 12/17/2024 Added 12/16/2024 Modified 12/16/2024 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) debian-upgrade-libsoup2-4 debian-upgrade-libsoup3 References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532 DLA-3992-1

Ubuntu: (Multiple Advisories) (CVE-2024-52532): libsoup vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/11/2024 Created 11/29/2024 Added 11/28/2024 Modified 11/28/2024 Description GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. Solution(s) ubuntu-pro-upgrade-libsoup-2-4-1 ubuntu-pro-upgrade-libsoup-3-0-0 ubuntu-pro-upgrade-libsoup2-4-1 References https://attackerkb.com/topics/cve-2024-52532 CVE - 2024-52532 USN-7126-1 USN-7127-1