ISHACK AI BOT

Microsoft Windows: CVE-2024-49104: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49104: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49104 CVE - 2024-49104 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Adobe Acrobat: CVE-2024-49530: Security updates available for Adobe Acrobat and Reader (APSB24-92) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/12/2024 Added 12/11/2024 Modified 01/20/2025 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak and application denial-of-service. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2024-49530 https://helpx.adobe.com/security/products/acrobat/apsb24-92.html CVE - 2024-49530

Microsoft Office: CVE-2024-43600: Microsoft Office Elevation of Privilege Vulnerability Severity 4 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 12/10/2024 Description Microsoft Office: CVE-2024-43600: Microsoft Office Elevation of Privilege Vulnerability Solution(s) microsoft-office_2016-kb5002661 References https://attackerkb.com/topics/cve-2024-43600 CVE - 2024-43600 https://support.microsoft.com/help/5002661

Cleo VLTrader: CVE-2024-55956: Unauthenticated Remote Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/24/2024 Added 12/23/2024 Modified 12/24/2024 Description In Cleo VLTrader, up to version 5.8.0.24, there is an unauthenticated malicious hosts vulnerability that could lead to remote execution. Solution(s) cleo-vltrader-upgrade-cve-2024-55956-remote References https://attackerkb.com/topics/cve-2024-55956 CVE - 2024-55956 https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956

Microsoft Windows: CVE-2024-49098: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49098: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49098 CVE - 2024-49098 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685

Atlassian Bitbucket (CVE-2024-4067): DoS (Denial of Service) in Bitbucket Data Center Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/10/2024 Created 12/17/2024 Added 12/13/2024 Modified 12/13/2024 Description This High severity DoS (Denial of Service) vulnerability was introduced in versions 8.9.0, 8.19.0, and 9.3.0 of Bitbucket Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Bitbucket Data Center 8.9: Upgrade to a release greater than or equal to 8.9.22 * Bitbucket Data Center 8.19: Upgrade to a release greater than or equal to 8.19.12 * Bitbucket Data Center 9.3: Upgrade to a release greater than or equal to 9.3.2 * Bitbucket Data Center 9.4: Upgrade to a release greater than or equal to 9.4.0 See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was reported via our Atlassian (Internal) program. Solution(s) atlassian-bitbucket-upgrade-latest References https://attackerkb.com/topics/cve-2024-4067 CVE - 2024-4067 https://jira.atlassian.com/browse/BSERV-19751

Microsoft Windows: CVE-2024-49087: Windows Mobile Broadband Driver Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49087: Windows Mobile Broadband Driver Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49087 CVE - 2024-49087 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685

Microsoft Windows: CVE-2024-49072: Windows Task Scheduler Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49072: Windows Task Scheduler Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49072 CVE - 2024-49072 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Microsoft Windows: CVE-2024-49107: WmsRepair Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49107: WmsRepair Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49107 CVE - 2024-49107 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048703 View more

Microsoft Windows: CVE-2024-49123: Windows Remote Desktop Services Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49123: Windows Remote Desktop Services Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49123 CVE - 2024-49123 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685 View more

Microsoft Windows: CVE-2024-49096: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49096: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49096 CVE - 2024-49096 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Microsoft Windows: CVE-2024-49092: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49092: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49092 CVE - 2024-49092 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685

Microsoft Windows: CVE-2024-49089: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49089: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49089 CVE - 2024-49089 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Microsoft Windows: CVE-2024-49112: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49112: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49112 CVE - 2024-49112 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Red Hat JBossEAP: HTTP Request/Response Smuggling (CVE-2024-12397) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 12/10/2024 Created 12/24/2024 Added 12/20/2024 Modified 12/20/2024 Description A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.. A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-12397 CVE - 2024-12397 https://access.redhat.com/security/cve/CVE-2024-12397 https://bugzilla.redhat.com/show_bug.cgi?id=2331298

Microsoft Windows: CVE-2024-49076: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49076: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49076 CVE - 2024-49076 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685 View more

Microsoft Windows: CVE-2024-49132: Windows Remote Desktop Services Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49132: Windows Remote Desktop Services Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49132 CVE - 2024-49132 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685 View more

Microsoft Office: CVE-2024-49065: Microsoft Office Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 12/10/2024 Description Microsoft Office: CVE-2024-49065: Microsoft Office Remote Code Execution Vulnerability Solution(s) microsoft-word_2016-kb5002661 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-49065 CVE - 2024-49065 https://support.microsoft.com/help/5002661

Atlassian Bitbucket (CVE-2024-38816): org.springframework:spring-webmvc Dependency in Bitbucket Data Center and Server Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/10/2024 Created 12/17/2024 Added 12/13/2024 Modified 12/13/2024 Description This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 of Bitbucket Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.21 * Bitbucket Data Center and Server 8.19: Upgrade to a release greater than or equal to 8.19.11 * Bitbucket Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.0 See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). The National Vulnerability Database provides the following description for this vulnerability: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: *the web application uses RouterFunctions to serve static resources *resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: *theSpring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use *the application runs on Tomcat or Jetty Solution(s) atlassian-bitbucket-upgrade-latest References https://attackerkb.com/topics/cve-2024-38816 CVE - 2024-38816 https://jira.atlassian.com/browse/BSERV-19735

Microsoft Windows: CVE-2024-49101: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49101: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49101 CVE - 2024-49101 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685

Microsoft SharePoint: CVE-2024-49070: Microsoft SharePoint Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/14/2025 Description Microsoft SharePoint: CVE-2024-49070: Microsoft SharePoint Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002544 microsoft-sharepoint-sharepoint_2016-kb5002659 microsoft-sharepoint-sharepoint_2019-kb5002657 microsoft-sharepoint-sharepoint_2019-kb5002664 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002658 References https://attackerkb.com/topics/cve-2024-49070 CVE - 2024-49070 https://support.microsoft.com/help/5002544 https://support.microsoft.com/help/5002657 https://support.microsoft.com/help/5002658 https://support.microsoft.com/help/5002659 https://support.microsoft.com/help/5002664

FreeBSD: VID-AEEE5EBD-356C-49C1-8959-7C88981DE5FD (CVE-2024-12381): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-12381

Adobe Animate: CVE-2024-53953: Security updates available for Adobe Animate (APSB24-96) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/12/2024 Added 12/11/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical vulnerabilities. Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-53953 CVE - 2024-53953 https://helpx.adobe.com/security/products/animate/apsb24-96.html

Microsoft Windows: CVE-2024-49110: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49110: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49110 CVE - 2024-49110 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685

Ivanti Pulse Connect Secure: December 2024 Security Advisory Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) (Multiple CVEs) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 12/10/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not Applicable to the 9.1Rx code train). Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_3 References https://attackerkb.com/topics/cve-2024-11634 CVE - 2024-11634 https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US