[BESAdmin-Announcements] Content Modification: Updates for Kev Content published 2024-11-25
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Mon Nov 25 11:38:53 PST 2024
Total New Fixlets: 6
Total Updated Fixlets: 175
Total Fixlets in Site: 2750
Total CVEs Covered: 777
Release Date: 2024-11-25
New Fixlets:
34950 Apple Multiple Products Cross-Site Scripting (XSS)
Vulnerability - Mac 12+
34920 Apple Multiple Products Code Execution Vulnerability - Apple
iOS
34930 Apple Multiple Products Cross-Site Scripting (XSS)
Vulnerability - Apple iOS
34900 Apple Multiple Products Cross-Site Scripting (XSS)
Vulnerability - Any Version of MacOS
34940 Apple Multiple Products Code Execution Vulnerability - Mac 12+
34910 Apple Multiple Products Code Execution Vulnerability - Any
Version of MacOS
Updated Fixlets:
27650 PHP FastCGI Process Manager (FPM) Buffer Overflow
Vulnerability - Any Version of MacOS
32260 HTTP/2 Rapid Reset Attack Vulnerability - Windows 10
29700 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows Server 2012
13830 Microsoft Windows LSA Spoofing Vulnerability - Windows 11
34820 Microsoft Windows Task Scheduler Privilege Escalation
Vulnerability - Windows Server 2025
17930 Synacor Zimbra Collaboration (ZCS) Improper Restriction of XML
External Entity Reference - Any Version of Linux
32780 Apple Multiple Products WebKit Code Execution Vulnerability -
Ubuntu
16910 SolarWinds Serv-U Improper Input Validation Vulnerability -
Any Version of Windows
6670 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows 10
32270 Microsoft Windows Installer Improper Privilege Management
Vulnerability - Windows Server 2008 SP2
29710 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows Server 2012 R2
31760 Google Chromium V8 Type Confusion Vulnerability - Any Version
of Linux
32280 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism
Failure Vulnerability - Windows Server 2008 SP2
29720 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows Server 2016
15900 Veritas Backup Exec Agent Improper Authentication
Vulnerability - Any Version of Windows
28700 Linux Kernel Privilege Escalation Vulnerability - Ubuntu
29730 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows Server 2019
34810 Microsoft Windows NTLMv2 Hash Disclosure Spoofing
Vulnerability - Windows Server 2025
31780 Google Chromium V8 Type Confusion Vulnerability - Any Version
of MacOS
20010 Grafana Authentication Bypass Vulnerability - Any Version of
MacOS
29740 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows 10
33840 Mozilla Firefox Use-After-Free Vulnerability - Any Version of
Windows
29750 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows 8.1
33850 Mozilla Firefox Use-After-Free Vulnerability - Any Version of
Linux
30270 PHP-CGI OS Command Injection Vulnerability - Any Version of
Windows
29760 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows Server 2022
32320 Microsoft Windows Installer Improper Privilege Management
Vulnerability - Windows Server 2022
27200 Apple Multiple Products WebKit Code Execution Vulnerability -
Apple iOS
33860 Mozilla Firefox Use-After-Free Vulnerability - Any Version of
MacOS
28740 Red Hat Polkit Out-of-Bounds Read and Write Vulnerability -
Debian
32330 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism
Failure Vulnerability - Windows Server 2022
29770 Microsoft Windows Print Spooler Privilege Escalation
Vulnerability - Windows 11
31820 Linux Kernel Privilege Escalation Vulnerability - Oracle Linux
32340 HTTP/2 Rapid Reset Attack Vulnerability - Windows Server 2022
5720 Microsoft Windows LSA Spoofing Vulnerability - Windows 10
10330 Microsoft Windows LSA Spoofing Vulnerability - Windows Server
2012
33370 Apple Multiple Products WebKit Code Execution Vulnerability -
RHEL
29790 GitLab Community and Enterprise Editions Improper Access
Control Vulnerability - Any Version of Linux
13920 Microsoft Win32k Privilege Escalation Vulnerability - Windows
11
28770 Linux Kernel Use-After-Free Vulnerability - Debian
2670 Microsoft Windows LSA Spoofing Vulnerability - Windows 7 SP1
32380 Microsoft Windows Installer Improper Privilege Management
Vulnerability - Windows 11
31870 Red Hat Polkit Out-of-Bounds Read and Write Vulnerability -
Oracle Linux
33920 Veeam Backup and Replication Deserialization Vulnerability -
Any Version of Windows
32390 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism
Failure Vulnerability - Windows 11
19080 Google Chrome FreeType Heap Buffer Overflow Vulnerability -
Any Version of Linux
33930 Veeam Backup and Replication Deserialization Vulnerability -
Any Version of Linux
32400 HTTP/2 Rapid Reset Attack Vulnerability - Windows 11
16020 McAfee Total Protection (MTP) Improper Privilege Management
Vulnerability - Any Version of Windows
33940 Veeam Backup and Replication Deserialization Vulnerability -
Any Version of MacOS
13460 Microsoft Windows LSA Spoofing Vulnerability - Windows Server
2022
29850 CrushFTP VFS Sandbox Escape Vulnerability - Any Version of
Windows
17060 Google Chrome FreeType Heap Buffer Overflow Vulnerability -
Any Version of Windows
31910 Linux Kernel Use-After-Free Vulnerability - Oracle Linux
30890 Microsoft Outlook Security Feature Bypass Vulnerability -
Outlook
22700 Zoho ManageEngine ServiceDesk Plus (SDP) File Upload
Vulnerability - Any Version of Windows
30380 Linux Kernel Use-After-Free Vulnerability - Ubuntu
29870 CrushFTP VFS Sandbox Escape Vulnerability - Any Version of
Linux
14000 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows 11
30390 Linux Kernel Use-After-Free Vulnerability - Debian
27320 Samsung Mobile Devices Use-After-Free Vulnerability - Any
Version of Android
7870 Microsoft Windows LSA Spoofing Vulnerability - Windows Server
2016
18110 Grafana Authentication Bypass Vulnerability - Any Version of
Linux
30400 OSGeo GeoServer JAI-EXT Code Injection Vulnerability - Any
Operating System
32960 Apple Multiple Products WebKit Code Execution Vulnerability -
Debian
31940 Linux Kernel Use-After-Free Vulnerability - Oracle Linux
26320 Samsung Mobile Devices Improper Access Control Vulnerability -
Any Version of Android
26330 Samsung Mobile Devices Improper Input Validation Vulnerability
- Any Version of Android
26340 Samsung Mobile Devices Improper Boundary Check Vulnerability -
Any Version of Android
9960 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows Server 2012 R2
19690 TIBCO JasperReports Server Information Disclosure
Vulnerability - Any Version of MacOS
27370 Microsoft WordPad Information Disclosure Vulnerability -
Windows 10
28910 Red Hat Polkit Out-of-Bounds Read and Write Vulnerability -
RHEL
5360 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows Server 2008 SP2
30450 Linux Kernel Use-After-Free Vulnerability - SLE
27380 Microsoft WordPad Information Disclosure Vulnerability -
Windows Server 2008 SP2
13560 Microsoft Win32k Privilege Escalation Vulnerability - Windows
Server 2022
26360 Samsung Mobile Devices Out-of-Bounds Read Vulnerability - Any
Version of Android
17660 Linux Kernel Privilege Escalation Vulnerability - Any Version
of Linux
26880 Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
- Any Version of Windows
26370 Samsung Mobile Devices Unspecified Vulnerability - Any Version
of Android
28930 Linux Kernel Use-After-Free Vulnerability - RHEL
12550 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows Server 2008 R2 SP1
2310 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows 8.1
27400 Microsoft WordPad Information Disclosure Vulnerability -
Windows Server 2019
30470 Linux Kernel Use-After-Free Vulnerability - RHEL
26890 Progress WS_FTP Server Deserialization of Untrusted Data
Vulnerability - Any Version of Windows
17680 TIBCO JasperReports Server Information Disclosure
Vulnerability - Any Version of Linux
6930 Microsoft Windows LSA Spoofing Vulnerability - Windows Server
2019
27410 Microsoft WordPad Information Disclosure Vulnerability -
Windows Server 2016
26900 Ignite Realtime Openfire Path Traversal Vulnerability - Any
Version of Windows
26390 Samsung Mobile Devices Memory Corruption Vulnerability - Any
Version of Android
27420 Microsoft WordPad Information Disclosure Vulnerability -
Windows Server 2012 R2
16160 Grafana Authentication Bypass Vulnerability - Any Version of
Windows
19750 ExifTool Remote Code Execution Vulnerability - Any Version of
MacOS
27430 Microsoft WordPad Information Disclosure Vulnerability -
Windows Server 2012
14120 WinRAR Absolute Path Traversal Vulnerability - Any Version of
Windows
29480 Microsoft Windows Kernel Exposed IOCTL with Insufficient
Access Control Vulnerability - Windows Server 2019
26410 Samsung Mobile Devices Improper Access Control Vulnerability -
Any Version of Android
27440 Microsoft WordPad Information Disclosure Vulnerability -
Windows Server 2022
29490 Microsoft Windows Kernel Exposed IOCTL with Insufficient
Access Control Vulnerability - Windows 10
20790 Google Chrome FreeType Heap Buffer Overflow Vulnerability -
Any Version of MacOS
30520 Microsoft WordPad Information Disclosure Vulnerability -
Windows Server 2008 R2
22840 Zoho ManageEngine ServiceDesk Plus (SDP) File Upload
Vulnerability - Any Version of Linux
27450 Microsoft WordPad Information Disclosure Vulnerability -
Windows 11
18750 ChakraCore Scripting Engine Type Confusion Vulnerability - Any
Version of Linux
16710 Dell dbutil Driver Insufficient Access Control Vulnerability -
Any Version of Windows
28490 Atlassian Confluence Data Center and Server Template Injection
Vulnerability - Any Operating System
16720 SolarWinds Orion Authentication Bypass Vulnerability - Any
Version of Windows
9040 Microsoft Windows LSA Spoofing Vulnerability - Windows Server
2012 R2
13650 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows Server 2022
29520 Microsoft Windows Kernel Exposed IOCTL with Insufficient
Access Control Vulnerability - Windows Server 2022
26960 Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
- Any Version of Linux
30550 Microsoft Windows LSA Spoofing Vulnerability - Windows Server
2008 R2
17750 GitLab Community and Enterprise Editions Remote Code Execution
Vulnerability - Any Version of Linux
29530 Microsoft Windows Kernel Exposed IOCTL with Insufficient
Access Control Vulnerability - Windows 11
26970 Ignite Realtime Openfire Path Traversal Vulnerability - Any
Version of Linux
7520 Microsoft Win32k Privilege Escalation Vulnerability - Windows
Server 2019
28000 ownCloud graphapi Information Disclosure Vulnerability - Any
Version of Linux
14180 Microsoft Defender Remote Code Execution Vulnerability - Any
Version of Windows
17770 SolarWinds Serv-U Remote Code Execution Vulnerability - Any
Version of Linux
4460 Microsoft Windows LSA Spoofing Vulnerability - Windows Server
2008 SP2
16750 ChakraCore Scripting Engine Type Confusion Vulnerability - Any
Version of Windows
32120 HTTP/2 Rapid Reset Attack Vulnerability - Any Version of
Windows
33660 Synacor Zimbra Collaboration Command Execution Vulnerability -
Any Version of Linux
17790 ExifTool Remote Code Execution Vulnerability - Any Version of
Linux
17800 Zabbix Frontend Authentication Bypass Vulnerability - Any
Version of Linux
27530 Roundcube Webmail Persistent Cross-Site Scripting (XSS)
Vulnerability - Any Operating System
15770 TIBCO JasperReports Server Information Disclosure
Vulnerability - Any Version of Windows
18330 Atlassian Crowd and Crowd Data Center Remote Code Execution
Vulnerability - Any Version of Linux
7580 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows Server 2019
27040 Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
- Any Version of MacOS
1440 Microsoft Windows LSA Spoofing Vulnerability - Windows 8.1
33190 Apple Multiple Products WebKit Code Execution Vulnerability -
SLE
27050 Apple Multiple Products WebKit Code Execution Vulnerability -
Any Version of MacOS
32170 Microsoft Windows Installer Improper Privilege Management
Vulnerability - Windows Server 2016
6060 Microsoft Task Scheduler Privilege Escalation Vulnerability -
Windows 10
28080 Qlik Sense Path Traversal Vulnerability - Any Version of
Windows
27060 Ignite Realtime Openfire Path Traversal Vulnerability - Any
Version of MacOS
32180 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism
Failure Vulnerability - Windows Server 2016
15290 System Information Library for Node.JS Command Injection - Any
Operating System
28090 Qlik Sense HTTP Tunneling Vulnerability - Any Version of
Windows
6590 Microsoft Win32k Privilege Escalation Vulnerability - Windows
10
32190 HTTP/2 Rapid Reset Attack Vulnerability - Windows Server 2016
18370 Zabbix Frontend Improper Access Control Vulnerability - Any
Version of Linux
17860 Veritas Backup Exec Agent Improper Authentication
Vulnerability - Any Version of Linux
32200 Microsoft Windows Installer Improper Privilege Management
Vulnerability - Windows Server 2019
29640 Android Pixel Privilege Escalation Vulnerability - Any Current
Service Pack of Android
3530 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows 7 SP1
8140 Microsoft Task Scheduler Privilege Escalation Vulnerability -
Windows Server 2016
28110 Apache Superset Insecure Default Initialization of Resource
Vulnerability - Any Operating System
14290 WordPress File Manager Plugin Remote Code Execution
Vulnerability - Any Operating System
32210 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism
Failure Vulnerability - Windows Server 2019
31190 OSGeo GeoServer GeoTools Eval Injection Vulnerability - Any
Version of Windows
28630 Red Hat Polkit Out-of-Bounds Read and Write Vulnerability -
Ubuntu
32220 HTTP/2 Rapid Reset Attack Vulnerability - Windows Server 2019
8670 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows Server 2016
15840 SolarWinds Serv-U Remote Code Execution Vulnerability - Any
Version of Windows
7140 Microsoft Task Scheduler Privilege Escalation Vulnerability -
Windows Server 2019
32230 Microsoft Windows Installer Improper Privilege Management
Vulnerability - Windows 10
11240 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability - Windows Server 2012
31210 SolarWinds Serv-U Path Traversal Vulnerability - Any Version
of Windows
28650 Linux Kernel Privilege Escalation Vulnerability - Ubuntu
16380 Atlassian Crowd and Crowd Data Center Remote Code Execution
Vulnerability - Any Version of Windows
27630 PHP FastCGI Process Manager (FPM) Buffer Overflow
Vulnerability - Any Version of Windows
32240 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism
Failure Vulnerability - Windows 10
6640 Microsoft Windows SAM Local Privilege Escalation Vulnerability
- Windows 10
18930 SolarWinds Serv-U Improper Input Validation Vulnerability -
Any Version of Linux
29680 Elasticsearch Groovy Scripting Engine Remote Code Execution
Vulnerability - Any Version of Linux
15860 ExifTool Remote Code Execution Vulnerability - Any Version of
Windows
31220 SolarWinds Serv-U Path Traversal Vulnerability - Any Version
of Linux
28660 Linux Kernel Use-After-Free Vulnerability - Ubuntu
27640 PHP FastCGI Process Manager (FPM) Buffer Overflow
Vulnerability - Any Version of Linux
29690 Elasticsearch Remote Code Execution Vulnerability - Any
Version of Linux
31740 Google Chromium V8 Type Confusion Vulnerability - Any Version
of Windows
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20241125/d27e3805/attachment.html>
More information about the Besadmin-announcements
mailing list