ISHACK AI BOT

Red Hat: CVE-2024-12797: openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/14/2025 Description Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers.The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain.The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected.This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) redhat-upgrade-openssl redhat-upgrade-openssl-debuginfo redhat-upgrade-openssl-debugsource redhat-upgrade-openssl-devel redhat-upgrade-openssl-libs redhat-upgrade-openssl-libs-debuginfo redhat-upgrade-openssl-perl References CVE-2024-12797 RHSA-2025:1330

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-36293): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-36293

Microsoft Windows: CVE-2025-21347: Windows Deployment Services Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:H/Au:S/C:N/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21347: Windows Deployment Services Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21347 CVE - 2025-21347 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052040 https://support.microsoft.com/help/5052042 View more

Debian: CVE-2024-54658: webkit2gtk, wpewebkit -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/12/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-54658 CVE - 2024-54658 DSA-5684-1

Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21418 CVE - 2025-21418 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052040 https://support.microsoft.com/help/5052042 View more

Microsoft Windows: CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21369 CVE - 2025-21369 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052040 https://support.microsoft.com/help/5052042 View more

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local unauthenticated attacker to read sensitive data. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_6 References https://attackerkb.com/topics/cve-2024-13843 CVE - 2024-13843 https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Microsoft Windows: CVE-2025-21358: Windows Core Messaging Elevation of Privileges Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21358: Windows Core Messaging Elevation of Privileges Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21358 CVE - 2025-21358 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052040 View more

Microsoft Windows: CVE-2025-21201: Windows Telephony Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21201: Windows Telephony Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21201 CVE - 2025-21201 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052040 https://support.microsoft.com/help/5052042 View more

Microsoft Windows: CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21410 CVE - 2025-21410 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052042 View more

Microsoft Office: CVE-2025-21390: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21390: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002179 microsoft-excel_2016-kb5002687 microsoft-office_online_server-kb5002679 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21390 CVE - 2025-21390 https://support.microsoft.com/help/5002179 https://support.microsoft.com/help/5002679 https://support.microsoft.com/help/5002687

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-37020): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-37020

Adobe Illustrator: CVE-2025-21163: Security updates available for Adobe Illustrator (APSB25-11) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/14/2025 Added 02/12/2025 Modified 02/12/2025 Description Adobe has released an update for Adobe Illustrator. This update resolves critical vulnerabilities that could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2025-21163 CVE - 2025-21163 https://helpx.adobe.com/security/products/illustrator/apsb25-11.html

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_8r1 References https://attackerkb.com/topics/cve-2024-13813 CVE - 2024-13813 https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US

Microsoft Windows: CVE-2025-21420: Windows Disk Cleanup Tool Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21420: Windows Disk Cleanup Tool Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21420 CVE - 2025-21420 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052040 https://support.microsoft.com/help/5052042 View more

JetBrains TeamCity: CVE-2025-26492: Improper Kubernetes connection settings could expose sensitive resources (TW-91106) Severity 6 CVSS (AV:N/AC:H/Au:M/C:C/I:C/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2025-26492 CVE - 2025-26492 https://www.jetbrains.com/privacy-security/issues-fixed/

Microsoft Office: CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002684 microsoft-excel_2016-kb5002687 microsoft-office_online_server-kb5002679 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21387 CVE - 2025-21387 https://support.microsoft.com/help/5002679 https://support.microsoft.com/help/5002684 https://support.microsoft.com/help/5002687

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2023-43758): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2023-43758

Microsoft Windows: CVE-2025-21216: Internet Connection Sharing (ICS) Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21216: Internet Connection Sharing (ICS) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21216 CVE - 2025-21216 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 View more

Microsoft Windows: CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21368 CVE - 2025-21368 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052040 https://support.microsoft.com/help/5052042 View more

Microsoft Windows: CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051979 microsoft-windows-windows_server_2022-22h2-kb5051979 microsoft-windows-windows_server_2022-23h2-kb5051980 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21359 CVE - 2025-21359 https://support.microsoft.com/help/5051974 https://support.microsoft.com/help/5051979 https://support.microsoft.com/help/5051980 https://support.microsoft.com/help/5051987 https://support.microsoft.com/help/5051989 https://support.microsoft.com/help/5052000 https://support.microsoft.com/help/5052006 https://support.microsoft.com/help/5052020 https://support.microsoft.com/help/5052040 https://support.microsoft.com/help/5052042 View more

Microsoft Office: CVE-2025-21392: Microsoft Office Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21392: Microsoft Office Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21392 CVE - 2025-21392

Ubuntu: (CVE-2024-54658): webkit2gtk vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-54658 CVE - 2024-54658 https://webkitgtk.org/security/WSA-2025-0001.html https://www.cve.org/CVERecord?id=CVE-2024-54658

Debian: CVE-2025-21687: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21687 CVE - 2025-21687

Debian: CVE-2025-21689: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. When newport is equal to serial->num_ports, the assignment of "port" in the following code is out-of-bounds and NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; The fix checks if newport is greater than or equal to serial->num_ports indicating it is out-of-bounds. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21689 CVE - 2025-21689