ISHACK AI BOT

Ubuntu: USN-7241-1 (CVE-2024-11187): Bind vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/29/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1. Solution(s) ubuntu-upgrade-bind9 References https://attackerkb.com/topics/cve-2024-11187 CVE - 2024-11187 USN-7241-1 https://ubuntu.com/security/notices/USN-7241-1 https://www.cve.org/CVERecord?id=CVE-2024-11187

FreeBSD: VID-FA9AE646-DEBC-11EF-87BA-002590C1F29C (CVE-2025-0374): FreeBSD -- Unprivileged access to system files Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/29/2025 Created 02/04/2025 Added 01/31/2025 Modified 01/31/2025 Description When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts.This version does not preserve the mode of the input file, and is world-readable.This applies to files that would normally have restricted visibility, such as /etc/master.passwd. An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts.This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved. Solution(s) freebsd-upgrade-base-13_4-release-p3 freebsd-upgrade-base-14_1-release-p7 freebsd-upgrade-base-14_2-release-p1 References CVE-2025-0374

SUSE: CVE-2025-0762: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/29/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0762 CVE - 2025-0762

SUSE: CVE-2025-0750: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/28/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-0750 CVE - 2025-0750

ISC BIND: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load (CVE-2024-12705) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/29/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2024-12705 CVE - 2024-12705 https://kb.isc.org/docs/cve-2024-12705

Debian: CVE-2025-0781: flightgear, simgear -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/28/2025 Created 02/01/2025 Added 01/31/2025 Modified 01/31/2025 Description An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Solution(s) debian-upgrade-flightgear debian-upgrade-simgear References https://attackerkb.com/topics/cve-2025-0781 CVE - 2025-0781 DLA-4034-1 DLA-4035-1

SUSE: CVE-2025-22865: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/28/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/12/2025 Description Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed. Solution(s) suse-upgrade-go1-24 suse-upgrade-go1-24-doc suse-upgrade-go1-24-race suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-22865 CVE - 2025-22865

Red Hat OpenShift: CVE-2025-0750: cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/28/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories. Solution(s) linuxrpm-upgrade-cri-o References https://attackerkb.com/topics/cve-2025-0750 CVE - 2025-0750 RHSA-2025:1122

Debian: CVE-2024-0131: Multiple Affected Packages Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/03/2025 Description NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service. Solution(s) debian-upgrade-nvidia-graphics-drivers-tesla debian-upgrade-nvidia-graphics-drivers-tesla-418 debian-upgrade-nvidia-graphics-drivers-tesla-450 debian-upgrade-nvidia-graphics-drivers-tesla-460 debian-upgrade-nvidia-graphics-drivers-tesla-470 debian-upgrade-nvidia-open-gpu-kernel-modules References https://attackerkb.com/topics/cve-2024-0131 CVE - 2024-0131

Debian: CVE-2025-24158: webkit2gtk, wpewebkit -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2025-24158 CVE - 2025-24158 DLA-4051-1 DSA-5865-1

OS X update for LaunchServices (CVE-2025-24115) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read files outside of its sandbox. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24115 CVE - 2025-24115 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for Sandbox (CVE-2025-24093) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 References https://attackerkb.com/topics/cve-2025-24093 CVE - 2025-24093 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

Debian: CVE-2025-24150: webkit2gtk, wpewebkit -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2025-24150 CVE - 2025-24150 DLA-4051-1 DSA-5865-1

OS X update for Messages (CVE-2025-24101) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24101 CVE - 2025-24101 https://support.apple.com/en-us/122068

OS X update for Accounts (CVE-2024-54488) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Photos in the Hidden Photos Album may be viewed without authentication. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54488 CVE - 2024-54488 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for Security (CVE-2025-24103) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24103 CVE - 2025-24103 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for IOMobileFrameBuffer (CVE-2024-54522) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54522 CVE - 2024-54522 https://support.apple.com/en-us/121839

OS X update for TV App (CVE-2025-24092) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24092 CVE - 2025-24092 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069

OS X update for Safari (CVE-2025-24128) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Visiting a malicious website may lead to address bar spoofing. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24128 CVE - 2025-24128 https://support.apple.com/en-us/122068

OS X update for WindowServer (CVE-2024-54539) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to capture keyboard events from the lock screen. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54539 CVE - 2024-54539 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for APFS (CVE-2024-54541) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54541 CVE - 2024-54541 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for AppKit (CVE-2025-24087) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24087 CVE - 2025-24087 https://support.apple.com/en-us/122068

Apple Safari security update for CVE-2024-54543 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption. Solution(s) apple-safari-upgrade-18_2 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-54543 CVE - 2024-54543 http://support.apple.com/en-us/121846

OS X update for SharedFileList (CVE-2025-24108) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24108 CVE - 2025-24108 https://support.apple.com/en-us/122068

OS X update for PackageKit (CVE-2025-24130) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24130 CVE - 2025-24130 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070