ISHACK AI BOT

Microsoft Windows: CVE-2025-21245: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21245: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21245 CVE - 2025-21245 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21308: Windows Themes Spoofing Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21308: Windows Themes Spoofing Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21308 CVE - 2025-21308 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21382: Windows Graphics Component Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21382: Windows Graphics Component Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21382 CVE - 2025-21382 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021 View more

Microsoft Windows: CVE-2025-21235: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21235: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21235 CVE - 2025-21235 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021

Microsoft Windows: CVE-2025-21243: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21243: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21243 CVE - 2025-21243 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21324: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21324: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21324 CVE - 2025-21324 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21312: Windows Smart Card Reader Information Disclosure Vulnerability Severity 2 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21312: Windows Smart Card Reader Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 References https://attackerkb.com/topics/cve-2025-21312 CVE - 2025-21312 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Rocky Linux: CVE-2024-12085: rsync (RLSA-2025-0325) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/21/2025 Added 01/20/2025 Modified 02/03/2025 Description A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Solution(s) rocky-upgrade-rsync rocky-upgrade-rsync-debuginfo rocky-upgrade-rsync-debugsource References https://attackerkb.com/topics/cve-2024-12085 CVE - 2024-12085 https://errata.rockylinux.org/RLSA-2025:0325

Microsoft Windows: CVE-2025-21246: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21246: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21246 CVE - 2025-21246 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21257: Windows WLAN AutoConfig Service Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21257: Windows WLAN AutoConfig Service Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21257 CVE - 2025-21257 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021 View more

Microsoft Windows: CVE-2025-21213: Secure Boot Security Feature Bypass Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21213: Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21213 CVE - 2025-21213 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft SharePoint: CVE-2025-21344: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft SharePoint: CVE-2025-21344: Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002671 microsoft-sharepoint-sharepoint_2016-kb5002672 microsoft-sharepoint-sharepoint_2019-kb5002666 microsoft-sharepoint-sharepoint_2019-kb5002667 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002676 References https://attackerkb.com/topics/cve-2025-21344 CVE - 2025-21344 https://support.microsoft.com/help/5002666 https://support.microsoft.com/help/5002667 https://support.microsoft.com/help/5002671 https://support.microsoft.com/help/5002672 https://support.microsoft.com/help/5002676

Microsoft Windows: CVE-2025-21333: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21333: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21333 CVE - 2025-21333 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021

Ubuntu: USN-7210-1 (CVE-2025-21173): .NET vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description .NET Elevation of Privilege Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-8-0 ubuntu-upgrade-aspnetcore-runtime-9-0 ubuntu-upgrade-dotnet-host-8-0 ubuntu-upgrade-dotnet-host-9-0 ubuntu-upgrade-dotnet-hostfxr-8-0 ubuntu-upgrade-dotnet-hostfxr-9-0 ubuntu-upgrade-dotnet-runtime-8-0 ubuntu-upgrade-dotnet-runtime-9-0 ubuntu-upgrade-dotnet-sdk-8-0 ubuntu-upgrade-dotnet-sdk-9-0 ubuntu-upgrade-dotnet8 ubuntu-upgrade-dotnet9 References https://attackerkb.com/topics/cve-2025-21173 CVE - 2025-21173 USN-7210-1

Microsoft Windows: CVE-2025-21224: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21224: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21224 CVE - 2025-21224 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021

Ubuntu: (Multiple Advisories) (CVE-2024-12085): rsync vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/16/2025 Added 01/15/2025 Modified 02/03/2025 Description A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Solution(s) ubuntu-pro-upgrade-rsync References https://attackerkb.com/topics/cve-2024-12085 CVE - 2024-12085 USN-7206-1 USN-7206-2 USN-7206-3

Fortinet FortiManager: Out-of-bounds Write (CVE-2024-35273) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/05/2025 Added 02/02/2025 Modified 02/05/2025 Description A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. Solution(s) fortinet-fortimanager-upgrade-7_4_3 References https://attackerkb.com/topics/cve-2024-35273 CVE - 2024-35273 https://fortiguard.fortinet.com/psirt/FG-IR-24-106

Microsoft Windows: CVE-2025-21292: Windows Search Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21292: Windows Search Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21292 CVE - 2025-21292 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021 View more

Microsoft Windows: CVE-2025-21269: Windows HTML Platforms Security Feature Bypass Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21269: Windows HTML Platforms Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21269 CVE - 2025-21269 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21280: Windows Virtual Trusted Platform Module Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21280: Windows Virtual Trusted Platform Module Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21280 CVE - 2025-21280 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 View more

Red Hat JBossEAP: Cross-site Scripting (CVE-2025-23366) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 01/14/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/16/2025 Description A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.. A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2025-23366 CVE - 2025-23366 https://access.redhat.com/security/cve/CVE-2025-23366 https://bugzilla.redhat.com/show_bug.cgi?id=2337619

Amazon Linux AMI 2: CVE-2024-50349: Security patch for git (ALAS-2025-2737) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/28/2025 Added 01/27/2025 Modified 01/27/2025 Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. Solution(s) amazon-linux-ami-2-upgrade-git amazon-linux-ami-2-upgrade-git-all amazon-linux-ami-2-upgrade-git-core amazon-linux-ami-2-upgrade-git-core-doc amazon-linux-ami-2-upgrade-git-credential-libsecret amazon-linux-ami-2-upgrade-git-cvs amazon-linux-ami-2-upgrade-git-daemon amazon-linux-ami-2-upgrade-git-debuginfo amazon-linux-ami-2-upgrade-git-email amazon-linux-ami-2-upgrade-git-gui amazon-linux-ami-2-upgrade-git-instaweb amazon-linux-ami-2-upgrade-git-p4 amazon-linux-ami-2-upgrade-git-subtree amazon-linux-ami-2-upgrade-git-svn amazon-linux-ami-2-upgrade-gitk amazon-linux-ami-2-upgrade-gitweb amazon-linux-ami-2-upgrade-perl-git amazon-linux-ami-2-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2024-50349 AL2/ALAS-2025-2737 CVE - 2024-50349

Amazon Linux 2023: CVE-2024-52006: Medium priority package update for git Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/14/2025 Created 02/05/2025 Added 02/14/2025 Modified 02/14/2025 Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs. Solution(s) amazon-linux-2023-upgrade-git amazon-linux-2023-upgrade-git-all amazon-linux-2023-upgrade-git-core amazon-linux-2023-upgrade-git-core-debuginfo amazon-linux-2023-upgrade-git-core-doc amazon-linux-2023-upgrade-git-credential-libsecret amazon-linux-2023-upgrade-git-credential-libsecret-debuginfo amazon-linux-2023-upgrade-git-cvs amazon-linux-2023-upgrade-git-daemon amazon-linux-2023-upgrade-git-daemon-debuginfo amazon-linux-2023-upgrade-git-debuginfo amazon-linux-2023-upgrade-git-debugsource amazon-linux-2023-upgrade-git-email amazon-linux-2023-upgrade-git-gui amazon-linux-2023-upgrade-git-instaweb amazon-linux-2023-upgrade-gitk amazon-linux-2023-upgrade-git-p4 amazon-linux-2023-upgrade-git-subtree amazon-linux-2023-upgrade-git-svn amazon-linux-2023-upgrade-gitweb amazon-linux-2023-upgrade-perl-git amazon-linux-2023-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2024-52006 CVE - 2024-52006 https://alas.aws.amazon.com/AL2023/ALAS-2025-815.html

Fortinet FortiManager: Unspecified Security Vulnerability (CVE-2024-48884) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/11/2025 Added 02/06/2025 Modified 02/06/2025 Description A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets. Solution(s) fortinet-fortimanager-upgrade-7_4_4 fortinet-fortimanager-upgrade-7_6_2 References https://attackerkb.com/topics/cve-2024-48884 CVE - 2024-48884 https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Microsoft Windows: CVE-2025-21260: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21260: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21260 CVE - 2025-21260 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more