ISHACK AI BOT

Microsoft Office: CVE-2025-21346: Microsoft Office Security Feature Bypass Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21346: Microsoft Office Security Feature Bypass Vulnerability Solution(s) microsoft-office_2016-kb5002595 microsoft-office_2016-kb5002675 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21346 CVE - 2025-21346 https://support.microsoft.com/help/5002595 https://support.microsoft.com/help/5002675

Aruba AOS-8: CVE-2025-23051: Authenticated Remote Code Execution in AOS Web-based ManagementInterface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 01/14/2025 Created 01/23/2025 Added 01/21/2025 Modified 02/04/2025 Description An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. Solution(s) aruba-aos-8-cve-2025-23051 References https://attackerkb.com/topics/cve-2025-23051 CVE - 2025-23051 https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04723.json

Microsoft Windows: CVE-2025-21249: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21249: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21249 CVE - 2025-21249 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Fortinet FortiOS: Unspecified Security Vulnerability (CVE-2024-46665) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. Solution(s) fortios-upgrade-7_4_5 References https://attackerkb.com/topics/cve-2024-46665 CVE - 2024-46665 https://fortiguard.fortinet.com/psirt/FG-IR-24-326

Amazon Linux 2023: CVE-2024-12747: Important priority package update for rsync Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Solution(s) amazon-linux-2023-upgrade-rsync amazon-linux-2023-upgrade-rsync-daemon amazon-linux-2023-upgrade-rsync-debuginfo amazon-linux-2023-upgrade-rsync-debugsource References https://attackerkb.com/topics/cve-2024-12747 CVE - 2024-12747 https://alas.aws.amazon.com/AL2023/ALAS-2025-801.html

Microsoft Windows: CVE-2025-21256: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21256: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21256 CVE - 2025-21256 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Debian: CVE-2024-12747: rsync -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/16/2025 Description A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Solution(s) debian-upgrade-rsync References https://attackerkb.com/topics/cve-2024-12747 CVE - 2024-12747 DLA-4015-1 DSA-5843-1

FreeBSD: VID-756839E1-CD78-4082-9F9E-D0DA616CA8DD (CVE-2025-0435): chromium -- multiple security fixes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/28/2025 Added 01/26/2025 Modified 01/26/2025 Description Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2025-0435

Fortinet FortiClientEMS: CVE-2023-4863 - Heap overflow in Chrome/libwebp (CVE-2023-4863) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/15/2025 Description Fortinet Product Security team has evaluated the impact of the vulnerablity affecting Google Chrome library listed below:CVE-2023-4863: severity HIGHHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.https://nvd.nist.gov/vuln/detail/CVE-2023-4863FortiClient and FortiClientEMS applications have embedded Chrome browser (for SAML authentication and administrative console application.)FortiSOAR is using Chrome to render reports on the backend.Libwepb is the library which renders ".webp" images into chrome browser.When a malicious image is displayed in chrome (with data overflow), program execution might be modified by the attacker. The attacker will need to escape google chrome sandboxing environment to perform additional damages. Solution(s) fortinet-forticlientems-upgrade-latest References https://attackerkb.com/topics/cve-2023-4863 CVE - 2023-4863 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863 https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-4863 https://www.fortiguard.com/psirt/FG-IR-23-381

Fortinet FortiOS: Out-of-bounds Read (CVE-2024-46670) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. Solution(s) fortios-upgrade-7_2_10 fortios-upgrade-7_4_5 References https://attackerkb.com/topics/cve-2024-46670 CVE - 2024-46670 https://fortiguard.fortinet.com/psirt/FG-IR-24-266

Amazon Linux AMI: CVE-2024-12087: Security patch for rsync (ALAS-2025-1955) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/21/2025 Added 01/18/2025 Modified 01/18/2025 Description A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. Solution(s) amazon-linux-upgrade-rsync References ALAS-2025-1955 CVE-2024-12087

Fortinet FortiOS: Out-of-bounds Write (CVE-2024-52963) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/06/2025 Description A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. Solution(s) fortios-upgrade-7_6_1 References https://attackerkb.com/topics/cve-2024-52963 CVE - 2024-52963 https://fortiguard.fortinet.com/psirt/FG-IR-24-373

Gentoo Linux: CVE-2024-12086: rsync: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/16/2025 Description A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. Solution(s) gentoo-linux-upgrade-net-misc-rsync References https://attackerkb.com/topics/cve-2024-12086 CVE - 2024-12086 202501-01

Microsoft Windows: CVE-2025-21219: MapUrlToZone Security Feature Bypass Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21219: MapUrlToZone Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21219 CVE - 2025-21219 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 View more

Microsoft Windows: CVE-2025-21298: Windows OLE Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21298: Windows OLE Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21298 CVE - 2025-21298 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Office: CVE-2025-21362: Microsoft Excel Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21362: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002673 microsoft-office_online_server-kb5002677 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21362 CVE - 2025-21362 https://support.microsoft.com/help/5002673 https://support.microsoft.com/help/5002677

Fortinet FortiAnalyzer: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2024-35275) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. Solution(s) fortinet-fortianalyzer-upgrade-7_4_4 References https://attackerkb.com/topics/cve-2024-35275 CVE - 2024-35275 https://fortiguard.fortinet.com/psirt/FG-IR-24-091

Oracle WebLogic: CVE-2025-21535 : Critical Patch Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/23/2025 Added 01/21/2025 Modified 01/27/2025 Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).Supported versions that are affected are 12.2.1.4.0 and14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Solution(s) oracle-weblogic-jan-2025-cpu-12_2_1_4_0 oracle-weblogic-jan-2025-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2025-21535 CVE - 2025-21535 http://www.oracle.com/security-alerts/cpujan2025.html https://support.oracle.com/rs?type=doc&id=3064245.2

Debian: CVE-2024-12086: rsync -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/16/2025 Description A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. Solution(s) debian-upgrade-rsync References https://attackerkb.com/topics/cve-2024-12086 CVE - 2024-12086 DLA-4015-1 DSA-5843-1

Microsoft Windows: CVE-2025-21319: Windows Kernel Memory Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21319: Windows Kernel Memory Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21319 CVE - 2025-21319 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21409: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21409: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21409 CVE - 2025-21409 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21374: Windows CSC Service Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21374: Windows CSC Service Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21374 CVE - 2025-21374 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21372: Microsoft Brokering File System Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21372: Microsoft Brokering File System Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21372 CVE - 2025-21372 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5050009

Alma Linux: CVE-2025-21173: Important: .NET 8.0 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description .NET Elevation of Privilege Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-8.0 alma-upgrade-aspnetcore-runtime-9.0 alma-upgrade-aspnetcore-runtime-dbg-8.0 alma-upgrade-aspnetcore-runtime-dbg-9.0 alma-upgrade-aspnetcore-targeting-pack-8.0 alma-upgrade-aspnetcore-targeting-pack-9.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-8.0 alma-upgrade-dotnet-apphost-pack-9.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-8.0 alma-upgrade-dotnet-hostfxr-9.0 alma-upgrade-dotnet-runtime-8.0 alma-upgrade-dotnet-runtime-9.0 alma-upgrade-dotnet-runtime-dbg-8.0 alma-upgrade-dotnet-runtime-dbg-9.0 alma-upgrade-dotnet-sdk-8.0 alma-upgrade-dotnet-sdk-8.0-source-built-artifacts alma-upgrade-dotnet-sdk-9.0 alma-upgrade-dotnet-sdk-9.0-source-built-artifacts alma-upgrade-dotnet-sdk-aot-9.0 alma-upgrade-dotnet-sdk-dbg-8.0 alma-upgrade-dotnet-sdk-dbg-9.0 alma-upgrade-dotnet-targeting-pack-8.0 alma-upgrade-dotnet-targeting-pack-9.0 alma-upgrade-dotnet-templates-8.0 alma-upgrade-dotnet-templates-9.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2025-21173 CVE - 2025-21173 https://errata.almalinux.org/8/ALSA-2025-0381.html https://errata.almalinux.org/8/ALSA-2025-0382.html

Ubuntu: USN-7220-1 (CVE-2025-22134): Vim vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/13/2025 Created 01/24/2025 Added 01/23/2025 Modified 01/24/2025 Description When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 Solution(s) ubuntu-upgrade-vim References https://attackerkb.com/topics/cve-2025-22134 CVE - 2025-22134 USN-7220-1 http://www.openwall.com/lists/oss-security/2025/01/11/1 https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 https://ubuntu.com/security/notices/USN-7220-1 https://www.cve.org/CVERecord?id=CVE-2025-22134 View more