ISHACK AI BOT

FreeBSD: VID-41711C0D-DB27-11EF-873E-8447094A420F: Vaultwarden -- Muiltiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/25/2025 Created 01/28/2025 Added 01/26/2025 Modified 01/26/2025 Description The Vaultwarden project reports: RCE in the admin panel. Getting access to the Admin Panel via CSRF. Escalation of privilege via variable confusion in OrgHeaders trait. Solution(s) freebsd-upgrade-package-vaultwarden

Oracle Linux: CVE-2022-49043: ELSA-2025-1350:libxml2 security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/26/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) oracle-linux-upgrade-libxml2 oracle-linux-upgrade-libxml2-devel oracle-linux-upgrade-python3-libxml2 References https://attackerkb.com/topics/cve-2022-49043 CVE - 2022-49043 ELSA-2025-1350

SUSE: CVE-2025-23050: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/25/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/03/2025 Description This CVE is addressed in the SUSE advisories openSUSE-SU-2025:0033-1, openSUSE-SU-2025:14692-1, openSUSE-SU-2025:14716-1, CVE-2025-23050. Solution(s) suse-upgrade-libqt6bluetooth6 suse-upgrade-libqt6nfc6 suse-upgrade-qt6-connectivity suse-upgrade-qt6-connectivity-devel suse-upgrade-qt6-connectivity-docs-html suse-upgrade-qt6-connectivity-docs-qch suse-upgrade-qt6-connectivity-examples suse-upgrade-qt6-connectivity-private-devel References https://attackerkb.com/topics/cve-2025-23050 CVE - 2025-23050 openSUSE-SU-2025:0033-1 openSUSE-SU-2025:14692-1 openSUSE-SU-2025:14716-1

7-Zip: CVE-2025-0411: CWE-693 Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/25/2025 Created 01/30/2025 Added 01/29/2025 Modified 02/13/2025 Description 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456. Solution(s) 7-zip-7-zip-upgrade-latest References https://attackerkb.com/topics/cve-2025-0411 CVE - 2025-0411 https://www.zerodayinitiative.com/advisories/ZDI-25-045/

FreeBSD: VID-41711C0D-DB27-11EF-873E-8447094A420F (CVE-2025-24364): Vaultwarden -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/25/2025 Created 02/04/2025 Added 02/01/2025 Modified 02/01/2025 Description vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email. This vulnerability is fixed in 1.33.0. Solution(s) freebsd-upgrade-package-vaultwarden References CVE-2025-24364

SUSE: CVE-2025-24359: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/24/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties. Version 1.0.6 fixes this issue. Solution(s) suse-upgrade-python311-asteval References https://attackerkb.com/topics/cve-2025-24359 CVE - 2025-24359

Microsoft Edge Chromium: CVE-2025-21262 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 01/24/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/03/2025 Description User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21262 CVE - 2025-21262 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21262

FreeBSD: VID-41711C0D-DB27-11EF-873E-8447094A420F (CVE-2025-24365): Vaultwarden -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/25/2025 Created 02/04/2025 Added 02/01/2025 Modified 02/01/2025 Description vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0. Solution(s) freebsd-upgrade-package-vaultwarden References CVE-2025-24365

SUSE: CVE-2025-24355: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/24/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-24355 CVE - 2025-24355

SUSE: CVE-2025-23085: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/24/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/10/2025 Description A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x. Solution(s) suse-upgrade-corepack20 suse-upgrade-corepack22 suse-upgrade-nodejs18 suse-upgrade-nodejs18-devel suse-upgrade-nodejs18-docs suse-upgrade-nodejs20 suse-upgrade-nodejs20-devel suse-upgrade-nodejs20-docs suse-upgrade-nodejs22 suse-upgrade-nodejs22-devel suse-upgrade-nodejs22-docs suse-upgrade-npm18 suse-upgrade-npm20 suse-upgrade-npm22 References https://attackerkb.com/topics/cve-2025-23085 CVE - 2025-23085

Debian: CVE-2024-57947: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/23/2025 Created 01/28/2025 Added 01/27/2025 Modified 01/27/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result and the fill map are swapped, so if we have a set where f->bsize of the first element is smaller than m->bsize_max, those one-bits are leaked into future rounds result map. This makes pipapo find an incorrect matching results for sets where first field size is not the largest. Followup patch adds a test case to nft_concat_range.sh selftest script. Thanks to Stefano Brivio for pointing out that we need to zero out the remainder explicitly, only correcting memset() argument isn't enough. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57947 CVE - 2024-57947

Debian: CVE-2024-57184: gpac -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/24/2025 Created 01/28/2025 Added 01/27/2025 Modified 01/27/2025 Description An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2024-57184 CVE - 2024-57184

Google Chrome Vulnerability: CVE-2025-0612 Out of bounds memory access in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/23/2025 Created 01/24/2025 Added 01/23/2025 Modified 01/27/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0612 CVE - 2025-0612

Ubuntu: (CVE-2024-57947): linux-bluefield vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/23/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result and the fill map are swapped, so if we have a set where f->bsize of the first element is smaller than m->bsize_max, those one-bits are leaked into future rounds result map. This makes pipapo find an incorrect matching results for sets where first field size is not the largest. Followup patch adds a test case to nft_concat_range.sh selftest script. Thanks to Stefano Brivio for pointing out that we need to zero out the remainder explicitly, only correcting memset() argument isn't enough. Solution(s) ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-intel-iot-realtime ubuntu-upgrade-linux-raspi-realtime ubuntu-upgrade-linux-realtime References https://attackerkb.com/topics/cve-2024-57947 CVE - 2024-57947 https://git.kernel.org/linus/791a615b7ad2258c560f91852be54b0480837c93 https://git.kernel.org/stable/c/69b6a67f7052905e928d75a0c5871de50e686986 https://git.kernel.org/stable/c/791a615b7ad2258c560f91852be54b0480837c93 https://git.kernel.org/stable/c/8058c88ac0df21239daee54b5934d5c80ca9685f https://git.kernel.org/stable/c/957a4d1c4c5849e4515c9fb4db21bf85318103dc https://git.kernel.org/stable/c/9625c46ce6fd4f922595a4b32b1de5066d70464f https://www.cve.org/CVERecord?id=CVE-2024-57947 View more

Google Chrome Vulnerability: CVE-2025-0611 Object corruption in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/23/2025 Created 01/24/2025 Added 01/23/2025 Modified 01/27/2025 Description Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0611 CVE - 2025-0611

Rocky Linux: CVE-2025-23083: nodejs-20 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. Solution(s) rocky-upgrade-nodejs rocky-upgrade-nodejs-debuginfo rocky-upgrade-nodejs-debugsource rocky-upgrade-nodejs-devel rocky-upgrade-nodejs-full-i18n rocky-upgrade-npm References https://attackerkb.com/topics/cve-2025-23083 CVE - 2025-23083 https://errata.rockylinux.org/RLSA-2025:1351 https://errata.rockylinux.org/RLSA-2025:1443

SUSE: CVE-2025-24030: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/23/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-24030 CVE - 2025-24030

Fortinet FortiOS: Externally Controlled Reference to a Resource in Another Sphere (CVE-2022-23439) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver Solution(s) fortios-upgrade-7_0_6 fortios-upgrade-7_2_5 References https://attackerkb.com/topics/cve-2022-23439 CVE - 2022-23439 https://fortiguard.com/psirt/FG-IR-21-254

FreeBSD: (Multiple Advisories) (CVE-2025-0611): chromium -- multiple security fixes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/28/2025 Added 01/26/2025 Modified 02/03/2025 Description Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2025-0611

Oracle MySQL Vulnerability: CVE-2025-21491 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21491 CVE - 2025-21491

Microsoft Edge Chromium: CVE-2025-0612 Out of bounds memory access in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-0611 CVE - 2025-0611 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0611

Oracle MySQL Vulnerability: CVE-2025-21493 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.4.3 and prior and9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21493 CVE - 2025-21493

FreeBSD: VID-1E109B60-D92E-11EF-A661-08002784C58D (CVE-2025-20128): clamav -- Possbile denial-of-service vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/28/2025 Added 01/24/2025 Modified 01/24/2025 Description A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Solution(s) freebsd-upgrade-package-clamav freebsd-upgrade-package-clamav-lts References CVE-2025-20128

Oracle MySQL Vulnerability: CVE-2025-21501 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21501 CVE - 2025-21501

Ubuntu: (Multiple Advisories) (CVE-2025-0395): GNU C Library vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/11/2025 Added 02/07/2025 Modified 02/11/2025 Description When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. Solution(s) ubuntu-pro-upgrade-libc6 References https://attackerkb.com/topics/cve-2025-0395 CVE - 2025-0395 USN-7259-1 USN-7259-2 USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001 https://sourceware.org/pipermail/libc-announce/2025/000044.html https://ubuntu.com/security/notices/USN-7259-1 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://www.openwall.com/lists/oss-security/2025/01/22/4 View more