ISHACK AI BOT

Oracle MySQL Vulnerability: CVE-2025-21504 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21504 CVE - 2025-21504

Oracle MySQL Vulnerability: CVE-2025-21497 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21497 CVE - 2025-21497

Red Hat OpenShift: CVE-2024-11218: podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/14/2025 Description A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. Solution(s) linuxrpm-upgrade-podman References https://attackerkb.com/topics/cve-2024-11218 CVE - 2024-11218 RHSA-2025:0830 RHSA-2025:0878 RHSA-2025:0922 RHSA-2025:0923 RHSA-2025:1186 RHSA-2025:1187 RHSA-2025:1188 RHSA-2025:1189 RHSA-2025:1207 RHSA-2025:1275 RHSA-2025:1295 RHSA-2025:1296 RHSA-2025:1372 View more

Oracle MySQL Vulnerability: CVE-2025-21494 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21494 CVE - 2025-21494

Oracle MySQL Vulnerability: CVE-2025-21543 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21543 CVE - 2025-21543

Debian: CVE-2025-0612: chromium -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/28/2025 Added 01/27/2025 Modified 01/27/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0612 CVE - 2025-0612 DSA-5848-1

SUSE: CVE-2025-0611: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0611 CVE - 2025-0611

Debian: CVE-2024-57940: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented, causing condition 'dentry < max_dentries' unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs(). This commit stops traversing the cluster chain when there is unused directory entry in the cluster to avoid this infinite loop. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57940 CVE - 2024-57940 DSA-5860-1

Debian: CVE-2024-57930: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there's no unwanted dereferencing. It calls process_string() to handle cases in TP_printk() format that has "%s". It returns whether or not the string is safe. But it can have some false positives. For instance, xe_bo_move() has: TP_printk("move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s", __entry->move_lacks_source ? "yes" : "no", __entry->bo, __entry->size, xe_mem_type_to_name[__entry->old_placement], xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) Where the "%s" references into xe_mem_type_to_name[]. This is an array of pointers that should be safe for the event to access. Instead of flagging this as a bad reference, if a reference points to an array, where the record field is the index, consider it safe. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57930 CVE - 2024-57930

Oracle MySQL Vulnerability: CVE-2025-21566 Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21566 CVE - 2025-21566

Debian: CVE-2025-21664: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu() and cautions programmers against relying on a list_empty() -> list_first() sequence in RCU safe code.This is because each of these functions performs its own READ_ONCE() of the list head.This can lead to a situation where the list_empty() sees a valid list entry, but the subsequent list_first() sees a different view of list head state after a modification. In the case of dm-thin, this author had a production box crash from a GP fault in the process_deferred_bios path.This function saw a valid list head in get_first_thin() but when it subsequently dereferenced that and turned it into a thin_c, it got the inside of the struct pool, since the list was now empty and referring to itself.The kernel on which this occurred printed both a warning about a refcount_t being saturated, and a UBSAN error for an out-of-bounds cpuid access in the queued spinlock, prior to the fault itself.When the resulting kdump was examined, it was possible to see another thread patiently waiting in thin_dtr's synchronize_rcu. The thin_dtr call managed to pull the thin_c out of the active thins list (and have it be the last entry in the active_thins list) at just the wrong moment which lead to this crash. Fortunately, the fix here is straight forward.Switch get_first_thin() function to use list_first_or_null_rcu() which performs just a single READ_ONCE() and returns NULL if the list is already empty. This was run against the devicemapper test suite's thin-provisioning suites for delete and suspend and no regressions were observed. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21664 CVE - 2025-21664 DSA-5860-1

Alma Linux: CVE-2025-21502: Moderate: java-17-openjdk security update for AlmaLinux 8.6, 8.8, 8.10, 9.4 and 9.5 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 01/28/2025 Added 01/27/2025 Modified 01/30/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Solution(s) alma-upgrade-java-17-openjdk alma-upgrade-java-17-openjdk-demo alma-upgrade-java-17-openjdk-demo-fastdebug alma-upgrade-java-17-openjdk-demo-slowdebug alma-upgrade-java-17-openjdk-devel alma-upgrade-java-17-openjdk-devel-fastdebug alma-upgrade-java-17-openjdk-devel-slowdebug alma-upgrade-java-17-openjdk-fastdebug alma-upgrade-java-17-openjdk-headless alma-upgrade-java-17-openjdk-headless-fastdebug alma-upgrade-java-17-openjdk-headless-slowdebug alma-upgrade-java-17-openjdk-javadoc alma-upgrade-java-17-openjdk-javadoc-zip alma-upgrade-java-17-openjdk-jmods alma-upgrade-java-17-openjdk-jmods-fastdebug alma-upgrade-java-17-openjdk-jmods-slowdebug alma-upgrade-java-17-openjdk-slowdebug alma-upgrade-java-17-openjdk-src alma-upgrade-java-17-openjdk-src-fastdebug alma-upgrade-java-17-openjdk-src-slowdebug alma-upgrade-java-17-openjdk-static-libs alma-upgrade-java-17-openjdk-static-libs-fastdebug alma-upgrade-java-17-openjdk-static-libs-slowdebug alma-upgrade-java-21-openjdk alma-upgrade-java-21-openjdk-demo alma-upgrade-java-21-openjdk-demo-fastdebug alma-upgrade-java-21-openjdk-demo-slowdebug alma-upgrade-java-21-openjdk-devel alma-upgrade-java-21-openjdk-devel-fastdebug alma-upgrade-java-21-openjdk-devel-slowdebug alma-upgrade-java-21-openjdk-fastdebug alma-upgrade-java-21-openjdk-headless alma-upgrade-java-21-openjdk-headless-fastdebug alma-upgrade-java-21-openjdk-headless-slowdebug alma-upgrade-java-21-openjdk-javadoc alma-upgrade-java-21-openjdk-javadoc-zip alma-upgrade-java-21-openjdk-jmods alma-upgrade-java-21-openjdk-jmods-fastdebug alma-upgrade-java-21-openjdk-jmods-slowdebug alma-upgrade-java-21-openjdk-slowdebug alma-upgrade-java-21-openjdk-src alma-upgrade-java-21-openjdk-src-fastdebug alma-upgrade-java-21-openjdk-src-slowdebug alma-upgrade-java-21-openjdk-static-libs alma-upgrade-java-21-openjdk-static-libs-fastdebug alma-upgrade-java-21-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2025-21502 CVE - 2025-21502 https://errata.almalinux.org/8/ALSA-2025-0422.html https://errata.almalinux.org/8/ALSA-2025-0426.html https://errata.almalinux.org/9/ALSA-2025-0422.html https://errata.almalinux.org/9/ALSA-2025-0426.html

Amazon Linux 2023: CVE-2025-23085: Important priority package update for nodejs20 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/21/2025 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description No description is available for this CVE. Solution(s) amazon-linux-2023-upgrade-nodejs20 amazon-linux-2023-upgrade-nodejs20-debuginfo amazon-linux-2023-upgrade-nodejs20-debugsource amazon-linux-2023-upgrade-nodejs20-devel amazon-linux-2023-upgrade-nodejs20-docs amazon-linux-2023-upgrade-nodejs20-full-i18n amazon-linux-2023-upgrade-nodejs20-libs amazon-linux-2023-upgrade-nodejs20-libs-debuginfo amazon-linux-2023-upgrade-nodejs20-npm amazon-linux-2023-upgrade-v8-11-3-devel References https://attackerkb.com/topics/cve-2025-23085 CVE - 2025-23085 https://alas.aws.amazon.com/AL2023/ALAS-2025-822.html

Ubuntu: (CVE-2025-21494): mysql-8.0 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 01/25/2025 Added 01/24/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-8-0 References https://attackerkb.com/topics/cve-2025-21494 CVE - 2025-21494 https://www.cve.org/CVERecord?id=CVE-2025-21494 https://www.oracle.com/security-alerts/cpujan2025.html

Ubuntu: (Multiple Advisories) (CVE-2025-21502): OpenJDK 11 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/06/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Solution(s) ubuntu-upgrade-openjdk-11-jdk ubuntu-upgrade-openjdk-11-jdk-headless ubuntu-upgrade-openjdk-11-jre ubuntu-upgrade-openjdk-11-jre-headless ubuntu-upgrade-openjdk-11-jre-zero ubuntu-upgrade-openjdk-17-jdk ubuntu-upgrade-openjdk-17-jdk-headless ubuntu-upgrade-openjdk-17-jre ubuntu-upgrade-openjdk-17-jre-headless ubuntu-upgrade-openjdk-17-jre-zero ubuntu-upgrade-openjdk-21-jdk ubuntu-upgrade-openjdk-21-jdk-headless ubuntu-upgrade-openjdk-21-jre ubuntu-upgrade-openjdk-21-jre-headless ubuntu-upgrade-openjdk-21-jre-zero ubuntu-upgrade-openjdk-23-jdk ubuntu-upgrade-openjdk-23-jdk-headless ubuntu-upgrade-openjdk-23-jre ubuntu-upgrade-openjdk-23-jre-headless ubuntu-upgrade-openjdk-23-jre-zero References https://attackerkb.com/topics/cve-2025-21502 CVE - 2025-21502 USN-7252-1 USN-7253-1 USN-7254-1 USN-7255-1

Ubuntu: USN-7245-1 (CVE-2025-21540): MySQL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/01/2025 Added 01/31/2025 Modified 01/31/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2025-21540 CVE - 2025-21540 USN-7245-1

Ubuntu: USN-7245-1 (CVE-2025-21522): MySQL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/01/2025 Added 01/31/2025 Modified 01/31/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2025-21522 CVE - 2025-21522 USN-7245-1

Debian: CVE-2025-21660: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the filename for creation. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21660 CVE - 2025-21660 DSA-5860-1

Ubuntu: USN-7245-1 (CVE-2025-21546): MySQL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/01/2025 Added 01/31/2025 Modified 01/31/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2025-21546 CVE - 2025-21546 USN-7245-1

Ubuntu: USN-7245-1 (CVE-2025-21523): MySQL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/01/2025 Added 01/31/2025 Modified 01/31/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2025-21523 CVE - 2025-21523 USN-7245-1

Ubuntu: USN-7245-1 (CVE-2025-21490): MySQL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/01/2025 Added 01/31/2025 Modified 01/31/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2025-21490 CVE - 2025-21490 USN-7245-1

SUSE: CVE-2025-0377: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-0377 CVE - 2025-0377

Debian: CVE-2024-57939: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/21/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex preempt_count: 110001, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 Hardware name: riscv-virtio,qemu (DT) Call Trace: dump_backtrace+0x1c/0x24 show_stack+0x2c/0x38 dump_stack_lvl+0x5a/0x72 dump_stack+0x14/0x1c __might_resched+0x130/0x13a rt_spin_lock+0x2a/0x5c die+0x24/0x112 do_trap_insn_illegal+0xa0/0xea _new_vmalloc_restore_context_a0+0xcc/0xd8 Oops - illegal instruction [#1] Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT enabled. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57939 CVE - 2024-57939 DSA-5860-1

Oracle Linux: CVE-2025-21502: ELSA-2025-0422:java-17-openjdk security update for RHEL 8.6, 8.8, 8.10, 9.4 and 9.5 (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:N) Published 01/21/2025 Created 01/25/2025 Added 01/23/2025 Modified 01/31/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Solution(s) oracle-linux-upgrade-java-17-openjdk oracle-linux-upgrade-java-17-openjdk-demo oracle-linux-upgrade-java-17-openjdk-demo-fastdebug oracle-linux-upgrade-java-17-openjdk-demo-slowdebug oracle-linux-upgrade-java-17-openjdk-devel oracle-linux-upgrade-java-17-openjdk-devel-fastdebug oracle-linux-upgrade-java-17-openjdk-devel-slowdebug oracle-linux-upgrade-java-17-openjdk-fastdebug oracle-linux-upgrade-java-17-openjdk-headless oracle-linux-upgrade-java-17-openjdk-headless-fastdebug oracle-linux-upgrade-java-17-openjdk-headless-slowdebug oracle-linux-upgrade-java-17-openjdk-javadoc oracle-linux-upgrade-java-17-openjdk-javadoc-zip oracle-linux-upgrade-java-17-openjdk-jmods oracle-linux-upgrade-java-17-openjdk-jmods-fastdebug oracle-linux-upgrade-java-17-openjdk-jmods-slowdebug oracle-linux-upgrade-java-17-openjdk-slowdebug oracle-linux-upgrade-java-17-openjdk-src oracle-linux-upgrade-java-17-openjdk-src-fastdebug oracle-linux-upgrade-java-17-openjdk-src-slowdebug oracle-linux-upgrade-java-17-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-17-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-21-openjdk oracle-linux-upgrade-java-21-openjdk-demo oracle-linux-upgrade-java-21-openjdk-demo-fastdebug oracle-linux-upgrade-java-21-openjdk-demo-slowdebug oracle-linux-upgrade-java-21-openjdk-devel oracle-linux-upgrade-java-21-openjdk-devel-fastdebug oracle-linux-upgrade-java-21-openjdk-devel-slowdebug oracle-linux-upgrade-java-21-openjdk-fastdebug oracle-linux-upgrade-java-21-openjdk-headless oracle-linux-upgrade-java-21-openjdk-headless-fastdebug oracle-linux-upgrade-java-21-openjdk-headless-slowdebug oracle-linux-upgrade-java-21-openjdk-javadoc oracle-linux-upgrade-java-21-openjdk-javadoc-zip oracle-linux-upgrade-java-21-openjdk-jmods oracle-linux-upgrade-java-21-openjdk-jmods-fastdebug oracle-linux-upgrade-java-21-openjdk-jmods-slowdebug oracle-linux-upgrade-java-21-openjdk-slowdebug oracle-linux-upgrade-java-21-openjdk-src oracle-linux-upgrade-java-21-openjdk-src-fastdebug oracle-linux-upgrade-java-21-openjdk-src-slowdebug oracle-linux-upgrade-java-21-openjdk-static-libs oracle-linux-upgrade-java-21-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-21-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2025-21502 CVE - 2025-21502 ELSA-2025-0422 ELSA-2025-0426

Red Hat: CVE-2025-21502: JDK: Enhance array handling (Oracle CPU 2025-01) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:N) Published 01/21/2025 Created 01/24/2025 Added 01/23/2025 Modified 01/24/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Solution(s) redhat-upgrade-java-17-openjdk redhat-upgrade-java-17-openjdk-debuginfo redhat-upgrade-java-17-openjdk-debugsource redhat-upgrade-java-17-openjdk-demo redhat-upgrade-java-17-openjdk-demo-fastdebug redhat-upgrade-java-17-openjdk-demo-slowdebug redhat-upgrade-java-17-openjdk-devel redhat-upgrade-java-17-openjdk-devel-debuginfo redhat-upgrade-java-17-openjdk-devel-fastdebug redhat-upgrade-java-17-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-devel-slowdebug redhat-upgrade-java-17-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-fastdebug redhat-upgrade-java-17-openjdk-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless redhat-upgrade-java-17-openjdk-headless-debuginfo redhat-upgrade-java-17-openjdk-headless-fastdebug redhat-upgrade-java-17-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless-slowdebug redhat-upgrade-java-17-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-javadoc redhat-upgrade-java-17-openjdk-javadoc-zip redhat-upgrade-java-17-openjdk-jmods redhat-upgrade-java-17-openjdk-jmods-fastdebug redhat-upgrade-java-17-openjdk-jmods-slowdebug redhat-upgrade-java-17-openjdk-slowdebug redhat-upgrade-java-17-openjdk-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-src redhat-upgrade-java-17-openjdk-src-fastdebug redhat-upgrade-java-17-openjdk-src-slowdebug redhat-upgrade-java-17-openjdk-static-libs redhat-upgrade-java-17-openjdk-static-libs-fastdebug redhat-upgrade-java-17-openjdk-static-libs-slowdebug redhat-upgrade-java-21-openjdk redhat-upgrade-java-21-openjdk-debuginfo redhat-upgrade-java-21-openjdk-debugsource redhat-upgrade-java-21-openjdk-demo redhat-upgrade-java-21-openjdk-demo-fastdebug redhat-upgrade-java-21-openjdk-demo-slowdebug redhat-upgrade-java-21-openjdk-devel redhat-upgrade-java-21-openjdk-devel-debuginfo redhat-upgrade-java-21-openjdk-devel-fastdebug redhat-upgrade-java-21-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-21-openjdk-devel-slowdebug redhat-upgrade-java-21-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-21-openjdk-fastdebug redhat-upgrade-java-21-openjdk-fastdebug-debuginfo redhat-upgrade-java-21-openjdk-headless redhat-upgrade-java-21-openjdk-headless-debuginfo redhat-upgrade-java-21-openjdk-headless-fastdebug redhat-upgrade-java-21-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-21-openjdk-headless-slowdebug redhat-upgrade-java-21-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-21-openjdk-javadoc redhat-upgrade-java-21-openjdk-javadoc-zip redhat-upgrade-java-21-openjdk-jmods redhat-upgrade-java-21-openjdk-jmods-fastdebug redhat-upgrade-java-21-openjdk-jmods-slowdebug redhat-upgrade-java-21-openjdk-slowdebug redhat-upgrade-java-21-openjdk-slowdebug-debuginfo redhat-upgrade-java-21-openjdk-src redhat-upgrade-java-21-openjdk-src-fastdebug redhat-upgrade-java-21-openjdk-src-slowdebug redhat-upgrade-java-21-openjdk-static-libs redhat-upgrade-java-21-openjdk-static-libs-fastdebug redhat-upgrade-java-21-openjdk-static-libs-slowdebug References CVE-2025-21502 RHSA-2025:0422 RHSA-2025:0423 RHSA-2025:0426