ISHACK AI BOT

A Cross-Site Scripting (XSS) vulnerability in TinyMCE was addressed in the upgrade from version 7.1.1 to 7.2.0 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that, when using the `noneditable_regexp` option, any content within an attribute is properly verified to match the configured regular expression before being added. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-38356 CVE - 2024-38356 https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d https://owasp.org/www-community/attacks/xss https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview

The OpenJDK package has been upgraded to version 17.0.12 to fix multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA).Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-22067 CVE - 2023-22067 https://www.oracle.com/security-alerts/cpuoct2023.html https://security.netapp.com/advisory/ntap-20231027-0006/ https://www.debian.org/security/2023/dsa-5537

The ClamAV package has been upgraded to version 0.105.2 to fix multiple vulnerabilities. Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-20032 CVE - 2023-20032 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy

Debian: CVE-2025-21655: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/20/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21655 CVE - 2025-21655 DSA-5860-1

Upgraded PHP to 8.3.0 to fix allocated memory vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/21/2025 Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2021-21708 CVE - 2021-21708 https://bugs.php.net/bug.php?id=81708 https://security.netapp.com/advisory/ntap-20220325-0004/ https://security.gentoo.org/glsa/202209-20

Amazon Linux AMI 2: CVE-2024-13176: Security patch for edk2 (ALAS-2025-2750) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/20/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc References https://attackerkb.com/topics/cve-2024-13176 AL2/ALAS-2025-2750 CVE - 2024-13176

OpenSSL package has been upgraded to fix a security issue related to the verification of X.509 certificate chains that include policy constraints Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e https://www.couchbase.com/alerts/ https://www.debian.org/security/2023/dsa-5417 https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html https://security.gentoo.org/glsa/202402-08 https://security.netapp.com/advisory/ntap-20240621-0006/ View more

Ubuntu: USN-7264-1 (CVE-2024-13176): OpenSSL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/20/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/13/2025 Description Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. Solution(s) ubuntu-upgrade-libssl3t64 ubuntu-upgrade-openssl References https://attackerkb.com/topics/cve-2024-13176 CVE - 2024-13176 USN-7264-1 https://openssl-library.org/news/secadv/20250120.txt https://ubuntu.com/security/notices/USN-7264-1 https://www.cve.org/CVERecord?id=CVE-2024-13176

Upgraded Electron framework used in Modern Zimbra Desktop to version 28.0.0, This update mitigates potential security risks associated with the outdated Electron version 11.5.0. Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-4863 CVE - 2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html https://crbug.com/1479274 https://en.bandisoft.com/honeyview/history/ https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 https://security-tracker.debian.org/tracker/CVE-2023-4863 https://bugzilla.suse.com/show_bug.cgi?id=1215231 https://news.ycombinator.com/item?id=37478403 https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/ https://www.debian.org/security/2023/dsa-5496 https://www.debian.org/security/2023/dsa-5497 https://lists.fedoraproject.org/archives/list/[email protected]/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/ https://lists.fedoraproject.org/archives/list/[email protected]/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/ https://lists.fedoraproject.org/archives/list/[email protected]/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/ https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html https://lists.fedoraproject.org/archives/list/[email protected]/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/ https://www.debian.org/security/2023/dsa-5498 https://security.gentoo.org/glsa/202309-05 https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/ https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/ https://github.com/webmproject/libwebp/releases/tag/v1.3.2 https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/ http://www.openwall.com/lists/oss-security/2023/09/21/4 https://blog.isosceles.com/the-webp-0day/ http://www.openwall.com/lists/oss-security/2023/09/22/1 http://www.openwall.com/lists/oss-security/2023/09/22/3 http://www.openwall.com/lists/oss-security/2023/09/22/4 http://www.openwall.com/lists/oss-security/2023/09/22/5 http://www.openwall.com/lists/oss-security/2023/09/22/8 http://www.openwall.com/lists/oss-security/2023/09/22/7 http://www.openwall.com/lists/oss-security/2023/09/22/6 http://www.openwall.com/lists/oss-security/2023/09/26/1 http://www.openwall.com/lists/oss-security/2023/09/26/7 http://www.openwall.com/lists/oss-security/2023/09/28/1 http://www.openwall.com/lists/oss-security/2023/09/28/2 http://www.openwall.com/lists/oss-security/2023/09/28/4 https://security.netapp.com/advisory/ntap-20230929-0011/ https://lists.fedoraproject.org/archives/list/[email protected]/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/ https://sethmlarson.dev/security-developer-in-residence-weekly-report-16 https://www.bentley.com/advisories/be-2023-0001/ https://security.gentoo.org/glsa/202401-10 View more

SUSE: CVE-2025-24337: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/20/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-24337 CVE - 2025-24337

Ubuntu: (CVE-2023-52923): linux-bluefield vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/20/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails. Solution(s) ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-intel-iot-realtime ubuntu-upgrade-linux-realtime References https://attackerkb.com/topics/cve-2023-52923 CVE - 2023-52923 https://git.kernel.org/linus/f6c383b8c31a93752a52697f8430a71dcbc46adf https://git.kernel.org/stable/c/146c76866795553dbc19998f36718d7986ad302b https://git.kernel.org/stable/c/479a2cf5259347d6a1f658b0f791d27a34908e91 https://git.kernel.org/stable/c/c357648929c8dff891502349769aafb8f0452bc2 https://git.kernel.org/stable/c/cb4d00b563675ba8ff6ef94b077f58d816f68ba3 https://git.kernel.org/stable/c/df650d6a4bf47248261b61ef6b174d7c54034d15 https://git.kernel.org/stable/c/e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681 https://git.kernel.org/stable/c/f6c383b8c31a93752a52697f8430a71dcbc46adf https://www.cve.org/CVERecord?id=CVE-2023-52923 View more

Oracle Linux: CVE-2024-11218: ELSA-2025-0922:podman security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/20/2025 Created 02/05/2025 Added 02/04/2025 Modified 02/13/2025 Description A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2024-11218 CVE - 2024-11218 ELSA-2025-0922 ELSA-2025-0923 ELSA-2025-1372

A Cross-Site Scripting (XSS) vulnerability via crafted <img> HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed. Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description No document with this CVE id exists in the DB. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-45516 CVE - 2024-45516

The Apache package has been upgraded to version 2.4.62 to fix multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-38709 CVE - 2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240415-0013/ https://lists.fedoraproject.org/archives/list/[email protected]/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/ http://www.openwall.com/lists/oss-security/2024/04/04/3 https://lists.fedoraproject.org/archives/list/[email protected]/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/ https://lists.fedoraproject.org/archives/list/[email protected]/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/ https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html https://support.apple.com/kb/HT214119 http://seclists.org/fulldisclosure/2024/Jul/18 View more

Debian: CVE-2025-21653: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/19/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1771 [inline] tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867 sfb_classify net/sched/sch_sfb.c:260 [inline] sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318 dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793 __dev_xmit_skb net/core/dev.c:3889 [inline] __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82 udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173 geneve_xmit_skb drivers/net/geneve.c:916 [inline] geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606 __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434 Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21653 CVE - 2025-21653 DSA-5860-1

FreeBSD: VID-186101B4-DFA6-11EF-8C1C-A8A1599412C6 (CVE-2025-0762): chromium -- multiple security fixes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/18/2025 Created 02/04/2025 Added 02/01/2025 Modified 02/01/2025 Description Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2025-0762

Debian: CVE-2024-57917: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/19/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/0x270 new_sync_read+0x153/0x260 vfs_read+0x215/0x290 ksys_read+0xb9/0x160 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The call trace shows that kvasprintf() reported this warning during the printing of core_siblings_list. kvasprintf() has several steps: (1) First, calculate the length of the resulting formatted string. (2) Allocate a buffer based on the returned length. (3) Then, perform the actual string formatting. (4) Check whether the lengths of the formatted strings returned in steps (1) and (2) are consistent. If the core_cpumask is modified between steps (1) and (3), the lengths obtained in these two steps may not match. Indeed our test includes cpu hotplugging, which should modify core_cpumask while printing. To fix this issue, cache the cpumask into a temporary variable before calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged during the printing process. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-57917 CVE - 2024-57917 DSA-5860-1

Microsoft Edge Chromium: CVE-2025-21185 Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/17/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21185 CVE - 2025-21185 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21185

Fortinet FortiOS: Unspecified Security Vulnerability (CVE-2024-50563) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/16/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/06/2025 Description A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. Solution(s) fortios-upgrade-7_0_16 fortios-upgrade-7_2_9 fortios-upgrade-7_4_5 References https://attackerkb.com/topics/cve-2024-50563 CVE - 2024-50563 https://fortiguard.fortinet.com/psirt/FG-IR-24-221

SUSE: CVE-2025-23208: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/17/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn't obvious to me if it were the case. Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP. This issue has been addressed in version 2.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-23208 CVE - 2025-23208

Fortinet FortiOS: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2024-48885) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/16/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/06/2025 Description A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets. Solution(s) fortios-upgrade-7_0_16 fortios-upgrade-7_2_10 fortios-upgrade-7_4_5 References https://attackerkb.com/topics/cve-2024-48885 CVE - 2024-48885 https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Fortinet FortiManager: Unspecified Security Vulnerability (CVE-2024-50563) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/16/2025 Created 02/11/2025 Added 02/06/2025 Modified 02/06/2025 Description A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. Solution(s) fortinet-fortimanager-upgrade-7_4_4 fortinet-fortimanager-upgrade-7_6_2 References https://attackerkb.com/topics/cve-2024-50563 CVE - 2024-50563 https://fortiguard.fortinet.com/psirt/FG-IR-24-221

OS X update for XPC (CVE-2024-44250) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/16/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/16/2025 Description A permissions issue was addressed with additional restrictions. Solution(s) apple-osx-upgrade-15_1 References https://attackerkb.com/topics/cve-2024-44250 CVE - 2024-44250 https://support.apple.com/en-us/121564

Apple Safari security update for CVE-2024-27856 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/16/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/17/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. Solution(s) apple-safari-upgrade-17_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-27856 CVE - 2024-27856 http://support.apple.com/en-us/120896

OS X update for Calendar (CVE-2024-54535) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 01/16/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/28/2025 Description A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders. Solution(s) apple-osx-upgrade-15_1 References https://attackerkb.com/topics/cve-2024-54535 CVE - 2024-54535 https://support.apple.com/en-us/121564