ISHACK AI BOT

Oracle Linux: CVE-2025-21173: ELSA-2025-0382:.NET 9.0 security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/21/2025 Added 01/17/2025 Modified 01/24/2025 Description .NET Elevation of Privilege Vulnerability Solution(s) oracle-linux-upgrade-aspnetcore-runtime-8-0 oracle-linux-upgrade-aspnetcore-runtime-9-0 oracle-linux-upgrade-aspnetcore-runtime-dbg-8-0 oracle-linux-upgrade-aspnetcore-runtime-dbg-9-0 oracle-linux-upgrade-aspnetcore-targeting-pack-8-0 oracle-linux-upgrade-aspnetcore-targeting-pack-9-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-8-0 oracle-linux-upgrade-dotnet-apphost-pack-9-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-8-0 oracle-linux-upgrade-dotnet-hostfxr-9-0 oracle-linux-upgrade-dotnet-runtime-8-0 oracle-linux-upgrade-dotnet-runtime-9-0 oracle-linux-upgrade-dotnet-runtime-dbg-8-0 oracle-linux-upgrade-dotnet-runtime-dbg-9-0 oracle-linux-upgrade-dotnet-sdk-8-0 oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-9-0 oracle-linux-upgrade-dotnet-sdk-9-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-aot-9-0 oracle-linux-upgrade-dotnet-sdk-dbg-8-0 oracle-linux-upgrade-dotnet-sdk-dbg-9-0 oracle-linux-upgrade-dotnet-targeting-pack-8-0 oracle-linux-upgrade-dotnet-targeting-pack-9-0 oracle-linux-upgrade-dotnet-templates-8-0 oracle-linux-upgrade-dotnet-templates-9-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2025-21173 CVE - 2025-21173 ELSA-2025-0382 ELSA-2025-0381

Microsoft Windows: CVE-2025-21338: GDI+ Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21338: GDI+ Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21338 CVE - 2025-21338 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

FreeBSD: (Multiple Advisories) (CVE-2025-0447): chromium -- multiple security fixes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/28/2025 Added 01/26/2025 Modified 02/03/2025 Description Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2025-0447

Fortinet FortiOS: Interpretation Conflict (CVE-2024-54021) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/06/2025 Description An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. Solution(s) fortios-upgrade-7_2_9 fortios-upgrade-7_4_5 References https://attackerkb.com/topics/cve-2024-54021 CVE - 2024-54021 https://fortiguard.fortinet.com/psirt/FG-IR-24-282

Microsoft Windows: CVE-2025-21289: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21289: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21289 CVE - 2025-21289 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Debian: CVE-2024-50349: git -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2024-50349 CVE - 2024-50349 DLA-4031-1 DSA-5850-1

Fortinet FortiAnalyzer: Out-of-bounds Write (CVE-2024-35276) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets. Solution(s) fortinet-fortianalyzer-upgrade-6_4_15 fortinet-fortianalyzer-upgrade-7_0_13 fortinet-fortianalyzer-upgrade-7_2_6 fortinet-fortianalyzer-upgrade-7_4_4 References https://attackerkb.com/topics/cve-2024-35276 CVE - 2024-35276 https://fortiguard.fortinet.com/psirt/FG-IR-24-165

Microsoft Windows: CVE-2025-21215: Secure Boot Security Feature Bypass Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21215: Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21215 CVE - 2025-21215 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

SUSE: CVE-2024-12087: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. Solution(s) suse-upgrade-rsync References https://attackerkb.com/topics/cve-2024-12087 CVE - 2024-12087

Ubuntu: (Multiple Advisories) (CVE-2024-56374): Django vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/24/2025 Description An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) Solution(s) ubuntu-pro-upgrade-python-django ubuntu-pro-upgrade-python3-django References https://attackerkb.com/topics/cve-2024-56374 CVE - 2024-56374 USN-7205-1 USN-7205-2

Microsoft Windows: CVE-2025-21268: MapUrlToZone Security Feature Bypass Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21268: MapUrlToZone Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21268 CVE - 2025-21268 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Debian: CVE-2024-53263: git-lfs -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/24/2025 Added 01/23/2025 Modified 01/27/2025 Description Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time. Solution(s) debian-upgrade-git-lfs References https://attackerkb.com/topics/cve-2024-53263 CVE - 2024-53263 DLA-4028-1

Microsoft Windows: CVE-2025-21303: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21303: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21303 CVE - 2025-21303 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Red Hat OpenShift: CVE-2024-12085: rsync: Info Leak via Uninitialized Stack Contents Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/14/2025 Description A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Solution(s) linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-12085 CVE - 2024-12085 RHSA-2025:0324 RHSA-2025:0325 RHSA-2025:0637 RHSA-2025:0688 RHSA-2025:0714 RHSA-2025:0774 RHSA-2025:0787 RHSA-2025:0790 RHSA-2025:0849 RHSA-2025:0884 RHSA-2025:0885 RHSA-2025:1120 RHSA-2025:1123 RHSA-2025:1128 RHSA-2025:1225 RHSA-2025:1227 RHSA-2025:1242 View more

Microsoft Windows: CVE-2025-21296: BranchCache Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21296: BranchCache Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21296 CVE - 2025-21296 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49105 CVE - 2024-49105 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Microsoft Windows: CVE-2025-21343: Windows Web Threat Defense User Service Information Disclosure Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21343: Windows Web Threat Defense User Service Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21343 CVE - 2025-21343 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050021

Red Hat: CVE-2025-21171: dotnet: .NET Remote Code Execution Vulnerability (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/18/2025 Added 01/17/2025 Modified 01/17/2025 Description .NET Remote Code Execution Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-9-0 redhat-upgrade-aspnetcore-runtime-dbg-9-0 redhat-upgrade-aspnetcore-targeting-pack-9-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-9-0 redhat-upgrade-dotnet-apphost-pack-9-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-9-0 redhat-upgrade-dotnet-hostfxr-9-0-debuginfo redhat-upgrade-dotnet-runtime-9-0 redhat-upgrade-dotnet-runtime-9-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-9-0 redhat-upgrade-dotnet-sdk-9-0 redhat-upgrade-dotnet-sdk-9-0-debuginfo redhat-upgrade-dotnet-sdk-9-0-source-built-artifacts redhat-upgrade-dotnet-sdk-aot-9-0 redhat-upgrade-dotnet-sdk-aot-9-0-debuginfo redhat-upgrade-dotnet-sdk-dbg-9-0 redhat-upgrade-dotnet-targeting-pack-9-0 redhat-upgrade-dotnet-templates-9-0 redhat-upgrade-dotnet9-0-debuginfo redhat-upgrade-dotnet9-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2025-21171 RHSA-2025:0382

Microsoft Office: CVE-2025-21363: Microsoft Word Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21363: Microsoft Word Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21363 CVE - 2025-21363

Alma Linux: CVE-2025-21172: Important: .NET 8.0 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/21/2025 Added 01/20/2025 Modified 01/28/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-8.0 alma-upgrade-aspnetcore-runtime-9.0 alma-upgrade-aspnetcore-runtime-dbg-8.0 alma-upgrade-aspnetcore-runtime-dbg-9.0 alma-upgrade-aspnetcore-targeting-pack-8.0 alma-upgrade-aspnetcore-targeting-pack-9.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-8.0 alma-upgrade-dotnet-apphost-pack-9.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-8.0 alma-upgrade-dotnet-hostfxr-9.0 alma-upgrade-dotnet-runtime-8.0 alma-upgrade-dotnet-runtime-9.0 alma-upgrade-dotnet-runtime-dbg-8.0 alma-upgrade-dotnet-runtime-dbg-9.0 alma-upgrade-dotnet-sdk-8.0 alma-upgrade-dotnet-sdk-8.0-source-built-artifacts alma-upgrade-dotnet-sdk-9.0 alma-upgrade-dotnet-sdk-9.0-source-built-artifacts alma-upgrade-dotnet-sdk-aot-9.0 alma-upgrade-dotnet-sdk-dbg-8.0 alma-upgrade-dotnet-sdk-dbg-9.0 alma-upgrade-dotnet-targeting-pack-8.0 alma-upgrade-dotnet-targeting-pack-9.0 alma-upgrade-dotnet-templates-8.0 alma-upgrade-dotnet-templates-9.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2025-21172 CVE - 2025-21172 https://errata.almalinux.org/8/ALSA-2025-0381.html https://errata.almalinux.org/8/ALSA-2025-0382.html

Microsoft Windows: CVE-2025-21301: Windows Geolocation Service Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21301: Windows Geolocation Service Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21301 CVE - 2025-21301 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 View more

Microsoft Office: CVE-2025-21357: Microsoft Outlook Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21357: Microsoft Outlook Remote Code Execution Vulnerability Solution(s) microsoft-outlook_2016-kb5002656 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21357 CVE - 2025-21357 https://support.microsoft.com/help/5002656

Rocky Linux: CVE-2025-21173: .NET-9.0 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description .NET Elevation of Privilege Vulnerability Solution(s) rocky-upgrade-aspnetcore-runtime-8.0 rocky-upgrade-aspnetcore-runtime-9.0 rocky-upgrade-aspnetcore-runtime-dbg-8.0 rocky-upgrade-aspnetcore-targeting-pack-8.0 rocky-upgrade-aspnetcore-targeting-pack-9.0 rocky-upgrade-dotnet rocky-upgrade-dotnet-apphost-pack-8.0 rocky-upgrade-dotnet-apphost-pack-8.0-debuginfo rocky-upgrade-dotnet-apphost-pack-9.0 rocky-upgrade-dotnet-apphost-pack-9.0-debuginfo rocky-upgrade-dotnet-host rocky-upgrade-dotnet-host-debuginfo rocky-upgrade-dotnet-hostfxr-8.0 rocky-upgrade-dotnet-hostfxr-8.0-debuginfo rocky-upgrade-dotnet-hostfxr-9.0 rocky-upgrade-dotnet-hostfxr-9.0-debuginfo rocky-upgrade-dotnet-runtime-8.0 rocky-upgrade-dotnet-runtime-8.0-debuginfo rocky-upgrade-dotnet-runtime-9.0 rocky-upgrade-dotnet-runtime-9.0-debuginfo rocky-upgrade-dotnet-runtime-dbg-8.0 rocky-upgrade-dotnet-sdk-8.0 rocky-upgrade-dotnet-sdk-8.0-debuginfo rocky-upgrade-dotnet-sdk-8.0-source-built-artifacts rocky-upgrade-dotnet-sdk-9.0 rocky-upgrade-dotnet-sdk-9.0-debuginfo rocky-upgrade-dotnet-sdk-9.0-source-built-artifacts rocky-upgrade-dotnet-sdk-dbg-8.0 rocky-upgrade-dotnet-targeting-pack-8.0 rocky-upgrade-dotnet-targeting-pack-9.0 rocky-upgrade-dotnet-templates-8.0 rocky-upgrade-dotnet-templates-9.0 rocky-upgrade-dotnet8.0-debuginfo rocky-upgrade-dotnet8.0-debugsource rocky-upgrade-dotnet9.0-debuginfo rocky-upgrade-dotnet9.0-debugsource rocky-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2025-21173 CVE - 2025-21173 https://errata.rockylinux.org/RLSA-2025:0381 https://errata.rockylinux.org/RLSA-2025:0382

Microsoft Windows: CVE-2025-21218: Windows Kerberos Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21218: Windows Kerberos Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21218 CVE - 2025-21218 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21339: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21339: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21339 CVE - 2025-21339 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more