ISHACK AI BOT

Microsoft Windows: CVE-2025-21228: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21228: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21228 CVE - 2025-21228 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Debian: CVE-2024-52006: git -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2024-52006 CVE - 2024-52006 DLA-4031-1 DSA-5850-1

Gentoo Linux: CVE-2024-12747: rsync: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/16/2025 Description A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Solution(s) gentoo-linux-upgrade-net-misc-rsync References https://attackerkb.com/topics/cve-2024-12747 CVE - 2024-12747 202501-01

Amazon Linux 2023: CVE-2024-12088: Important priority package update for rsync Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/14/2025 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. Solution(s) amazon-linux-2023-upgrade-rsync amazon-linux-2023-upgrade-rsync-daemon amazon-linux-2023-upgrade-rsync-debuginfo amazon-linux-2023-upgrade-rsync-debugsource References https://attackerkb.com/topics/cve-2024-12088 CVE - 2024-12088 https://alas.aws.amazon.com/AL2023/ALAS-2025-801.html

Microsoft SharePoint: CVE-2025-21348: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft SharePoint: CVE-2025-21348: Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002671 microsoft-sharepoint-sharepoint_2016-kb5002672 microsoft-sharepoint-sharepoint_2019-kb5002666 microsoft-sharepoint-sharepoint_2019-kb5002667 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002676 References https://attackerkb.com/topics/cve-2025-21348 CVE - 2025-21348 https://support.microsoft.com/help/5002666 https://support.microsoft.com/help/5002667 https://support.microsoft.com/help/5002671 https://support.microsoft.com/help/5002672 https://support.microsoft.com/help/5002676

Microsoft Windows: CVE-2025-21295: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21295: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21295 CVE - 2025-21295 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21341: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21341: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21341 CVE - 2025-21341 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Adobe Animate: CVE-2025-21135: Security updates available for Adobe Animate (APSB25-05) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/17/2025 Description Adobe has released an update for Adobe Animate. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2025-21135 CVE - 2025-21135 https://helpx.adobe.com/security/products/animate/apsb25-05.html

Gentoo Linux: CVE-2024-12087: rsync: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/17/2025 Added 01/16/2025 Modified 01/16/2025 Description A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. Solution(s) gentoo-linux-upgrade-net-misc-rsync References https://attackerkb.com/topics/cve-2024-12087 CVE - 2024-12087 202501-01

Ubuntu: USN-7210-1 (CVE-2025-21171): .NET vulnerabilities Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/18/2025 Added 01/17/2025 Modified 01/28/2025 Description .NET Remote Code Execution Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-8-0 ubuntu-upgrade-aspnetcore-runtime-9-0 ubuntu-upgrade-dotnet-host-8-0 ubuntu-upgrade-dotnet-host-9-0 ubuntu-upgrade-dotnet-hostfxr-8-0 ubuntu-upgrade-dotnet-hostfxr-9-0 ubuntu-upgrade-dotnet-runtime-8-0 ubuntu-upgrade-dotnet-runtime-9-0 ubuntu-upgrade-dotnet-sdk-8-0 ubuntu-upgrade-dotnet-sdk-9-0 ubuntu-upgrade-dotnet8 ubuntu-upgrade-dotnet9 References https://attackerkb.com/topics/cve-2025-21171 CVE - 2025-21171 USN-7210-1

Microsoft Windows: CVE-2025-21258: Windows Digital Media Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21258: Windows Digital Media Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21258 CVE - 2025-21258 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

FreeBSD: VID-756839E1-CD78-4082-9F9E-D0DA616CA8DD (CVE-2025-0448): chromium -- multiple security fixes Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/28/2025 Added 01/26/2025 Modified 01/26/2025 Description Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2025-0448

Microsoft Windows: CVE-2025-21241: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21241: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21241 CVE - 2025-21241 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 View more

Red Hat: CVE-2025-21173: dotnet: .NET Elevation of Privilege Vulnerability (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/14/2025 Created 01/18/2025 Added 01/17/2025 Modified 01/22/2025 Description .NET Elevation of Privilege Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-runtime-9-0 redhat-upgrade-aspnetcore-runtime-dbg-8-0 redhat-upgrade-aspnetcore-runtime-dbg-9-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-aspnetcore-targeting-pack-9-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-apphost-pack-9-0 redhat-upgrade-dotnet-apphost-pack-9-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-hostfxr-9-0 redhat-upgrade-dotnet-hostfxr-9-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-runtime-9-0 redhat-upgrade-dotnet-runtime-9-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-8-0 redhat-upgrade-dotnet-runtime-dbg-9-0 redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-sdk-9-0 redhat-upgrade-dotnet-sdk-9-0-debuginfo redhat-upgrade-dotnet-sdk-9-0-source-built-artifacts redhat-upgrade-dotnet-sdk-aot-9-0 redhat-upgrade-dotnet-sdk-aot-9-0-debuginfo redhat-upgrade-dotnet-sdk-dbg-8-0 redhat-upgrade-dotnet-sdk-dbg-9-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-targeting-pack-9-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet-templates-9-0 redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-dotnet9-0-debuginfo redhat-upgrade-dotnet9-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2025-21173 RHSA-2025:0381 RHSA-2025:0382 RHSA-2025:0532

Microsoft Windows: CVE-2025-21236: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21236: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21236 CVE - 2025-21236 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

VMware Photon OS: CVE-2024-12747 Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-12747 CVE - 2024-12747

Microsoft Windows: CVE-2025-21251: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21251: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21251 CVE - 2025-21251 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21211: Secure Boot Security Feature Bypass Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21211: Secure Boot Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21211 CVE - 2025-21211 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21288: Windows COM Server Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21288: Windows COM Server Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21288 CVE - 2025-21288 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21217: Windows NTLM Spoofing Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21217: Windows NTLM Spoofing Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21217 CVE - 2025-21217 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Windows: CVE-2025-21276: Windows MapUrlToZone Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21276: Windows MapUrlToZone Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21276 CVE - 2025-21276 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Ubuntu: USN-7207-1 (CVE-2024-52006): Git vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 01/16/2025 Added 01/15/2025 Modified 01/24/2025 Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. Solution(s) ubuntu-upgrade-git References https://attackerkb.com/topics/cve-2024-52006 CVE - 2024-52006 USN-7207-1

Microsoft Windows: CVE-2025-21237: Windows Telephony Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 01/15/2025 Description Microsoft Windows: CVE-2025-21237: Windows Telephony Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5050013 microsoft-windows-windows_10-1607-kb5049993 microsoft-windows-windows_10-1809-kb5050008 microsoft-windows-windows_10-21h2-kb5049981 microsoft-windows-windows_10-22h2-kb5049981 microsoft-windows-windows_11-22h2-kb5050021 microsoft-windows-windows_11-23h2-kb5050021 microsoft-windows-windows_11-24h2-kb5050009 microsoft-windows-windows_server_2012-kb5050004 microsoft-windows-windows_server_2012_r2-kb5050048 microsoft-windows-windows_server_2016-1607-kb5049993 microsoft-windows-windows_server_2019-1809-kb5050008 microsoft-windows-windows_server_2022-21h2-kb5049983 microsoft-windows-windows_server_2022-22h2-kb5049983 microsoft-windows-windows_server_2022-23h2-kb5049984 microsoft-windows-windows_server_2025-24h2-kb5050009 References https://attackerkb.com/topics/cve-2025-21237 CVE - 2025-21237 https://support.microsoft.com/help/5049981 https://support.microsoft.com/help/5049983 https://support.microsoft.com/help/5049984 https://support.microsoft.com/help/5049993 https://support.microsoft.com/help/5050004 https://support.microsoft.com/help/5050008 https://support.microsoft.com/help/5050009 https://support.microsoft.com/help/5050013 https://support.microsoft.com/help/5050021 https://support.microsoft.com/help/5050048 View more

Microsoft Office: CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/14/2025 Created 01/15/2025 Added 01/14/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21186: Microsoft Access Remote Code Execution Vulnerability Solution(s) microsoft-access_2016-kb5002670 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21186 CVE - 2025-21186 https://support.microsoft.com/help/5002670

Fortinet FortiManager: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CVE-2024-50566) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/14/2025 Created 02/11/2025 Added 02/06/2025 Modified 02/06/2025 Description A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. Solution(s) fortinet-fortimanager-upgrade-7_2_9 fortinet-fortimanager-upgrade-7_4_6 fortinet-fortimanager-upgrade-7_6_2 References https://attackerkb.com/topics/cve-2024-50566 CVE - 2024-50566 https://fortiguard.fortinet.com/psirt/FG-IR-24-463