CVE-2025-21494

CVE-2025-21494 refers to a local, high-privilege vulnerability in Oracle MySQL Server (Server: Security: Privileges). Affected versions are 8.0.39 and earlier, 8.4.2 and earlier, and 9.0.1 and earlier. Under the described conditions, a highly-privileged attacker with logon to the host where MySQL...

Denial Of Service (DoS)

github.com/notaryproject/notation-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of temporary file operations during CRL cache updates, specifically the use of the os.Rename method, which fails when moving files across different mount points, allows an...

January 14, 2025-KB5049622 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2

January 14, 2025-KB5049622 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 Release Date: January 14, 2025 Version: .NET Framework 3.5 and 4.8.1 The January 14, 2025 update for Windows 11, version 24H2 includes security and cumulative reliability improvements in .NE...

January 14, 2025-KB5049624 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2

January 14, 2025-KB5049624 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2 Revised July 8, 2025: Updated 'How to get this update' section. Release Date: January 14, 2025 Version: .NET Framework 3.5 and 4.8.1 The January 14, 2025 update...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a resource management error vulnerability that originates in the kunitinitsuite function of the kunit test framework, which fails to set the stream pointer of...

November 21, 2024-KB5048162 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2

November 21, 2024-KB5048162 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 Release Date: November 21, 2024 Version: .NET Framework 3.5 and 4.8.1 Revised: December 18th, 2024 to update the quality and reliability improvement. If you have already installed...

kernel: drm/amdgpu: Fix potential null pointer derefernce

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpurasgetcontext may return NULL if device not support ras feature, so add check before using...

November 12, 2024-KB5046540 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019

November 12, 2024-KB5046540 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Revised December 6, 2024: Update to adjust the improvements from the security improvements section to the quality and reliability improvements section. Release...

November 12, 2024-KB5046266 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

November 12, 2024-KB5046266 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Revised December 6, 2024: Update to adjust the improvements from the security improvements section to the quality and reliability improvements section. Release Date: November...

CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliabl...

BYOB Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...

October 8, 2024-KB5044033 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2

October 8, 2024-KB5044033 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2 Revised July 8, 2025: Updated 'How to get this update' section. Release Date: October 8, 2024 Version: .NET Framework 3.5 and 4.8.1 The October 8, 2024 update for...

October 8, 2024-KB5044021 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

October 8, 2024-KB5044021 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: October 8, 2024 Version: .NET Framework 4.8 The October 8, 2024 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative...

October 8, 2024-KB5044028 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2

October 8, 2024-KB5044028 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 Release Date: October 8, 2024 Version: .NET Framework 3.5 and 4.8.1 The October 8, 2024 update for Microsoft server operating system, version 23H2 includes security and...

October 8, 2024-KB5044099 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022

October 8, 2024-KB5044099 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: October 8, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022...

October 8, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5044096)

October 8, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB5044096 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...

Exploit for Improper Privilege Management in Oracle Vm_Virtualbox

cve-2023-21987-poc Oracle VirtualBox VGA OOB-Read Vulnerab...

SpaceX, CNN, and The White House internal data allegedly published online. Is it real?

A cybercriminal has released internal data online that they say has come from leaks at several high-profile sources, including SpaceX, CNN, and the White House. However, there are some questions around the reliability and usefulness of the released data, so we took a closer look. When it comes to...

Microsoft Windows TOCTOU Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes', 'Description' = %q CVE-2024-30088 is a Windows Kern...

CVE-2024-44964

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...