[BESAdmin-Announcements] Content Modification: Updates for Kev Content published 2025-04-14
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Mon Apr 14 10:44:36 PDT 2025
Total New Fixlets: 20
Total Updated Fixlets: 71
Total Fixlets in Site: 2953
Total CVEs Covered: 850
Release Date: 2025-04-14
New Fixlets:
37120 Apache Tomcat Path Equivalence Vulnerability - Any Version of
Windows
37250 VMware ESXi, Workstation, and Fusion Information Disclosure
Vulnerability - VMware ESXi 7.0
37130 Apache Tomcat Path Equivalence Vulnerability - Any Version of
Linux
37260 VMware ESXi Arbitrary Write Vulnerability - VMware ESXi 7.0
37140 Linux Kernel Use of Uninitialized Resource Vulnerability - SLE
37270 VMware ESXi and Workstation TOCTOU Race Condition
Vulnerability - VMware ESXi 7.0
37150 HTTP/2 Rapid Reset Attack Vulnerability - SLE
37180 Linux Kernel Out-of-Bounds Access Vulnerability - RHEL
37060 HTTP/2 Rapid Reset Attack Vulnerability - Ubuntu
37190 Linux Kernel Out-of-Bounds Read Vulnerability - Oracle Linux
37070 Linux Kernel Out-of-Bounds Read Vulnerability - Ubuntu
37200 Linux Kernel Out-of-Bounds Access Vulnerability - Oracle Linux
37080 Linux Kernel Out-of-Bounds Access Vulnerability - Ubuntu
37210 HTTP/2 Rapid Reset Attack Vulnerability - leap
37090 HTTP/2 Rapid Reset Attack Vulnerability - Debian
37220 VMware ESXi, Workstation, and Fusion Information Disclosure
Vulnerability - VMware ESXi 8.0
37100 Hitachi Vantara Pentaho BA Server Special Element Injection
Vulnerability - Any Operating System
37230 VMware ESXi Arbitrary Write Vulnerability - VMware ESXi 8.0
37110 Hitachi Vantara Pentaho BA Server Authorization Bypass
Vulnerability - Any Operating System
37240 VMware ESXi and Workstation TOCTOU Race Condition
Vulnerability - VMware ESXi 8.0
Updated Fixlets:
12800 Apache Tomcat Remote Code Execution Vulnerability - Any
Version of Windows
14210 Microsoft Malware Protection Engine Improper Restriction of
Operations Vulnerability - Any Version of Windows
32260 HTTP/2 Rapid Reset Attack Vulnerability - Windows 10
33530 Apple Multiple Products WebKit Out-of-Bounds Read
Vulnerability - Oracle Linux
8070 Microsoft DirectX Graphics Kernel Privilege Escalation
Vulnerability - Windows Server 2016
37000 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows 10
32400 HTTP/2 Rapid Reset Attack Vulnerability - Windows 11
36880 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - Oracle Linux
12690 Docker Desktop Community Edition Privilege Escalation
Vulnerability - Any Version of Windows
37010 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2008 SP2
33430 Apple Multiple Products WebKit Use-After-Free Vulnerability -
Oracle Linux
15640 Apache CouchDB Insecure Default Initialization of Resource
Vulnerability - Any Version of Windows
34840 Android Kernel Remote Code Execution Vulnerability - Ubuntu
37020 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2022
28700 Linux Kernel Privilege Escalation Vulnerability - Ubuntu
35360 Apache Tomcat Remote Code Execution Vulnerability - Any
Version of Linux
34980 Spring Framework JDK 9+ Remote Code Execution Vulnerability -
Any Version of Windows
8740 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows Server 2012 R2
37030 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2008 R2
25130 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
10
36010 Linux Kernel Out-of-Bounds Write Vulnerability - SLE
9260 Microsoft DirectX Graphics Kernel Privilege Escalation
Vulnerability - Windows Server 2012 R2
30380 Linux Kernel Use-After-Free Vulnerability - Ubuntu
34990 Apache Tomcat Improper Privilege Management Vulnerability -
Any Version of Windows
33450 Apple Multiple Products WebKit Memory Corruption Vulnerability
- Oracle Linux
37040 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows 11
25140 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
Server 2008 SP2
36790 Linux Kernel Use of Uninitialized Resource Vulnerability -
Ubuntu
11320 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows Server 2008 R2 SP1
10040 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows Server 2012
35000 Spring Framework JDK 9+ Remote Code Execution Vulnerability -
Any Version of Linux
27580 rConfig OS Command Injection Vulnerability - Any Version of
CentOS
30140 Linux Kernel Use-After-Free Vulnerability - Ubuntu
25150 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
Server 2008 R2 SP1
32190 HTTP/2 Rapid Reset Attack Vulnerability - Windows Server 2016
25280 Microsoft MSHTML Remote Code Execution Vulnerability - Office
35010 Apache Tomcat Improper Privilege Management Vulnerability -
Any Version of Linux
25160 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
7 SP1
5450 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows 10
25290 Microsoft MSHTML Remote Code Execution Vulnerability - Word
Viewer
5970 Microsoft DirectX Graphics Kernel Privilege Escalation
Vulnerability - Windows 10
25170 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
8.1
36820 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - Any Version of MacOS
32340 HTTP/2 Rapid Reset Attack Vulnerability - Windows Server 2022
35030 Apache Tomcat Remote Code Execution Vulnerability - Any
Version of Windows
25300 Microsoft MSHTML Remote Code Execution Vulnerability - Excel
Viewer
33490 Apple Multiple Products WebKit Type Confusion Vulnerability -
Oracle Linux
25180 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
Server 2019
32220 HTTP/2 Rapid Reset Attack Vulnerability - Windows Server 2019
1630 Microsoft DirectX Graphics Kernel Privilege Escalation
Vulnerability - Windows 8.1
6750 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows Server 2019
2400 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows 7 SP1
35040 Apache Tomcat Remote Code Execution Vulnerability - Any
Version of Linux
36830 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - Apple iOS
31710 Linux Kernel Heap-Based Buffer Overflow Vulnerability - Ubuntu
14180 Microsoft Defender Remote Code Execution Vulnerability - Any
Version of Windows
33500 Apple Multiple Products WebKit Memory Corruption Vulnerability
- Oracle Linux
25190 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
Server 2016
19560 Apache CouchDB Insecure Default Initialization of Resource
Vulnerability - Any Version of MacOS
28650 Linux Kernel Privilege Escalation Vulnerability - Ubuntu
25200 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
Server 2012 R2
33520 Apple Multiple Products WebKit Type Confusion Vulnerability -
Oracle Linux
14450 Plex Media Server Remote Code Execution Vulnerability - Any
Version of Windows
36980 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2016
28660 Linux Kernel Use-After-Free Vulnerability - Ubuntu
7670 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows Server 2016
25210 Microsoft MSHTML Remote Code Execution Vulnerability - Windows
Server 2012
32120 HTTP/2 Rapid Reset Attack Vulnerability - Any Version of
Windows
36990 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2019
36860 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - RHEL
1150 Microsoft Internet Explorer Information Disclosure
Vulnerability - Windows 8.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250414/7b541682/attachment.html>
More information about the Besadmin-announcements
mailing list