[BESAdmin-Announcements] Content Modification: Updates for Kev Content published 2025-04-21
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Mon Apr 21 10:45:03 PDT 2025
Total New Fixlets: 14
Total Updated Fixlets: 109
Total Fixlets in Site: 2978
Total CVEs Covered: 857
Release Date: 2025-04-21
New Fixlets:
34850 Android Kernel Remote Code Execution Vulnerability - Debian
37570 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Windows Server 2025
37540 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Windows Server 2022
37510 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Windows 10
37480 Apple Multiple Products Arbitrary Read and Write Vulnerability
- Any Version of MacOS
36810 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - Debian
37550 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Windows Server 2008 R2
37520 Apple Multiple Products Memory Corruption Vulnerability -
Apple iOS
37490 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Windows Server 2016
37460 Apple Multiple Products Use-After-Free Vulnerability - Any
Version of MacOS
37560 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Windows 11
37530 Apple Multiple Products Arbitrary Read and Write Vulnerability
- Apple iOS
37500 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Windows Server 2019
37470 Apple Multiple Products Memory Corruption Vulnerability - Any
Version of MacOS
Updated Fixlets:
32770 Apple Multiple Products WebKit Memory Corruption Vulnerability
- Ubuntu
36870 Linux Kernel Use of Uninitialized Resource Vulnerability -
Oracle Linux
33290 Apple Multiple Products WebKit Memory Corruption Vulnerability
- RHEL
36880 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - Oracle Linux
36370 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows Server 2016
33300 Apple Multiple Products WebKit Use-After-Free Vulnerability -
RHEL
36890 Sitecore CMS and Experience Platform (XP) Deserialization
Vulnerability - Any Version of Windows
33310 Apple Multiple Products WebKit Code Execution Vulnerability -
RHEL
16420 Adobe Flash Player Remote Code Execution Vulnerability - Any
Version of Windows
32810 Apple Multiple Products WebKit Out-of-Bounds Read
Vulnerability - Ubuntu
16950 Adobe Flash Player and AIR Integer Overflow Vulnerability -
Any Version of Windows
34870 Android Kernel Remote Code Execution Vulnerability - RHEL
33340 Apple Multiple Products WebKit Type Confusion Vulnerability -
RHEL
32830 Apple Multiple Products WebKit Type Confusion Vulnerability -
Debian
34880 Android Kernel Remote Code Execution Vulnerability - Oracle
Linux
31810 Linux Kernel Heap-Based Buffer Overflow Vulnerability - RHEL
33350 Apple Multiple Products WebKit Memory Corruption Vulnerability
- RHEL
31820 Linux Kernel Privilege Escalation Vulnerability - Oracle Linux
36430 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows Server 2019
14930 WhatsApp Cross-Site Scripting Vulnerability - Any Version of
MacOS
32850 Apple iOS, iPadOS, and macOS Webkit Use-After-Free
Vulnerability - Debian
34900 Apple Multiple Products Cross-Site Scripting (XSS)
Vulnerability - Any Version of MacOS
33370 Apple Multiple Products WebKit Code Execution Vulnerability -
RHEL
32860 Apple Multiple Products WebKit Use-After-Free Vulnerability -
Debian
16990 Adobe Flash Player Arbitrary Code Execution Vulnerability -
Any Version of Windows
34910 Apple Multiple Products Code Execution Vulnerability - Any
Version of MacOS
29790 GitLab Community and Enterprise Editions Improper Access
Control Vulnerability - Any Version of Linux
28770 Linux Kernel Use-After-Free Vulnerability - Debian
19560 Apache CouchDB Insecure Default Initialization of Resource
Vulnerability - Any Version of MacOS
16490 Sitecore XP Remote Command Execution Vulnerability - Any
Version of Windows
28780 Linux Kernel Privilege Escalation Vulnerability - Debian
33390 Apple Multiple Products WebKit Type Confusion Vulnerability -
RHEL
32880 Apple Multiple Products WebKit Memory Corruption Vulnerability
- Debian
36980 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2016
33400 Apple Multiple Products WebKit Out-of-Bounds Read
Vulnerability - RHEL
10360 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows Server 2012
32890 Apple Multiple Products WebKit Use-After-Free Vulnerability -
Debian
36990 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2019
36480 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows 10
32900 Apple Multiple Products WebKit Code Execution Vulnerability -
Debian
37000 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows 10
5770 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows 10
2700 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows 7 SP1
16530 Adobe Flash Player Integer Overflow Vulnerability - Any
Version of Windows
37010 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2008 SP2
31890 Linux Kernel Heap-Based Buffer Overflow Vulnerability - Oracle
Linux
17050 Adobe Flash Player Memory Corruption Vulnerability - Any
Version of Windows
32410 Microsoft Publisher Protection Mechanism Failure Vulnerability
- Publisher
37020 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2022
15520 Oracle VirtualBox Insufficient Input Validation Vulnerability
- Any Version of Windows
32930 Apple Multiple Products WebKit Type Confusion Vulnerability -
Debian
37030 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2008 R2
31910 Linux Kernel Use-After-Free Vulnerability - Oracle Linux
30890 Microsoft Outlook Security Feature Bypass Vulnerability -
Outlook
32940 Apple Multiple Products WebKit Memory Corruption Vulnerability
- Debian
37040 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows 11
36020 Linux Kernel Out-of-Bounds Write Vulnerability - RHEL
30390 Linux Kernel Use-After-Free Vulnerability - Debian
37050 Microsoft Windows Common Log File System (CLFS) Driver
Use-After-Free Vulnerability - Windows Server 2025
36540 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows Server 2008 SP2
32960 Apple Multiple Products WebKit Code Execution Vulnerability -
Debian
31940 Linux Kernel Use-After-Free Vulnerability - Oracle Linux
15570 Adobe Flash Player and AIR Use-After-Free Vulnerability - Any
Version of Windows
32980 Apple Multiple Products WebKit Type Confusion Vulnerability -
Debian
32470 Adobe Flash Player Double Free Vulnerablity - Any Version of
Windows
7900 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows Server 2016
32990 Apple Multiple Products WebKit Out-of-Bounds Read
Vulnerability - Debian
37090 HTTP/2 Rapid Reset Attack Vulnerability - Debian
31970 Linux Kernel Privilege Escalation Vulnerability - Oracle Linux
33000 Apple Multiple Products WebKit Out-of-Bounds Read
Vulnerability - Debian
29420 ConnectWise ScreenConnect Authentication Bypass Vulnerability
- Any Version of Windows
16630 Adobe Flash Player Dereferenced Pointer Vulnerability - Any
Version of Windows
31990 Linux Kernel Use-After-Free Vulnerability - Oracle Linux
36600 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows Server 2022
28930 Linux Kernel Use-After-Free Vulnerability - RHEL
30470 Linux Kernel Use-After-Free Vulnerability - RHEL
32020 Microsoft Project Remote Code Execution Vulnerability -
Project 2016
28950 Linux Kernel Privilege Escalation Vulnerability - RHEL
36640 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows Server 2008 R2
16690 Adobe Flash Player Memory Corruption Vulnerability - Any
Version of Windows
6970 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows Server 2019
37180 Linux Kernel Out-of-Bounds Access Vulnerability - RHEL
37190 Linux Kernel Out-of-Bounds Read Vulnerability - Oracle Linux
37200 Linux Kernel Out-of-Bounds Access Vulnerability - Oracle Linux
31060 Microsoft Office Outlook Privilege Escalation Vulnerability -
Outlook
17750 GitLab Community and Enterprise Editions Remote Code Execution
Vulnerability - Any Version of Linux
36700 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows 11
14180 Microsoft Defender Remote Code Execution Vulnerability - Any
Version of Windows
25450 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free
Vulnerability - Any Version of MacOS
9070 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows Server 2012 R2
15730 Adobe Flash Player Unspecified Vulnerability - Any Version of
Windows
14210 Microsoft Malware Protection Engine Improper Restriction of
Operations Vulnerability - Any Version of Windows
11650 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows Server 2008 R2 SP1
36750 Microsoft Windows Management Console (MMC) Improper
Neutralization Vulnerability - Windows Server 2025
4500 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows Server 2008 SP2
32670 Apple Multiple Products WebKit Type Confusion Vulnerability -
Ubuntu
16820 Adobe Flash Player Arbitrary Code Execution Vulnerability -
Any Version of Windows
1470 Microsoft Windows Print Spooler Remote Code Execution
Vulnerability - Windows 8.1
36800 Linux Kernel Use of Uninitialized Resource Vulnerability -
Debian
36820 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - Any Version of MacOS
33240 Apple Multiple Products WebKit Type Confusion Vulnerability -
RHEL
36830 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - Apple iOS
16870 Adobe Flash Player Memory Corruption Vulnerability - Any
Version of Windows
31720 Linux Kernel Heap-Based Buffer Overflow Vulnerability - Debian
23530 Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability -
Microsoft BizTalk Server
33260 Apple iOS, iPadOS, and macOS Webkit Use-After-Free
Vulnerability - RHEL
36850 Linux Kernel Use of Uninitialized Resource Vulnerability -
RHEL
33270 Apple Multiple Products WebKit Use-After-Free Vulnerability -
RHEL
36860 Apple Multiple Products WebKit Out-of-Bounds Write
Vulnerability - RHEL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250421/c7a5b7f1/attachment.html>
More information about the Besadmin-announcements
mailing list