Page MenuHomeFreeBSD
Files F144456894

No OneTemporary
Actions

Size
394 KB
Referenced Files
None
Subscribers
None

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 63d238dd8725..632514941d84 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,11213 +1,11246 @@
+ <vuln vid="b959f00c-92cc-11f0-a064-74563cf9e4e9">
+ <topic>CUPS -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>cups</name>
+ <range><lt>2.4.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenPrinting reports:</p>
+ <blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq">
+ <p>When the AuthType is set to anything but Basic, if the request contains an
+ Authorization: Basic ... header, the password is not checked.</p>
+ </blockquote>
+ <blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4">
+ <p>An unsafe deserialization and validation of printer attributes, causes null
+ dereference in libcups library.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-58060</cvename>
+ <cvename>CVE-2025-58364</cvename>
+ <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq</url>
+ <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4</url>
+ </references>
+ <dates>
+ <discovery>2025-09-11</discovery>
+ <entry>2025-09-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f6ca7c47-9190-11f0-b8da-589cfc10a551">
<topic>unit-java -- security vulnerability</topic>
<affects>
<package>
<name>unit-java</name>
<range><lt>1.34.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>F5 reports:</p>
<blockquote cite="https://my.f5.com/manage/s/article/K000149959">
<p>When NGINX Unit with the Java Language Module is in use,
undisclosed requests can lead to an infinite loop and cause
an increase in CPU resource utilization.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1695</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1695</url>
</references>
<dates>
<discovery>2025-09-14</discovery>
<entry>2025-09-14</entry>
</dates>
</vuln>
<vuln vid="3aee6703-8ff6-11f0-b8da-589cfc10a551">
<topic>cups -- security vulnerabilities</topic>
<affects>
<package>
<name>cups</name>
<range><lt>2.4.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SO-AND-SO reports:</p>
<blockquote cite="https://github.com/OpenPrinting/cups/releases/tag/v2.4.13">
<p>The release 2.4.13 brings two CVE fixes - fix for important CVE-2025-58060
and fix for moderate CVE-2025-58364, together with several bug fixes.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-58060</cvename>
<cvename>CVE-2025-58364</cvename>
<url>https://github.com/OpenPrinting/cups/releases/tag/v2.4.13</url>
</references>
<dates>
<discovery>2025-09-12</discovery>
<entry>2025-09-12</entry>
</dates>
</vuln>
<vuln vid="f50640fa-89a4-4795-a302-47b0dea8cee5">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>140.0.7339.127</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>140.0.7339.127</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[440454442] Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22</li>
<li>[439305148] High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando &amp; Anon on 2025-08-18</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-10200</cvename>
<cvename>CVE-2025-10201</cvename>
<url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html</url>
</references>
<dates>
<discovery>2025-09-09</discovery>
<entry>2025-09-11</entry>
</dates>
</vuln>
<vuln vid="602fc0fa-8ece-11f0-9d03-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.3.0</ge><lt>18.3.2</lt></range>
<range><ge>18.2.0</ge><lt>18.2.6</lt></range>
<range><ge>7.8.0</ge><lt>18.1.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/">
<p>Denial of Service issue in SAML Responses impacts GitLab CE/EE</p>
<p>Server-Side Request Forgery issue in Webhook custom header impacts GitLab CE/EE</p>
<p>Denial of Service issue in User-Controllable Fields impacts GitLab CE/EE</p>
<p>Denial of Service issue in endpoint file upload impacts GitLab CE/EE</p>
<p>Denial of Service issue in token listing operations impacts GitLab CE/EE</p>
<p>Information disclosure issue in runner endpoints impacts GitLab CE/EE</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2256</cvename>
<cvename>CVE-2025-6454</cvename>
<cvename>CVE-2025-1250</cvename>
<cvename>CVE-2025-7337</cvename>
<cvename>CVE-2025-10094</cvename>
<cvename>CVE-2025-6769</cvename>
<url>https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/</url>
</references>
<dates>
<discovery>2025-09-10</discovery>
<entry>2025-09-11</entry>
</dates>
</vuln>
<vuln vid="bda50cf1-8bcf-11f0-b3f7-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>140.0.7339.80</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>140.0.7339.80</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html">
<p>This update includes 6 security fixes:</p>
<ul>
<li>[434513380] High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28</li>
<li>[437147699] Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07</li>
<li>[379337758] Medium CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK on 2024-11-16</li>
<li>[415496161] Medium CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-05-04</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9864</cvename>
<cvename>CVE-2025-9865</cvename>
<cvename>CVE-2025-9866</cvename>
<cvename>CVE-2025-9867</cvename>
<url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2025-09-02</discovery>
<entry>2025-09-07</entry>
</dates>
</vuln>
<vuln vid="340dc4c1-895a-11f0-b6e5-4ccc6adda413">
<topic>exiv2 -- Denial-of-service</topic>
<affects>
<package>
<name>exiv2</name>
<range><lt>0.28.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kevin Backhouse reports:</p>
<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g">
<p>A denial-of-service was found in Exiv2 version v0.28.5: a quadratic
algorithm in the ICC profile parsing code in jpegBase::readMetadata()
can cause Exiv2 to run for a long time. Exiv2 is a command-line utility
and C++ library for reading, writing, deleting, and modifying the
metadata of image files. The denial-of-service is triggered when Exiv2
is used to read the metadata of a crafted jpg image file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-55304</cvename>
<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g</url>
</references>
<dates>
<discovery>2025-08-29</discovery>
<entry>2025-09-04</entry>
</dates>
</vuln>
<vuln vid="84a77710-8958-11f0-b6e5-4ccc6adda413">
<topic>exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()</topic>
<affects>
<package>
<name>exiv2</name>
<range><lt>0.28.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kevin Backhouse reports:</p>
<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39">
<p>An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier.
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. The out-of-bounds
read is triggered when Exiv2 is used to write metadata into a crafted
image file. An attacker could potentially exploit the vulnerability to
cause a denial of service by crashing Exiv2, if they can trick the victim
into running Exiv2 on a crafted image file.</p>
<p>Note that this bug is only triggered when writing the metadata, which
is a less frequently used Exiv2 operation than reading the metadata. For
example, to trigger the bug in the Exiv2 command-line application, you
need to add an extra command-line argument such as delete.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-54080</cvename>
<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39</url>
</references>
<dates>
<discovery>2025-08-29</discovery>
<entry>2025-09-04</entry>
</dates>
</vuln>
<vuln vid="0db8684f-8938-11f0-8325-bc2411f8eb0b">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py39-django42</name>
<name>py310-django42</name>
<name>py311-django42</name>
<range><lt>4.2.24</lt></range>
</package>
<package>
<name>py310-django51</name>
<name>py311-django51</name>
<range><lt>5.1.12</lt></range>
</package>
<package>
<name>py310-django52</name>
<name>py311-django52</name>
<range><lt>5.2.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2025/sep/03/security-releases/">
<p>CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-57833</cvename>
<url>https://www.djangoproject.com/weblog/2025/sep/03/security-releases/</url>
</references>
<dates>
<discovery>2025-09-01</discovery>
<entry>2025-09-04</entry>
</dates>
</vuln>
<vuln vid="9f9b0b37-88fa-11f0-90a2-6cc21735f730">
<topic>Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin</topic>
<affects>
<package>
<name>shibboleth-sp</name>
<range><lt>3.5.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Internet2 reports:</p>
<blockquote cite="https://shibboleth.net/community/advisories/secadv_20250903.txt">
<p>The Shibboleth Service Provider includes a storage API usable
for a number of different use cases such as the session cache,
replay cache, and relay state management. An ODBC extension
plugin is provided with some distributions of the software
(notably on Windows).</p>
<p>A SQL injection vulnerability was identified in some of the
queries issued by the plugin, and this can be creatively
exploited through specially crafted inputs to exfiltrate
information stored in the database used by the SP.</p>
</blockquote>
</body>
</description>
<references>
<url>https://shibboleth.net/community/advisories/secadv_20250903.txt</url>
</references>
<dates>
<discovery>2025-09-03</discovery>
<entry>2025-09-03</entry>
</dates>
</vuln>
<vuln vid="aaa060af-88d6-11f0-a294-b0416f0c4c67">
<topic>Vieb -- Remote Code Execution via Visiting Untrusted URLs</topic>
<affects>
<package>
<name>linux-vieb</name>
<range><lt>12.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Zhengyu Liu, Jianjia Yu, Jelmer van Arnhem report:</p>
<blockquote cite="https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm">
<p>We discovered a remote code execution (RCE) vulnerability in the latest
release of the Vieb browser (v12.3.0). By luring a user to visit a
malicious website, an attacker can achieve arbitrary code execution on the
victim’s machine.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm</url>
</references>
<dates>
<discovery>2025-07-31</discovery>
<entry>2025-09-03</entry>
</dates>
</vuln>
<vuln vid="d7b7e505-8486-11f0-9d03-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.3.0</ge><lt>18.3.1</lt></range>
<range><ge>18.2.0</ge><lt>18.2.5</lt></range>
<range><ge>8.15.0</ge><lt>18.1.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/">
<p>Allocation of Resources Without Limits issue in import function impacts GitLab CE/EE</p>
<p>Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE</p>
<p>Allocation of Resources Without Limits issue in GraphQL impacts GitLab CE/EE</p>
<p>Code injection issue in GitLab repositories impacts GitLab CE/EE</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3601</cvename>
<cvename>CVE-2025-2246</cvename>
<cvename>CVE-2025-4225</cvename>
<cvename>CVE-2025-5101</cvename>
<url>https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/</url>
</references>
<dates>
<discovery>2025-08-27</discovery>
<entry>2025-08-29</entry>
</dates>
</vuln>
<vuln vid="f727fe60-8389-11f0-8438-001b217e4ee5">
<topic>ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options</topic>
<affects>
<package>
<name>kea</name>
<range><ge>3.0.0</ge><lt>3.0.1</lt></range>
</package>
<package>
<name>kea-devel</name>
<range><ge>3.1.0</ge><lt>3.1.1</lt></range>
<range><ge>2.7.1</ge><le>2.7.9</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Internet Systems Consortium, Inc. reports:</p>
<blockquote cite="https://kb.isc.org/docs/">
<p>We corrected an issue in `kea-dhcp4` that caused
the server to abort if a client sent a broadcast request with particular
options, and Kea failed to find an appropriate subnet for that client.
This addresses CVE-2025-40779 [#4055, #4048].</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-40779</cvename>
</references>
<dates>
<discovery>2025-08-27</discovery>
<entry>2025-08-27</entry>
</dates>
</vuln>
<vuln vid="2a11aa1e-83c7-11f0-b6e5-4ccc6adda413">
<topic>qt6-base -- DoS in QColorTransferGenericFunction</topic>
<affects>
<package>
<name>qt6-base</name>
<range><lt>6.9.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Andy Shaw reports:</p>
<blockquote cite="https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt">
<p>When passing values outside of the expected range to QColorTransferGenericFunction
it can cause a denial of service, for example, this can happen when passing a
specifically crafted ICC profile to QColorSpace::fromICCProfile.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5992</cvename>
<url>https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt</url>
</references>
<dates>
<discovery>2025-07-11</discovery>
<entry>2025-08-28</entry>
</dates>
</vuln>
<vuln vid="edf83c10-83b8-11f0-b6e5-4ccc6adda413">
<topic>qt6-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt6-pdf</name>
<name>qt6-webengine</name>
<range><lt>6.9.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based">
<p>Backports for 25 security bugs in Chromium:</p>
<ul>
<li>CVE-2025-5063: Use after free in Compositing</li>
<li>CVE-2025-5064: Inappropriate implementation in Background Fetch</li>
<li>CVE-2025-5065: Inappropriate implementation in FileSystemAccess API</li>
<li>CVE-2025-5068: Use after free in Blink</li>
<li>CVE-2025-5280: Out of bounds write in V8</li>
<li>CVE-2025-5281: Inappropriate implementation in BFCache</li>
<li>CVE-2025-5283: Use after free in libvpx</li>
<li>CVE-2025-5419: Out of bounds read and write in V8</li>
<li>CVE-2025-6191: Integer overflow in V8</li>
<li>CVE-2025-6192: Use after free in Profiler</li>
<li>CVE-2025-6554: Type Confusion in V8</li>
<li>CVE-2025-6556: Insufficient policy enforcement in Loader</li>
<li>CVE-2025-6557: Insufficient data validation in DevTools</li>
<li>CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU</li>
<li>CVE-2025-7656: Integer overflow in V8</li>
<li>CVE-2025-7657: Use after free in WebRTC</li>
<li>CVE-2025-8010: Type Confusion in V8</li>
<li>CVE-2025-8576: Use after free in Extensions</li>
<li>CVE-2025-8578: Use after free in Cast</li>
<li>CVE-2025-8580: Inappropriate implementation in Filesystems</li>
<li>CVE-2025-8582: Insufficient validation of untrusted input in DOM</li>
<li>CVE-2025-8879: Heap buffer overflow in libaom</li>
<li>CVE-2025-8880: Race in V8</li>
<li>CVE-2025-8881: Inappropriate implementation in File Picker</li>
<li>CVE-2025-8901: Out of bounds write in ANGLE</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5063</cvename>
<cvename>CVE-2025-5064</cvename>
<cvename>CVE-2025-5065</cvename>
<cvename>CVE-2025-5068</cvename>
<cvename>CVE-2025-5280</cvename>
<cvename>CVE-2025-5281</cvename>
<cvename>CVE-2025-5283</cvename>
<cvename>CVE-2025-5419</cvename>
<cvename>CVE-2025-6191</cvename>
<cvename>CVE-2025-6192</cvename>
<cvename>CVE-2025-6554</cvename>
<cvename>CVE-2025-6556</cvename>
<cvename>CVE-2025-6557</cvename>
<cvename>CVE-2025-6558</cvename>
<cvename>CVE-2025-7656</cvename>
<cvename>CVE-2025-7657</cvename>
<cvename>CVE-2025-8010</cvename>
<cvename>CVE-2025-8576</cvename>
<cvename>CVE-2025-8578</cvename>
<cvename>CVE-2025-8580</cvename>
<cvename>CVE-2025-8582</cvename>
<cvename>CVE-2025-8879</cvename>
<cvename>CVE-2025-8880</cvename>
<cvename>CVE-2025-8881</cvename>
<cvename>CVE-2025-8901</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-08-28</entry>
</dates>
</vuln>
<vuln vid="6989312e-8366-11f0-9bc6-b42e991fc52e">
<topic>SQLite -- application crash</topic>
<affects>
<package>
<name>sqlite3</name>
<range><lt>3.49.1</lt></range>
</package>
<package>
<name>linux_base-rl9-9.6</name>
<range><lt>9.6</lt></range>
</package>
<package>
<name>linux-c7-sqlite</name>
<range><lt>3.7.17_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248">
<p>In SQLite 3.49.0 before 3.49.1, certain argument values
to sqlite3_db_config (in the C-language API) can cause a
denial of service (application crash). An sz*nBig
multiplication is not cast to a 64-bit integer, and
consequently some memory allocations may be incorrect.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-29088</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-29088</url>
</references>
<dates>
<discovery>2025-04-10</discovery>
<entry>2025-08-27</entry>
</dates>
</vuln>
<vuln vid="c323bab5-80dd-11f0-97c4-40b034429ecf">
<topic>p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness</topic>
<affects>
<package>
<name>p5-Catalyst-Authentication-Credential-HTTP</name>
<range><lt>1.019</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>perl-catalyst project reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-40920">
<p>Catalyst::Authentication::Credential::HTTP versions 1.018
and earlier for Perl generate nonces using
the Perl Data::UUID library. * Data::UUID does not use a
strong cryptographic source for generating
UUIDs.* Data::UUID returns v3 UUIDs, which are generated
from known information and are unsuitable for
security, as per RFC 9562. * The nonces should be generated
from a strong cryptographic source, as per RFC 7616.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-40920</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-40920</url>
</references>
<dates>
<discovery>2025-08-11</discovery>
<entry>2025-08-24</entry>
</dates>
</vuln>
<vuln vid="07335fb9-7eb1-11f0-ba14-b42e991fc52e">
<topic>Mozilla -- memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>142,2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>142</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072">
<p>Memory safety bugs present in Firefox 141 and Thunderbird
141. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could
have been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9187</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9187</url>
</references>
<dates>
<discovery>2025-08-19</discovery>
<entry>2025-08-21</entry>
</dates>
</vuln>
<vuln vid="feb359ef-7eb0-11f0-ba14-b42e991fc52e">
<topic>Mozilla -- memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>142,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.14</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>140.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166">
<p>Memory safety bugs present in Firefox ESR 115.26, Firefox
ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9184</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9184</url>
<cvename>CVE-2025-9185</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9185</url>
</references>
<dates>
<discovery>2025-08-19</discovery>
<entry>2025-08-21</entry>
</dates>
</vuln>
<vuln vid="fa7fd6d4-7eb0-11f0-ba14-b42e991fc52e">
<topic>Firefox -- Spoofing in the Address Bar</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>142,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1976102">
<p>Spoofing issue in the Address Bar component.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9183</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9183</url>
</references>
<dates>
<discovery>2025-08-19</discovery>
<entry>2025-08-21</entry>
</dates>
</vuln>
<vuln vid="f994cea5-7eb0-11f0-ba14-b42e991fc52e">
<topic>Mozilla -- DoS in WebRender</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>142,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>142</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1975837">
<p>&apos;Denial-of-service due to out-of-memory in the
Graphics: WebRender component.&apos;</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9182</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9182</url>
</references>
<dates>
<discovery>2025-08-19</discovery>
<entry>2025-08-21</entry>
</dates>
</vuln>
<vuln vid="f7e8e9a3-7eb0-11f0-ba14-b42e991fc52e">
<topic>Mozilla -- Uninitialized memory</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>142,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>140.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1977130">
<p>Uninitialized memory in the JavaScript Engine component.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9181</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9181</url>
</references>
<dates>
<discovery>2025-08-19</discovery>
<entry>2025-08-21</entry>
</dates>
</vuln>
<vuln vid="f6219d24-7eb0-11f0-ba14-b42e991fc52e">
<topic>Mozilla -- Same-origin policy bypass</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>142,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>142</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979782">
<p>&apos;Same-origin policy bypass in the Graphics: Canvas2D
component.&apos;</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9180</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9180</url>
</references>
<dates>
<discovery>2025-08-19</discovery>
<entry>2025-08-21</entry>
</dates>
</vuln>
<vuln vid="f42ee983-7eb0-11f0-ba14-b42e991fc52e">
<topic>Mozilla -- memory corruption in GMP</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>142,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>140.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979527">
<p>An attacker was able to perform memory corruption in the GMP process
which processes encrypted media. This process is also heavily
sandboxed, but represents slightly different privileges from the
content process.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-9179</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-9179</url>
</references>
<dates>
<discovery>2025-08-19</discovery>
<entry>2025-08-21</entry>
</dates>
</vuln>
<vuln vid="eb03714d-79f0-11f0-b4c1-ac5afc632ba3">
<topic>nginx -- worker process memory disclosure</topic>
<affects>
<package>
<name>nginx-devel</name>
<range><lt>1.29.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>F5 reports:</p>
<blockquote cite="https://my.f5.com/manage/s/article/K000152786">
<p>NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_mail_smtp_module that might allow an unauthenticated attacker to
over-read NGINX SMTP authentication process memory; as a result, the
server side may leak arbitrary bytes sent in a request to the
authentication server. This issue happens during the NGINX SMTP
authentication process and requires the attacker to make preparations
against the target system to extract the leaked data. The issue
affects NGINX only if (1) it is built with the ngx_mail_smtp_module,
(2) the smtp_auth directive is configured with method "none,"
and (3) the authentication server returns the "Auth-Wait" response
header.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-53859</cvename>
<url>https://www.cve.org/CVERecord?id=CVE-2025-53859</url>
</references>
<dates>
<discovery>2025-08-13</discovery>
<entry>2025-08-15</entry>
</dates>
</vuln>
<vuln vid="a60e73e0-7942-11f0-b3f7-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>139.0.7258.127</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>139.0.7258.127</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html">
<p>This update includes 6 security fixes:</p>
<ul>
<li>[432035817] High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15</li>
<li>[433533359] High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n) on 2025-07-23</li>
<li>[435139154] High CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep on 2025-07-30</li>
<li>[433800617] Medium CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz on 2025-07-23</li>
<li>[435623339] Medium CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq on 2025-08-01</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8579</cvename>
<cvename>CVE-2025-8580</cvename>
<cvename>CVE-2025-8901</cvename>
<cvename>CVE-2025-8881</cvename>
<cvename>CVE-2025-8882</cvename>
<url>https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html</url>
</references>
<dates>
<discovery>2025-08-12</discovery>
<entry>2025-08-14</entry>
</dates>
</vuln>
<vuln vid="fc048b51-7909-11f0-90a2-6cc21735f730">
<topic>PostgreSQL -- vulnerabilities</topic>
<affects>
<package>
<name>postgresql17-server</name>
<range><lt>17.6</lt></range>
</package>
<package>
<name>postgresql16-server</name>
<range><lt>16.10</lt></range>
</package>
<package>
<name>postgresql15-server</name>
<range><lt>14.14</lt></range>
</package>
<package>
<name>postgresql14-server</name>
<range><lt>14.19</lt></range>
</package>
<package>
<name>postgresql13-server</name>
<range><lt>13.22</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL project reports:</p>
<blockquote cite="https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/">
<p>Tighten security checks in planner estimation functions.</p>
<p>Prevent pg_dump scripts from being used to attack the user running the restore.</p>
<p>Convert newlines to spaces in names included in comments in pg_dump output.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8713</cvename>
<cvename>CVE-2025-8714</cvename>
<cvename>CVE-2025-8715</cvename>
<url>https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/</url>
</references>
<dates>
<discovery>2025-08-11</discovery>
<entry>2025-08-14</entry>
</dates>
</vuln>
<vuln vid="7bfe6f39-78be-11f0-9d03-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.2.0</ge><lt>18.2.2</lt></range>
<range><ge>18.1.0</ge><lt>18.1.4</lt></range>
<range><ge>8.14.0</ge><lt>18.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/">
<p>Cross-site scripting issue in blob viewer impacts GitLab CE/EE</p>
<p>Cross-site scripting issue in labels impacts GitLab CE/EE</p>
<p>Cross-site scripting issue in Workitem impacts GitLab CE/EE</p>
<p>Improper Handling of Permissions issue in project API impacts GitLab CE/EE</p>
<p>Incorrect Privilege Assignment issue in delete issues operation impacts GitLab CE/EE</p>
<p>Allocation of Resources Without Limits issue in release name creation impacts GitLab CE/EE</p>
<p>Incorrect Authorization issue in jobs API impacts GitLab CE/EE</p>
<p>Authorization issue in Merge request approval policy impacts GitLab EE</p>
<p>Inefficient Regular Expression Complexity issue in wiki impacts GitLab CE/EE</p>
<p>Allocation of Resources Without Limits issue in Mattermost integration impacts GitLab CE/EE</p>
<p>Incorrect Permission Assignment issue in ID token impacts GitLab CE/EE</p>
<p>Insufficient Access Control issue in IP Restriction impacts GitLab EE</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-7734</cvename>
<cvename>CVE-2025-7739</cvename>
<cvename>CVE-2025-6186</cvename>
<cvename>CVE-2025-8094</cvename>
<cvename>CVE-2024-12303</cvename>
<cvename>CVE-2025-2614</cvename>
<cvename>CVE-2024-10219</cvename>
<cvename>CVE-2025-8770</cvename>
<cvename>CVE-2025-2937</cvename>
<cvename>CVE-2025-1477</cvename>
<cvename>CVE-2025-5819</cvename>
<cvename>CVE-2025-2498</cvename>
<url>https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/</url>
</references>
<dates>
<discovery>2025-08-13</discovery>
<entry>2025-08-14</entry>
</dates>
</vuln>
<vuln vid="e2d49973-785a-11f0-a1c0-0050569f0b83">
<topic>www/varnish7 -- Denial of Service in HTTP/2</topic>
<affects>
<package>
<name>varnish7</name>
<range><lt>7.7.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Varnish Development Team reports:</p>
<blockquote cite="https://varnish-cache.org/security/VSV00017.html#vsv00017">
<p>A denial of service attack can be performed on Varnish Cache servers
that have the HTTP/2 protocol turned on. An attacker can create a
large number of streams and immediately reset them without ever
reaching the maximum number of concurrent streams allowed for the
session, causing the Varnish server to consume unnecessary
resources processing requests for which the response will not be
delivered.</p>
<p>This attack is a variant of the HTTP/2 Rapid Reset Attack, which was
partially handled as VSV00013.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8671</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8671</url>
</references>
<dates>
<discovery>2025-08-13</discovery>
<entry>2025-08-13</entry>
</dates>
</vuln>
<vuln vid="defe9a20-781e-11f0-97c4-40b034429ecf">
<topic>p5-Authen-SASL -- Insecure source of randomness</topic>
<affects>
<package>
<name>p5-Authen-SASL</name>
<range><lt>2.1900</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>p5-Authen-SASL project reports:</p>
<blockquote cite="https://github.com/advisories/GHSA-496q-8ph2-c4fj">
<p>Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.</p>
<p>The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function.
The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header.
The built-in rand function is unsuitable for cryptographic usage.</p>
<p>According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server
to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice.
It is RECOMMENDED that it contain at least 64 bits of entropy.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-40918</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-40918</url>
</references>
<dates>
<discovery>2025-07-16</discovery>
<entry>2025-08-13</entry>
</dates>
</vuln>
<vuln vid="15fd1321-768a-11f0-b3f7-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>139.0.7258.66</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>139.0.7258.66</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html">
<p>This update includes 12 security fixes:</p>
<ul>
<li>[414760982] Medium CVE-2025-8576: Use after free in Extensions. Reported by asnine on 2025-04-30</li>
<li>[384050903] Medium CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq on 2024-12-14</li>
<li>[423387026] Medium CVE-2025-8578: Use after free in Cast. Reported by Fayez on 2025-06-09</li>
<li>[407791462] Low CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz on 2025-04-02</li>
<li>[411544197] Low CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu on 2025-04-18</li>
<li>[416942878] Low CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea on 2025-05-11</li>
<li>[40089450] Low CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous on 2017-10-31</li>
<li>[373794472] Low CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-10-16</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8576</cvename>
<cvename>CVE-2025-8577</cvename>
<cvename>CVE-2025-8578</cvename>
<cvename>CVE-2025-8579</cvename>
<cvename>CVE-2025-8580</cvename>
<cvename>CVE-2025-8581</cvename>
<cvename>CVE-2025-8582</cvename>
<cvename>CVE-2025-8583</cvename>
<url>https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2025-08-05</discovery>
<entry>2025-08-11</entry>
</dates>
</vuln>
<vuln vid="fb08d146-752a-11f0-952c-8447094a420f">
<topic>Apache httpd -- evaluation always true</topic>
<affects>
<package>
<name>apache24</name>
<range><ge>2.4.64</ge><lt>2.4.65</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.65">
<p>'RewriteCond expr' always evaluates to true in 2.4.64.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-54090</cvename>
<url>https://downloads.apache.org/httpd/CHANGES_2.4.65</url>
</references>
<dates>
<discovery>2025-07-23</discovery>
<entry>2025-08-09</entry>
</dates>
</vuln>
<vuln vid="66f35fd9-73f5-11f0-8e0e-002590c1f29c">
<topic>FreeBSD -- Integer overflow in libarchive leading to double free</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.3</ge><lt>14.3_2</lt></range>
<range><ge>14.2</ge><lt>14.2_5</lt></range>
<range><ge>13.5</ge><lt>13.5_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>An integer overflow in the archive_read_format_rar_seek_data()
function may lead to a double free problem.</p>
<h1>Impact:</h1>
<p>Exploiting a double free vulnerability can cause memory corruption.
This in turn could enable a threat actor to execute arbitrary code.
It might also result in denial of service.</p>
</body>
</description>
<references>
<cvename>CVE-2025-5914</cvename>
<freebsdsa>SA-25:07.libarchive</freebsdsa>
</references>
<dates>
<discovery>2025-08-08</discovery>
<entry>2025-08-08</entry>
</dates>
</vuln>
<vuln vid="b945ce3f-6f9b-11f0-bd96-b42e991fc52e">
<topic>sqlite -- integer overflow</topic>
<affects>
<package>
<name>sqlite3</name>
<range><lt>3.49.1</lt></range>
</package>
<package>
<name>linux-c7-sqlite</name>
<range><lt>3.49.1</lt></range>
</package>
<package>
<name>linux_base-rl9</name>
<range><lt>3.49.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve-coordination@google.com reports:</p>
<blockquote cite="https://sqlite.org/src/info/498e3f1cf57f164f">
<p>An integer overflow can be triggered in SQLites `concat_ws()`
function. The resulting, truncated integer is then used to allocate
a buffer. When SQLite then writes the resulting string to the
buffer, it uses the original, untruncated size and thus a wild Heap
Buffer overflow of size ~4GB can be triggered. This can result in
arbitrary code execution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3277</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3277</url>
</references>
<dates>
<discovery>2025-04-14</discovery>
<entry>2025-08-02</entry>
</dates>
</vuln>
<vuln vid="95480188-6ebc-11f0-8a78-bf201f293bce">
<topic>navidrome -- transcoding permission bypass vulnerability</topic>
<affects>
<package>
<name>navidrome</name>
<range><lt>0.56.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Deluan Quintão reports:</p>
<blockquote cite="https://github.com/navidrome/navidrome/security/advisories/GHSA-f238-rggp-82m3">
<p>A permission verification flaw in Navidrome allows any authenticated
regular user to bypass authorization checks and perform
administrator-only transcoding configuration operations, including
creating, modifying, and deleting transcoding settings.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-48948</cvename>
<url>https://github.com/navidrome/navidrome/security/advisories/GHSA-f238-rggp-82m3</url>
</references>
<dates>
<discovery>2025-05-29</discovery>
<entry>2025-08-01</entry>
</dates>
</vuln>
<vuln vid="f51077bd-6dd7-11f0-9d62-b42e991fc52e">
<topic>SQLite -- integer overflow in key info allocation</topic>
<affects>
<package>
<name>sqlite3</name>
<range><ge>3.39.2,1</ge><lt>3.41.2,1</lt></range>
</package>
<!-- as of 2025-08-01, sqlite in -c7 is 3.7.17 and matched by the <3.50.2 below,
and -rl9 aka linux_base ships 3.34.1 which is outside this range. -->
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve-coordination@google.com reports:</p>
<blockquote cite="https://sqlite.org/forum/forumpost/16ce2bb7a639e29b">
<p>An integer overflow in the sqlite3KeyInfoFromExprList function in
SQLite versions 3.39.2 through 3.41.1 allows an attacker with the
ability to execute arbitrary SQL statements to cause a denial of
service or disclose sensitive information from process memory via
a crafted SELECT statement with a large number of expressions in
the ORDER BY clause.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-7458</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-7458</url>
</references>
<dates>
<discovery>2025-07-29</discovery>
<entry>2025-07-31</entry>
<modified>2025-08-01</modified>
</dates>
</vuln>
<vuln vid="cd7f969e-6cb4-11f0-97c4-40b034429ecf">
<topic>p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</topic>
<affects>
<package>
<name>p5-Crypt-CBC</name>
<range><lt>3.07</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Lib-Crypt-CBC project reports:</p>
<blockquote cite="https://perldoc.perl.org/functions/rand">
<p>
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default
source of entropy, which is not cryptographically secure, for cryptographic functions.
This issue affects operating systems where "/dev/urandom'" is unavailable.
In that case, Crypt::CBC will fallback to use the insecure rand() function.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2814</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-2814</url>
</references>
<dates>
<discovery>2025-04-12</discovery>
<entry>2025-07-29</entry>
</dates>
</vuln>
<vuln vid="c37f29ba-6ae3-11f0-b4bf-ecf4bbefc954">
<topic>viewvc -- Arbitrary server filesystem content</topic>
<affects>
<package>
<name>viewvc</name>
<range><ge>1.1.0</ge><le>1.1.30</le></range>
</package>
<package>
<name>viewvc</name>
<range><ge>1.2.0</ge><le>1.2.3</le></range>
</package>
<package>
<name>viewvc-devel</name>
<range><lt>1.3.0.20250316_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cmpilato reports:</p>
<blockquote cite="https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397">
<p>
The ViewVC standalone web server (standalone.py) is a script provided in the ViewVC
distribution for the purposes of quickly testing a ViewVC configuration. This script
can in particular configurations expose the contents of the host server's filesystem
though a directory traversal-style attack.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-54141</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-54141</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-25</entry>
</dates>
</vuln>
<vuln vid="eed1a411-699b-11f0-91fe-000c295725e4">
<topic>rubygem-resolv -- Possible denial of service</topic>
<affects>
<package>
<name>rubygem-resolv</name>
<range><lt>0.6.2</lt></range>
</package>
<package>
<name>ruby</name>
<range><ge>3.2.0.p1,1</ge><lt>3.2.9,1</lt></range>
<range><ge>3.3.0.p1,1</ge><lt>3.3.9,1</lt></range>
<range><ge>3.4.0.p1,1</ge><lt>3.4.5,1</lt></range>
<range><ge>3.5.0.p1,1</ge><lt>3.5.0.p2,1</lt></range>
</package>
<package>
<name>ruby32</name>
<range><lt>3.2.9,1</lt></range>
</package>
<package>
<name>ruby33</name>
<range><lt>3.3.9,1</lt></range>
</package>
<package>
<name>ruby34</name>
<range><lt>3.4.5,1</lt></range>
</package>
<package>
<name>ruby35</name>
<range><lt>3.5.0.p2,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Manu reports:</p>
<blockquote cite="https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/">
<p>
The vulnerability is caused by an insufficient check on
the length of a decompressed domain name within a DNS
packet.
</p>
<p>
An attacker can craft a malicious DNS packet containing a
highly compressed domain name. When the resolv library
parses such a packet, the name decompression process
consumes a large amount of CPU resources, as the library
does not limit the resulting length of the name.
</p>
<p>
This resource consumption can cause the application thread
to become unresponsive, resulting in a Denial of Service
condition.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-24294</cvename>
<url>https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/</url>
</references>
<dates>
<discovery>2025-07-08</discovery>
<entry>2025-07-25</entry>
</dates>
</vuln>
<vuln vid="67c6461f-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116">
<p>Memory safety bugs present in Firefox 140 and
Thunderbird 140. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort
some of these could have been exploited to run arbitrary
code.</p>
<p>Focus incorrectly truncated URLs towards the beginning instead of
around the origin.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8044</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8044</url>
<cvename>CVE-2025-8043</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8043</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="62f1a68f-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975058%2C1975998%2C1975998">
<p>Memory safety bugs present in Firefox ESR 140.0,
Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8040</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8040</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="6088905c-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Persisted search terms in the URL bar</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1970997">
<p>In some cases search terms persisted in the URL bar even after
navigating away from the search page.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8039</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8039</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="5d91def0-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Ignored paths while checking navigations</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1808979">
<p>Thunderbird ignored paths when checking the validity of
navigations in a frame.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8038</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8038</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="5abc2187-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- cookie shadowing</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1964767">
<p>Setting a nameless cookie with an equals sign in the
value shadowed other cookies. Even if the nameless cookie
was set over HTTP and the shadowed cookie included the
`Secure` attribute.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8037</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8037</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="58027367-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- CORS circumvention</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1960834">
<p>Thunderbird cached CORS preflight responses across IP
address changes. This allowed circumventing CORS with DNS
rebinding.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8036</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8036</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="55096bd3-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961">
<p>Memory safety bugs present in Firefox ESR 128.12,
Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR
140.0, Firefox 140 and Thunderbird 140. Some of these bugs
showed evidence of memory corruption and we presume that
with enough effort some of these could have been exploited
to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8035</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8035</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="4faa01cb-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.26</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422">
<p>Memory safety bugs present in Firefox ESR 115.25, Firefox
ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0,
Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some
of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8034</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8034</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="4d03efe7-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- nullptr dereference</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.26</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1973990">
<p>The JavaScript engine did not handle closed generators
correctly and it was possible to resume them leading to a
nullptr deref.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8033</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8033</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="4a357f4b-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- XSLT document CSP bypass</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1974407">
<p>XSLT document loading did not correctly propagate the
source document which bypassed its CSP.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8032</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8032</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="477e9eb3-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- HTTP Basic Authentication credentials leak</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971719">
<p>The `username:password` part was not correctly stripped
from URLs in CSP reports potentially leaking HTTP Basic
Authentication credentials.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8031</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8031</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="44b3048b-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Insufficient input escaping</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968414">
<p>Insufficient escaping in the Copy as cURL feature could
potentially be used to trick a user into executing
unexpected code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8030</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8030</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="419bcf99-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- 'javascript:' URLs execution</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1928021">
<p>Thunderbird executed `javascript:` URLs when used in
`object` and `embed` tags.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8029</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8029</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="3e9406a7-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- Incorrect computation of branch address</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.26</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971581">
<p>On arm64, a WASM `br_table` instruction with a lot of
entries could lead to the label being too far from the
instruction causing truncation and incorrect computation of
the branch address.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8028</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8028</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="3c234220-685e-11f0-a12d-b42e991fc52e">
<topic>Mozilla -- IonMonkey-JIT bad stack write</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>141.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.13</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.26</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>141.0</lt></range>
</package>
<package>
<name>thunderbird-esr</name>
<range><lt>140.1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968423">
<p>On 64-bit platforms IonMonkey-JIT only wrote 32 bits of
the 64-bit return value space on the stack. Baseline-JIT,
however, read the entire 64 bits.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-8027</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-8027</url>
</references>
<dates>
<discovery>2025-07-22</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="3d4393b2-68a5-11f0-b2b4-589cfc10832a">
<topic>gdk-pixbuf2 -- a heap buffer overflow</topic>
<affects>
<package>
<name>gdk-pixbuf2</name>
<range><lt>2.42.12_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://www.cve.org/CVERecord?id=CVE-2025-7345">
<p>A flaw exists in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment
function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c).
When processing maliciously crafted JPEG images, a heap buffer overflow can occur
during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially
causing application crashes or arbitrary code execution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-7345</cvename>
<url>https://www.cve.org/CVERecord?id=CVE-2025-7345</url>
</references>
<dates>
<discovery>2025-07-24</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="b3948bf3-685e-11f0-bff5-6805ca2fa271">
<topic>powerdns-recursor -- cache pollution</topic>
<affects>
<package>
<name>powerdns-recursor</name>
<range><lt>5.2.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Team reports:</p>
<blockquote cite="https://blog.powerdns.com/powerdns-security-advisory-2025-04">
<p>An attacker spoofing answers to ECS enabled requests
sent out by the Recursor has a chance of success higher
than non-ECS enabled queries. The updated version include
various mitigations against spoofing attempts of ECS enabled
queries by chaining ECS enabled requests and enforcing
stricter validation of the received answers. The most strict
mitigation done when the new setting outgoing.edns_subnet_harden
(old style name edns-subnet-harden) is enabled.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-30192</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-30192</url>
</references>
<dates>
<discovery>2025-07-21</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="5683b3a7-683d-11f0-966e-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.2.0</ge><lt>18.2.1</lt></range>
<range><ge>18.1.0</ge><lt>18.1.3</lt></range>
<range><ge>15.0.0</ge><lt>18.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/">
<p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE</p>
<p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs</p>
<p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p>
<p>Improper Access Control issue impacts GitLab EE</p>
<p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p>
<p>Improper Access Control issue impacts GitLab CE/EE</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4700</cvename>
<cvename>CVE-2025-4439</cvename>
<cvename>CVE-2025-7001</cvename>
<cvename>CVE-2025-4976</cvename>
<cvename>CVE-2025-0765</cvename>
<cvename>CVE-2025-1299</cvename>
<url>https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/</url>
</references>
<dates>
<discovery>2025-07-23</discovery>
<entry>2025-07-24</entry>
</dates>
</vuln>
<vuln vid="0f5bcba2-67fb-11f0-9ee5-b42e991fc52e">
<topic>sqlite -- Integer Truncation on SQLite</topic>
<affects>
<package>
<name>sqlite3</name>
<range><lt>3.50.2,1</lt></range>
</package>
<package>
<name>linux-c7-sqlite</name>
<range><lt>3.50.2</lt></range>
</package>
<package>
<name>linux_base-rl9</name>
<range><ge>0</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve-coordination@google.com reports:</p>
<blockquote cite="https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8">
<p>There exists a vulnerability in SQLite versions before
3.50.2 where the number of aggregate terms could exceed the
number of columns available. This could lead to a memory
corruption issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6965</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6965</url>
</references>
<dates>
<discovery>2025-07-15</discovery>
<entry>2025-07-23</entry>
<modified>2025-08-01</modified>
</dates>
</vuln>
<vuln vid="80411ba2-6729-11f0-a5cb-8c164580114f">
<topic>7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder</topic>
<affects>
<package>
<name>7-zip</name>
<range><lt>25.00</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/">
<p>7-Zip is a file archiver with a high compression ratio. Zeroes
written outside heap buffer in RAR5 handler may lead to memory
corruption and denial of service in versions of 7-Zip prior to
25.0.0. Version 25.0.0 contains a fix for the issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-53816</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-53816</url>
</references>
<dates>
<discovery>2025-07-17</discovery>
<entry>2025-07-22</entry>
</dates>
</vuln>
<vuln vid="605a9d1e-6521-11f0-beb2-ac5afc632ba3">
<topic>libwasmtime -- host panic with fd_renumber WASIp1 function</topic>
<affects>
<package>
<name>libwasmtime</name>
<range><ge>24.0.0</ge><lt>24.0.4</lt></range>
<range><ge>33.0.0</ge><lt>33.0.2</lt></range>
<range><ge>34.0.0</ge><lt>34.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>WasmTime development team reports:</p>
<blockquote cite="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc">
<p>A bug in Wasmtime's implementation of the WASIp1 set of import
functions can lead to a WebAssembly guest inducing a panic in the
host (embedder).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-53901</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-53901</url>
</references>
<dates>
<discovery>2025-07-18</discovery>
<entry>2025-07-20</entry>
</dates>
</vuln>
<vuln vid="e27ee4fc-cdc9-45a1-8242-09898cdbdc91">
<topic>unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack</topic>
<affects>
<package>
<name>unbound</name>
<range><gt>1.6.1</gt><lt>1.23.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>sep@nlnetlabs.nl reports:</p>
<blockquote cite="https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt">
<p>A multi-vendor cache poisoning vulnerability named &apos;Rebirthday
Attack&apos; has been discovered in caching resolvers that support
EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled
with ECS support, i.e., &apos;--enable-subnet&apos;, AND configured
to send ECS information along with queries to upstream name servers,
i.e., at least one of the &apos;send-client-subnet&apos;,
&apos;client-subnet-zone&apos; or &apos;client-subnet-always-forward&apos;
options is used. Resolvers supporting ECS need to segregate outgoing
queries to accommodate for different outgoing ECS information. This
re-opens up resolvers to a birthday paradox attack (Rebirthday
Attack) that tries to match the DNS transaction ID in order to cache
non-ECS poisonous replies.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5994</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5994</url>
</references>
<dates>
<discovery>2025-07-16</discovery>
<entry>2025-07-18</entry>
</dates>
</vuln>
<vuln vid="aeac223e-60e1-11f0-8baa-8447094a420f">
<topic>liboqs -- Secret-dependent branching in HQC</topic>
<affects>
<package>
<name>liboqs</name>
<range><lt>0.14.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenQuantumSafe project reports:</p>
<blockquote cite="https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm">
<p>Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-52473</cvename>
<url>https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm</url>
</references>
<dates>
<discovery>2025-07-10</discovery>
<entry>2025-07-14</entry>
</dates>
</vuln>
<vuln vid="c3e1df74-5e73-11f0-95e5-74563cf9e4e9">
<topic>GnuTLS -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gnutls</name>
<range><lt>3.8.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Daiki Ueno reports:</p>
<blockquote cite="https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html">
<ul>
<li>libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
Spotted by oss-fuzz and reported by OpenAI Security Research Team,
and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
CVSS: medium] [CVE-2025-32989]</li>
<li>libgnutls: Fix double-free upon error when exporting otherName in SAN
Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
CVSS: low] [CVE-2025-32988]</li>
<li>certtool: Fix 1-byte write buffer overrun when parsing template
Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
CVSS: low] [CVE-2025-32990]</li>
<li>libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
[CVE-2025-6395]</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-32989</cvename>
<cvename>CVE-2025-32988</cvename>
<cvename>CVE-2025-32990</cvename>
<cvename>CVE-2025-6395</cvename>
<url>https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html</url>
</references>
<dates>
<discovery>2025-07-09</discovery>
<entry>2025-07-14</entry>
</dates>
</vuln>
<vuln vid="b0a3466f-5efc-11f0-ae84-99047d0a6bcc">
<topic>libxslt -- unmaintained, with multiple unfixed vulnerabilities</topic>
<affects>
<package>
<name>libxslt</name>
<range><lt>1.1.43_2</lt></range> <!-- adjust should libxslt ever be fixed -->
</package>
<package>
<name>linux-c7-libxslt</name>
<range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed -->
</package>
<package>
<name>linux-rl9-libxslt</name>
<range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed -->
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Alan Coopersmith reports:</p>
<blockquote cite="https://www.openwall.com/lists/oss-security/2025/07/11/2">
<p>On 6/16/25 15:12, Alan Coopersmith wrote:</p>
<p><em>
BTW, users of libxml2 may also be using its sibling project, libxslt,
which currently has no active maintainer, but has three unfixed security issues
reported against it according to
<a href="https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt">
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</a>
</em></p>
<p>2 of the 3 have now been disclosed:</p>
<p>(CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes<br />
<a href="https://gitlab.gnome.org/GNOME/libxslt/-/issues/139">https://gitlab.gnome.org/GNOME/libxslt/-/issues/139</a>
<a href="https://project-zero.issues.chromium.org/issues/409761909">https://project-zero.issues.chromium.org/issues/409761909</a></p>
<p>(CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption<br />
<a href="https://gitlab.gnome.org/GNOME/libxslt/-/issues/140">https://gitlab.gnome.org/GNOME/libxslt/-/issues/140</a><br /><a href="https://project-zero.issues.chromium.org/issues/410569369">https://project-zero.issues.chromium.org/issues/410569369</a></p>
<p>Engineers from Apple &amp; Google have proposed patches in the GNOME gitlab issues,
but neither has had a fix applied to the git repo since there is currently no
maintainer for libxslt.</p>
</blockquote>
<p>Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see
<a href="https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt">
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</a>
</p>
</body>
</description>
<references>
<cvename>CVE-2025-7424</cvename>
<cvename>CVE-2025-7425</cvename>
<url>https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</url>
<url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/139</url>
<url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/140</url>
<url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/144</url>
<url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/148</url>
<url>https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988</url>
</references>
<dates>
<discovery>2025-04-10</discovery>
<entry>2025-07-12</entry>
</dates>
</vuln>
<vuln vid="abbc8912-5efa-11f0-ae84-99047d0a6bcc">
<topic>libxml2 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.14.5</lt></range>
</package>
<package>
<name>linux-c7-libxml2</name>
<range><lt>2.14.5</lt></range> <!-- needs update once fixed version appears -->
</package>
<package>
<name>linux-rl9-libxml2</name>
<range><lt>2.14.5</lt></range> <!-- needs update once fixed version appears -->
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Alan Coopersmith reports:</p>
<blockquote cite="https://www.openwall.com/lists/oss-security/2025/06/16/6">
<p>As discussed in
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913">https://gitlab.gnome.org/GNOME/libxml2/-/issues/913</a> the
security policy of libxml2 has been changed to disclose vulnerabilities
before fixes are available so that people other than the maintainer can
contribute to fixing security issues in this library.</p>
<p>As part of this, the following 5 CVE's have been disclosed recently:</p>
<p>(CVE-2025-49794) Heap use after free (UAF) leads to Denial of service (DoS)
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/931">https://gitlab.gnome.org/GNOME/libxml2/-/issues/931</a> [...]</p>
<p>(CVE-2025-49795) Null pointer dereference leads to Denial of service (DoS)
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/932">https://gitlab.gnome.org/GNOME/libxml2/-/issues/932</a> [...]</p>
<p>(CVE-2025-49796) Type confusion leads to Denial of service (DoS)
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/933">https://gitlab.gnome.org/GNOME/libxml2/-/issues/933</a> [...]</p>
<p>For all three of the above, note that upstream is considering removing Schematron support completely, as discussed in
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/935">https://gitlab.gnome.org/GNOME/libxml2/-/issues/935</a>.</p>
<p>(CVE-2025-6021) Integer Overflow Leading to Buffer Overflow in xmlBuildQName()
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/926">https://gitlab.gnome.org/GNOME/libxml2/-/issues/926</a> [...]</p>
<p>(CVE-2025-6170) Stack-based Buffer Overflow in xmllint Shell
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/941">https://gitlab.gnome.org/GNOME/libxml2/-/issues/941</a> [...]</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6021</cvename>
<cvename>CVE-2025-6170</cvename>
<cvename>CVE-2025-49794</cvename>
<cvename>CVE-2025-49795</cvename>
<cvename>CVE-2025-49795</cvename>
<url>https://www.openwall.com/lists/oss-security/2025/06/16/6</url>
<url>https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</url>
<url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/913</url>
<url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/931</url>
<url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/932</url>
<url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/933</url>
<url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/935</url>
<url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/926</url>
<url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/941</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-07-12</entry>
<modified>2025-07-15</modified>
</dates>
</vuln>
<vuln vid="61d74f80-5e9e-11f0-8baa-8447094a420f">
<topic>mod_http2 -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mod_http2</name>
<range><lt>2.0.33</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The mod_http2 project reports:</p>
<blockquote cite="https://github.com/icing/mod_h2/releases/tag/v2.0.33">
<p>a client can increase memory consumption for a HTTP/2 connection
via repeated request header names,leading to denial of service</p>
<p>certain proxy configurations whith mod_proxy_http2 as the
backend, an assertion can be triggered by certain requests, leading
to denial of service</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-53020</cvename>
<cvename>CVE-2025-49630</cvename>
<url>https://github.com/icing/mod_h2/releases/tag/v2.0.33</url>
</references>
<dates>
<discovery>2025-07-10</discovery>
<entry>2025-07-11</entry>
</dates>
</vuln>
<vuln vid="342f2a0a-5e9b-11f0-8baa-8447094a420f">
<topic>Apache httpd -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><lt>2.4.64</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
<p>moderate: Apache HTTP Server: HTTP response splitting (CVE-2024-42516)</p>
<p>low: Apache HTTP Server: SSRF with mod_headers setting Content-Type header (CVE-2024-43204)</p>
<p>moderate: Apache HTTP Server: SSRF on Windows due to UNC paths (CVE-2024-43394)</p>
<p>low: Apache HTTP Server: mod_ssl error log variable escaping (CVE-2024-47252)</p>
<p>moderate: Apache HTTP Server: mod_ssl access control bypass with session resumption (CVE-2025-23048)</p>
<p>low: Apache HTTP Server: mod_proxy_http2 denial of service (CVE-2025-49630)</p>
<p>moderate: Apache HTTP Server: mod_ssl TLS upgrade attack (CVE-2025-49812)</p>
<p>moderate: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-42516</cvename>
<cvename>CVE-2024-43204</cvename>
<cvename>CVE-2024-43394</cvename>
<cvename>CVE-2024-47252</cvename>
<cvename>CVE-2025-23048</cvename>
<cvename>CVE-2025-49630</cvename>
<cvename>CVE-2025-49812</cvename>
<cvename>CVE-2025-53020</cvename>
<url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
</references>
<dates>
<discovery>2025-07-10</discovery>
<entry>2025-07-11</entry>
</dates>
</vuln>
<vuln vid="ef87346f-5dd0-11f0-beb2-ac5afc632ba3">
<topic>Apache Tomcat -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>tomcat110</name>
<range><ge>11.0.0</ge><lt>11.0.9</lt></range>
</package>
<package>
<name>tomcat101</name>
<range><ge>10.1.0</ge><lt>10.1.43</lt></range>
</package>
<package>
<name>tomcat9</name>
<range><ge>9.0.0</ge><lt>9.0.107</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@apache.org reports:</p>
<blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00710.html">
<p>A race condition on connection close could trigger a JVM crash when using the
APR/Native connector leading to a DoS. This was particularly noticeable with client
initiated closes of HTTP/2 connections.</p>
</blockquote>
<blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00713.html">
<p>An uncontrolled resource consumption vulnerability if an HTTP/2 client did not
acknowledge the initial settings frame that reduces the maximum permitted
concurrent streams could result in a DoS.</p>
</blockquote>
<blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00714.html">
<p>For some unlikely configurations of multipart upload, an Integer Overflow
vulnerability could lead to a DoS via bypassing of size limits.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-52434</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-52434</url>
<cvename>CVE-2025-52520</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-52520</url>
<cvename>CVE-2025-53506</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-53506</url>
</references>
<dates>
<discovery>2025-07-10</discovery>
<entry>2025-07-10</entry>
<modified>2025-07-15</modified>
</dates>
</vuln>
<vuln vid="20823cc0-5d45-11f0-966e-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.1.0</ge><lt>18.1.2</lt></range>
<range><ge>18.0.0</ge><lt>18.0.4</lt></range>
<range><ge>13.3.0</ge><lt>17.11.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/">
<p>Cross-site scripting issue impacts GitLab CE/EE</p>
<p>Improper authorization issue impacts GitLab CE/EE</p>
<p>Improper authorization issue impacts GitLab EE</p>
<p>Improper authorization issue impacts GitLab EE</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6948</cvename>
<cvename>CVE-2025-3396</cvename>
<cvename>CVE-2025-4972</cvename>
<cvename>CVE-2025-6168</cvename>
<url>https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/</url>
</references>
<dates>
<discovery>2025-07-09</discovery>
<entry>2025-07-10</entry>
</dates>
</vuln>
<vuln vid="2a4472ed-5c0d-11f0-b991-291fce777db8">
<topic>git -- multiple vulnerabilities</topic>
<affects>
<package>
<name>git</name>
<name>git-cvs</name>
<name>git-gui</name>
<name>git-p4</name>
<name>git-svn</name>
<range><lt>2.50.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Git development team reports:</p>
<blockquote cite="https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g">
<p>CVE-2025-27613: Gitk:
When a user clones an untrusted repository and runs Gitk without
additional command arguments, any writable file can be created and
truncated. The option "Support per-file encoding" must have been
enabled. The operation "Show origin of this line" is affected as
well, regardless of the option being enabled or not.
</p>
<p>CVE-2025-27614: Gitk:
A Git repository can be crafted in such a way that a user who has
cloned the repository can be tricked into running any script
supplied by the attacker by invoking `gitk filename`, where
`filename` has a particular structure.
</p>
<p>CVE-2025-46835: Git GUI:
When a user clones an untrusted repository and is tricked into
editing a file located in a maliciously named directory in the
repository, then Git GUI can create and overwrite any writable
file.
</p>
<p>CVE-2025-48384: Git:
When reading a config value, Git strips any trailing carriage
return and line feed (CRLF). When writing a config entry, values
with a trailing CR are not quoted, causing the CR to be lost when
the config is later read. When initializing a submodule, if the
submodule path contains a trailing CR, the altered path is read
resulting in the submodule being checked out to an incorrect
location. If a symlink exists that points the altered path to the
submodule hooks directory, and the submodule contains an executable
post-checkout hook, the script may be unintentionally executed
after checkout.
</p>
<p>CVE-2025-48385: Git:
When cloning a repository Git knows to optionally fetch a bundle
advertised by the remote server, which allows the server-side to
offload parts of the clone to a CDN. The Git client does not
perform sufficient validation of the advertised bundles, which
allows the remote side to perform protocol injection.
This protocol injection can cause the client to write the fetched
bundle to a location controlled by the adversary. The fetched
content is fully controlled by the server, which can in the worst
case lead to arbitrary code execution.
</p>
<p>CVE-2025-48386: Git:
The wincred credential helper uses a static buffer (`target`) as a
unique key for storing and comparing against internal storage. This
credential helper does not properly bounds check the available
space remaining in the buffer before appending to it with
`wcsncat()`, leading to potential buffer overflows.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27613</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613</url>
<cvename>CVE-2025-27614</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614</url>
<cvename>CVE-2025-46835</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835</url>
<cvename>CVE-2025-48384</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384</url>
<cvename>CVE-2025-48385</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385</url>
<cvename>CVE-2025-48386</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48386</url>
</references>
<dates>
<discovery>2025-04-11</discovery>
<entry>2025-07-08</entry>
</dates>
</vuln>
<vuln vid="79251dc8-5bc5-11f0-834f-b42e991fc52e">
<topic>MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections</topic>
<affects>
<package>
<name>mongodb60</name>
<range><lt>6.0.23</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.20</lt></range>
</package>
<package>
<name>mongodb80</name>
<range><lt>8.0.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-106753">
<p>MongoDB Server&apos;s mongos component can become
unresponsive to new connections due to incorrect handling of
incomplete data. This affects MongoDB when configured with
load balancer support.
Required Configuration:
This affects MongoDB sharded clusters when configured with load
balancer support for mongos using HAProxy on specified ports.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6714</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6714</url>
</references>
<dates>
<discovery>2025-07-07</discovery>
<entry>2025-07-08</entry>
</dates>
</vuln>
<vuln vid="77dc1fc4-5bc5-11f0-834f-b42e991fc52e">
<topic>MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage</topic>
<affects>
<package>
<name>mongodb60</name>
<range><lt>6.0.22</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-106752">
<p>An unauthorized user may leverage a specially crafted
aggregation pipeline to access data without proper
authorization due to improper handling of the $mergeCursors
stage in MongoDB Server. This may lead to access to data
without further authorisation.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6713</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6713</url>
</references>
<dates>
<discovery>2025-07-07</discovery>
<entry>2025-07-08</entry>
</dates>
</vuln>
<vuln vid="764204eb-5bc5-11f0-834f-b42e991fc52e">
<topic>MongoDB -- may be susceptible to DoS due to Accumulated Memory Allocation</topic>
<affects>
<package>
<name>mongodb80</name>
<range><lt>8.0.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-106751">
<p>MongoDB Server may be susceptible to disruption caused by
high memory usage, potentially leading to server crash. This
condition is linked to inefficiencies in memory management
related to internal operations. In scenarios where certain
internal processes persist longer than anticipated, memory
consumption can increase, potentially impacting server
stability and availability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6712</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6712</url>
</references>
<dates>
<discovery>2025-07-07</discovery>
<entry>2025-07-08</entry>
</dates>
</vuln>
<vuln vid="72ddee1f-5bc5-11f0-834f-b42e991fc52e">
<topic>MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs</topic>
<affects>
<package>
<name>mongodb60</name>
<range><lt>6.0.21</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.18</lt></range>
</package>
<package>
<name>mongodb80</name>
<range><lt>8.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-98720">
<p>An issue has been identified in MongoDB Server where
unredacted queries may inadvertently appear in server logs
when certain error conditions are encountered.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6711</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6711</url>
</references>
<dates>
<discovery>2025-07-07</discovery>
<entry>2025-07-08</entry>
</dates>
</vuln>
<vuln vid="c0f3f54c-5bc4-11f0-834f-b42e991fc52e">
<topic>ModSecurity -- empty XML tag causes segmentation fault</topic>
<affects>
<package>
<name>ap24-mod_security</name>
<range><lt>2.9.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/commit/ecd7b9736836eee391d25f35d5bd06a3ce35a45d">
<p>ModSecurity is an open source, cross platform web application
firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8
to before 2.9.11, an empty XML tag can cause a segmentation fault.
If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request
type is application/xml, and at least one XML tag is empty (eg
&lt;foo&gt;&lt;/foo&gt;), then a segmentation fault occurs. This
issue has been patched in version 2.9.11. A workaround involves
setting SecParseXmlIntoArgs to Off.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-52891</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-52891</url>
</references>
<dates>
<discovery>2025-07-02</discovery>
<entry>2025-07-08</entry>
</dates>
</vuln>
<vuln vid="7b3e7f71-5b30-11f0-b507-000c295725e4">
<topic>redis,valkey -- DoS Vulnerability due to bad connection error handling</topic>
<affects>
<package>
<name>redis</name>
<range><ge>8.0.0</ge><lt>8.0.3</lt></range>
</package>
<package>
<name>redis74</name>
<range><ge>7.4.0</ge><lt>7.4.5</lt></range>
</package>
<package>
<name>redis72</name>
<range><ge>7.2.0</ge><lt>7.2.10</lt></range>
</package>
<package>
<name>redis62</name>
<range><ge>6.2.0</ge><lt>6.2.19</lt></range>
</package>
<package>
<name>valkey</name>
<range><lt>8.1.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>@julienperriercornet reports:</p>
<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq">
<p>
An unauthenticated connection can cause repeated IP
protocol errors, leading to client starvation and,
ultimately, a denial of service.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-48367</cvename>
<url>https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq</url>
</references>
<dates>
<discovery>2025-07-06</discovery>
<entry>2025-07-07</entry>
</dates>
</vuln>
<vuln vid="f11d0a69-5b2d-11f0-b507-000c295725e4">
<topic>redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE</topic>
<affects>
<package>
<name>redis</name>
<range><ge>8.0.0</ge><lt>8.0.3</lt></range>
</package>
<package>
<name>redis74</name>
<range><ge>7.4.0</ge><lt>7.4.5</lt></range>
</package>
<package>
<name>redis72</name>
<range><ge>7.2.0</ge><lt>7.2.10</lt></range>
</package>
<package>
<name>redis62</name>
<range><ge>6.2.0</ge><lt>6.2.19</lt></range>
</package>
<package>
<name>valkey</name>
<range><lt>8.1.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Seunghyun Lee reports:</p>
<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43">
<p>
An authenticated user may use a specially crafted string
to trigger a stack/heap out of bounds write on hyperloglog
operations, potentially leading to remote code execution.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-32023</cvename>
<url>https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43</url>
</references>
<dates>
<discovery>2025-07-06</discovery>
<entry>2025-07-07</entry>
</dates>
</vuln>
<vuln vid="4ea9cbc3-5b28-11f0-b507-000c295725e4">
<topic>redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE</topic>
<affects>
<package>
<name>redis</name>
<range><ge>8.0.0</ge><lt>8.0.2</lt></range>
</package>
<package>
<name>redis74</name>
<range><ge>7.4.0</ge><lt>7.4.4</lt></range>
</package>
<package>
<name>redis72</name>
<range><ge>7.2.0</ge><lt>7.2.9</lt></range>
</package>
<package>
<name>valkey</name>
<range><lt>8.1.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simcha Kosman &amp; CyberArk Labs reports:</p>
<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm">
<p>A user can run the {redis,valkeyu}-check-aof cli and pass
a long file path to trigger a stack buffer overflow, which
may potentially lead to remote code execution.</p>
<p></p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27151</cvename>
<url>https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm</url>
</references>
<dates>
<discovery>2025-05-28</discovery>
<entry>2025-07-07</entry>
</dates>
</vuln>
<vuln vid="7642ba72-5abf-11f0-87ba-002590c1f29c">
<topic>FreeBSD -- Use-after-free in multi-threaded xz decoder</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.2</ge><lt>14.2_4</lt></range>
<range><ge>13.5</ge><lt>13.5_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>A worker thread could free its input buffer after decoding,
while the main thread might still be writing to it. This leads to
an use-after-free condition on heap memory.</p>
<h1>Impact:</h1>
<p>An attacker may use specifically crafted .xz file to cause
multi-threaded xz decoder to crash, or potentially run arbitrary
code under the credential the decoder was executed.</p>
</body>
</description>
<references>
<cvename>CVE-2025-31115</cvename>
<freebsdsa>SA-25:06.xz</freebsdsa>
</references>
<dates>
<discovery>2025-07-02</discovery>
<entry>2025-07-06</entry>
</dates>
</vuln>
<vuln vid="69bfe2a4-5a39-11f0-8792-4ccc6adda413">
<topic>gstreamer1-plugins-bad -- stack buffer overflow in H.266 video parser</topic>
<affects>
<package>
<name>gstreamer1-plugins-bad</name>
<range><lt>1.26.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GStreamer Security Center reports:</p>
<blockquote cite="https://gstreamer.freedesktop.org/security/sa-2025-0007.html">
<p>It is possible for a malicious third party to trigger a buffer overflow that can
result in a crash of the application and possibly also allow code execution through
stack manipulation.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6663</cvename>
<url>https://gstreamer.freedesktop.org/security/sa-2025-0007.html</url>
</references>
<dates>
<discovery>2025-06-26</discovery>
<entry>2025-07-06</entry>
</dates>
</vuln>
<vuln vid="a55d2120-58cf-11f0-b4ad-b42e991fc52e">
<topic>firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>140.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764">
<p>An attacker was able to bypass the `connect-src`
directive of a Content Security Policy by manipulating
subdocuments. This would have also hidden the connections
from the Network tab in Devtools.</p>
<p>When Multi-Account Containers was enabled, DNS requests
could have bypassed a SOCKS proxy when the domain name was
invalid or the SOCKS proxy was not responding.</p>
<p>If a user visited a webpage with an invalid TLS
certificate, and granted an exception, the webpage was able to
provide a WebAuthn challenge that the user would be prompted
to complete. This is in violation of the WebAuthN spec which
requires &quot;a secure transport established without
errors&quot;.</p>
<p>The exception page for the HTTPS-Only feature, displayed
when a website is opened via HTTP, lacked an anti-clickjacking
delay, potentially allowing an attacker to trick a user into
granting an exception and loading a webpage over HTTP.</p>
<p>If a user saved a response from the Network tab in Devtools
using the Save As context menu option, that file may not have
been saved with the `.download` file extension.
This could have led to the user inadvertently running a
malicious executable.</p>
<p>Memory safety bugs present in Firefox 139 and Thunderbird
139. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could
have been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6427</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6427</url>
<cvename>CVE-2025-6432</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6432</url>
<cvename>CVE-2025-6433</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6433</url>
<cvename>CVE-2025-6434</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6434</url>
<cvename>CVE-2025-6435</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6435</url>
<cvename>CVE-2025-6436</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6436</url>
</references>
<dates>
<discovery>2025-06-24</discovery>
<entry>2025-07-04</entry>
</dates>
</vuln>
<vuln vid="9bad6f79-58cf-11f0-b4ad-b42e991fc52e">
<topic>firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>128.12.0,2</lt></range>
<range><lt>140.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971140">
<p>Firefox could have incorrectly parsed a URL and rewritten
it to the youtube.com domain when parsing the URL specified
in an `embed` tag. This could have bypassed website security
checks that restricted which domains users were allowed to
embed.</p>
<p>When a file download is specified via the
`Content-Disposition` header, that directive would be ignored
if the file was included via a `&amp;lt;embed&amp;gt;` or
`&amp;lt;object&amp;gt;` tag, potentially making a website
vulnerable to a cross-site scripting attack.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6429</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6429</url>
<cvename>CVE-2025-6430</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6430</url>
</references>
<dates>
<discovery>2025-06-24</discovery>
<entry>2025-07-04</entry>
</dates>
</vuln>
<vuln vid="9320590b-58cf-11f0-b4ad-b42e991fc52e">
<topic>Mozilla -- persistent UUID that identifies browser</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>140.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.25.0</lt></range>
<range><lt>128.12</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>140.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1717672">
<p>An attacker who enumerated resources from the WebCompat extension
could have obtained a persistent UUID that identified the browser,
and persisted between containers and normal/private browsing mode,
but not profiles. This vulnerability affects Firefox &lt; 140,
Firefox ESR &lt; 115.25, Firefox ESR &lt; 128.12, Thunderbird &lt;
140, and Thunderbird &lt; 128.12.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6425</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6425</url>
</references>
<dates>
<discovery>2025-06-24</discovery>
<entry>2025-07-04</entry>
</dates>
</vuln>
<vuln vid="d607b12c-5821-11f0-ab92-f02f7497ecda">
<topic>php -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>php81</name>
<range><lt>8.1.33</lt></range>
</package>
<package>
<name>php82</name>
<range><lt>8.2.29</lt></range>
</package>
<package>
<name>php83</name>
<range><lt>8.3.23</lt></range>
</package>
<package>
<name>php84</name>
<range><lt>8.4.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>php.net reports:</p>
<blockquote cite="https://www.php.net/ChangeLog-8.php">
<ul>
<li>
CVE-2025-1735: pgsql extension does not check for errors during escaping
</li>
<li>
CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
</li>
<li>
CVE-2025-1220: Null byte termination in hostnames
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1735</cvename>
<cvename>CVE-2025-6491</cvename>
<cvename>CVE-2025-1220</cvename>
</references>
<dates>
<discovery>2025-02-27</discovery>
<entry>2025-07-03</entry>
</dates>
</vuln>
<vuln vid="bab7386a-582f-11f0-97d0-b42e991fc52e">
<topic>Mozilla -- exploitable crash</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>140.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.25.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>140.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1966423">
<p>A use-after-free in FontFaceSet resulted in a potentially
exploitable crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6424</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6424</url>
</references>
<dates>
<discovery>2025-06-24</discovery>
<entry>2025-07-03</entry>
</dates>
</vuln>
<vuln vid="5c777f88-40ff-4e1e-884b-ad63dfb9bb15">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>138.0.7204.96</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>138.0.7204.96</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html">
<p>This update includes 1 security fix:</p>
<ul>
<li>[427663123] High CVE-2025-6554: Type Confusion in V8.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6554</cvename>
<url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html</url>
</references>
<dates>
<discovery>2025-06-30</discovery>
<entry>2025-07-02</entry>
</dates>
</vuln>
<vuln vid="9c91e1f8-f255-4b57-babe-2e385558f1dc">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>138.0.7204.49</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>138.0.7204.49</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html">
<p>This update includes 11 security fixes:</p>
<ul>
<li>[407328533] Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane (rebane2001) on 2025-03-30</li>
<li>[40062462] Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02</li>
<li>[406631048] Low CVE-2025-6557: Insufficient data validation in DevTools. Reported by Ameen Basha M K on 2025-03-27</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6555</cvename>
<cvename>CVE-2025-6556</cvename>
<cvename>CVE-2025-6557</cvename>
<url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html</url>
</references>
<dates>
<discovery>2025-06-24</discovery>
<entry>2025-07-02</entry>
</dates>
</vuln>
<vuln vid="24f4b495-56a1-11f0-9621-93abbef07693">
<topic>sudo -- privilege escalation vulnerability through host and chroot options</topic>
<affects>
<package>
<name>sudo</name>
<range><lt>1.9.17p1</lt></range>
</package>
<package>
<name>sudo-sssd</name>
<range><lt>1.9.17p1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit (CRU):</p>
<blockquote cite="https://www.sudo.ws/releases/stable/">
<p>Sudo 1.9.17p1:</p>
<ul>
<li>
Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host. For more information,
see Local Privilege Escalation via host option.
</li>
<li>
Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if they
are not listed in the sudoers file. The chroot support has been
deprecated an will be removed entirely in a future release. For
more information, see Local Privilege Escalation via chroot
option.
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-32462</cvename>
<cvename>CVE-2025-32463</cvename>
<url>https://www.sudo.ws/releases/stable/</url>
<url>https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host</url>
<url>https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-07-01</entry>
</dates>
</vuln>
<vuln vid="8df49466-5664-11f0-943a-18c04d5ea3dc">
<topic>xorg server -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>xorg-server</name>
<name>xephyr</name>
<name>xorg-vfbserver</name>
<range><lt>21.1.18,1</lt></range>
</package>
<package>
<name>xorg-nextserver</name>
<range><lt>21.1.18,2</lt></range>
</package>
<package>
<name>xwayland</name>
<range><lt>24.1.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The X.Org project reports:</p>
<blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html">
<ul>
<li>
CVE-2025-49176: Integer overflow in Big Requests Extension
<p>The Big Requests extension allows requests larger than the 16-bit length
limit.
It uses integers for the request length and checks for the size not to
exceed the maxBigRequestSize limit, but does so after translating the
length to integer by multiplying the given size in bytes by 4.
In doing so, it might overflow the integer size limit before actually
checking for the overflow, defeating the purpose of the test.</p>
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-49176</cvename>
<url>https://lists.x.org/archives/xorg/2025-June/062055.html</url>
</references>
<dates>
<discovery>2025-06-17</discovery>
<entry>2025-07-01</entry>
</dates>
</vuln>
<vuln vid="b14cabf7-5663-11f0-943a-18c04d5ea3dc">
<topic>xorg server -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>xorg-server</name>
<name>xephyr</name>
<name>xorg-vfbserver</name>
<range><lt>21.1.17,1</lt></range>
</package>
<package>
<name>xorg-nextserver</name>
<range><lt>21.1.17,2</lt></range>
</package>
<package>
<name>xwayland</name>
<range><lt>24.1.7,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The X.Org project reports:</p>
<blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html">
<ul>
<li>
CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors)
<p>The X Rendering extension allows creating animated cursors providing a
list of cursors.
By default, the Xserver assumes at least one cursor is provided while a
client may actually pass no cursor at all, which causes an out-of-bound
read creating the animated cursor and a crash of the Xserver.</p>
</li>
<li>
CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)
<p>The handler of XFixesSetClientDisconnectMode does not check the client
request length.
A client could send a shorter request and read data from a former
request.</p>
</li>
<li>
CVE-2025-49178: Unprocessed client request via bytes to ignore
<p>When reading requests from the clients, the input buffer might be shared
and used between different clients.
If a given client sends a full request with non-zero bytes to ignore,
the bytes to ignore may still be non-zero even though the request is
full, in which case the buffer could be shared with another client who's
request will not be processed because of those bytes to ignore, leading
to a possible hang of the other client request.</p>
</li>
<li>
CVE-2025-49179: Integer overflow in X Record extension
<p>The RecordSanityCheckRegisterClients() function in the X Record extension
implementation of the Xserver checks for the request length, but does not
check for integer overflow.
A client might send a very large value for either the number of clients
or the number of protocol ranges that will cause an integer overflow in
the request length computation, defeating the check for request length.</p>
</li>
<li>
CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty)
<p>A client might send a request causing an integer overflow when computing
the total size to allocate in RRChangeProviderProperty().</p>
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-49175</cvename>
<cvename>CVE-2025-49177</cvename>
<cvename>CVE-2025-49178</cvename>
<cvename>CVE-2025-49179</cvename>
<cvename>CVE-2025-49180</cvename>
<url>https://lists.x.org/archives/xorg/2025-June/062055.html</url>
</references>
<dates>
<discovery>2025-06-17</discovery>
<entry>2025-07-01</entry>
</dates>
</vuln>
<vuln vid="6b1b8989-55b0-11f0-ac64-589cfc10a551">
<topic>podman -- TLS connection used to pull VM images was not validated</topic>
<affects>
<package>
<name>podman</name>
<range><lt>5.5.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>RedHat, Inc. reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6032">
<p>A flaw was found in Podman. The podman machine init command fails to verify the TLS
certificate when downloading the VM images from an OCI registry. This issue results
in a Man In The Middle attack.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6032</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6032</url>
</references>
<dates>
<discovery>2025-06-30</discovery>
<entry>2025-06-30</entry>
</dates>
</vuln>
<vuln vid="5e64770c-52aa-11f0-b522-b42e991fc52e">
<topic>MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior</topic>
<affects>
<package>
<name>mongodb60</name>
<range><lt>6.0.21</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.17</lt></range>
</package>
<package>
<name>mongodb80</name>
<range><lt>8.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-106746">
<p>An authenticated user may trigger a use after free that may result
in MongoDB Server crash and other unexpected behavior, even if the
user does not have authorization to shut down a server. The crash
is triggered on affected versions by issuing an aggregation framework
operation using a specific combination of rarely-used aggregation
pipeline expressions. This issue affects MongoDB Server v6.0 version
prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and
MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is
enabled.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6706</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6706</url>
</references>
<dates>
<discovery>2025-06-26</discovery>
<entry>2025-06-26</entry>
</dates>
</vuln>
<vuln vid="5cd2bd2b-52aa-11f0-b522-b42e991fc52e">
<topic>MongoDB -- Race condition in privilege cache invalidation cycle</topic>
<affects>
<package>
<name>mongodb50</name>
<range><lt>5.0.31</lt></range>
</package>
<package>
<name>mongodb60</name>
<range><lt>6.0.24</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.21</lt></range>
</package>
<package>
<name>mongodb80</name>
<range><lt>8.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVD reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6707">
<p>Under certain conditions, an authenticated user request
may execute with stale privileges following an intentional
change by an authorized administrator.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6707</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6707</url>
</references>
<dates>
<discovery>2025-06-26</discovery>
<entry>2025-06-26</entry>
</dates>
</vuln>
<vuln vid="5b87eef6-52aa-11f0-b522-b42e991fc52e">
<topic>MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server&apos;s OIDC Authentication</topic>
<affects>
<package>
<name>mongodb60</name>
<range><lt>6.0.21</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.17</lt></range>
</package>
<package>
<name>mongodb80</name>
<range><lt>8.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVD reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6709">
<p>The MongoDB Server is susceptible to a denial of service
vulnerability due to improper handling of specific date
values in JSON input when using OIDC authentication.
This can be reproduced using the mongo shell to send a
malicious JSON payload leading to an invariant failure
and server crash. </p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6709</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6709</url>
</references>
<dates>
<discovery>2025-06-26</discovery>
<entry>2025-06-26</entry>
</dates>
</vuln>
<vuln vid="59ed4b19-52aa-11f0-b522-b42e991fc52e">
<topic>MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB</topic>
<affects>
<package>
<name>mongodb70</name>
<range><lt>7.0.17</lt></range>
</package>
<package>
<name>mongodb80</name>
<range><lt>8.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-106749">
<p>MongoDB Server may be susceptible to stack overflow due to JSON
parsing mechanism, where specifically crafted JSON inputs may induce
unwarranted levels of recursion, resulting in excessive stack space
consumption. Such inputs can lead to a stack overflow that causes
the server to crash which could occur pre-authorisation. This issue
affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB
Server v8.0 versions prior to 8.0.5.
The same issue affects MongoDB Server v6.0 versions prior to 6.0.21,
but an attacker can only induce denial of service after authenticating.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6710</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-6710</url>
</references>
<dates>
<discovery>2025-06-26</discovery>
<entry>2025-06-26</entry>
</dates>
</vuln>
<vuln vid="e26608ff-5266-11f0-b522-b42e991fc52e">
<topic>kanboard -- Password Reset Poisoning via Host Header Injection</topic>
<affects>
<package>
<name>kanboard</name>
<range><lt>1.2.45</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GitHub Security Advisories reports:</p>
<blockquote cite="null">
<p>
Kanboard allows password reset emails to be sent with URLs
derived from the unvalidated Host header when the
application_url configuration is unset (default behavior).
This allows an attacker to craft a malicious password
reset link that leaks the token to an attacker-controlled
domain. If a victim (including an administrator) clicks
the poisoned link, their account can be taken over. This
affects all users who initiate a password reset while
application_url is not set.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-52560</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-52560</url>
</references>
<dates>
<discovery>2025-06-26</discovery>
<entry>2025-06-26</entry>
</dates>
</vuln>
<vuln vid="d45dabd9-5232-11f0-9ca4-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.1.0</ge><lt>18.1.1</lt></range>
<range><ge>18.0.0</ge><lt>18.0.3</lt></range>
<range><ge>16.10.0</ge><lt>17.11.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/">
<p>Denial of Service impacts GitLab CE/EE</p>
<p>Missing Authentication issue impacts GitLab CE/EE</p>
<p>Improper access control issue impacts GitLab CE/EE</p>
<p>Elevation of Privilege impacts GitLab CE/EE</p>
<p>Improper access control issue impacts GitLab EE</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3279</cvename>
<cvename>CVE-2025-1754</cvename>
<cvename>CVE-2025-5315</cvename>
<cvename>CVE-2025-2938</cvename>
<cvename>CVE-2025-5846</cvename>
<url>https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/</url>
</references>
<dates>
<discovery>2025-06-25</discovery>
<entry>2025-06-26</entry>
</dates>
</vuln>
<vuln vid="03ba1cdd-4faf-11f0-af06-00a098b42aeb">
<topic>cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability</topic>
<affects>
<package>
<name>openh264</name>
<range><lt>2.5.1,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cisco reports:</p>
<blockquote cite="https://github.com/cisco/openh264/releases/tag/2.5.1">
<p>A vulnerability in the decoding functions
of OpenH264 codec library could allow a remote, unauthenticated
attacker to trigger a heap overflow. This vulnerability is due to
a race condition between a Sequence Parameter Set (SPS) memory
allocation and a subsequent non Instantaneous Decoder Refresh
(non-IDR) Network Abstraction Layer (NAL) unit memory usage. An
attacker could exploit this vulnerability by crafting a malicious
bitstream and tricking a victim user into processing an arbitrary
video containing the malicious bistream. An exploit could allow
the attacker to cause an unexpected crash in the victim's user
decoding client and, possibly, perform arbitrary commands on the
victim's host by abusing the heap overflow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27091</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-27091</url>
</references>
<dates>
<discovery>2025-02-20</discovery>
<entry>2025-06-22</entry>
</dates>
</vuln>
<vuln vid="6c6c1507-4da5-11f0-afcc-f02f7432cf97">
<topic>clamav -- ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability</topic>
<affects>
<package>
<name>clamav</name>
<range><ge>1.2.0,1</ge><lt>1.4.3,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cisco reports:</p>
<blockquote cite="https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html">
<p>A vulnerability in Universal Disk Format (UDF) processing of ClamAV
could allow an unauthenticated, remote attacker to cause a denial
of service (DoS) condition on an affected device.
This vulnerability is due to a memory overread during UDF file
scanning. An attacker could exploit this vulnerability by submitting
a crafted file containing UDF content to be scanned by ClamAV on
an affected device. A successful exploit could allow the attacker
to terminate the ClamAV scanning process, resulting in a DoS condition
on the affected software. For a description of this vulnerability,
see the .</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-20234</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-20234</url>
</references>
<dates>
<discovery>2025-06-18</discovery>
<entry>2025-06-20</entry>
</dates>
</vuln>
<vuln vid="3dcc0812-4da5-11f0-afcc-f02f7432cf97">
<topic>clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability</topic>
<affects>
<package>
<name>clamav</name>
<range><lt>1.4.3,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cisco reports:</p>
<blockquote cite="https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html">
<p>A vulnerability in the PDF scanning processes of ClamAV could allow
an unauthenticated, remote attacker to cause a buffer overflow
condition, cause a denial of service (DoS) condition, or execute
arbitrary code on an affected device.
This vulnerability exists because memory buffers are allocated
incorrectly when PDF files are processed. An attacker could exploit
this vulnerability by submitting a crafted PDF file to be scanned
by ClamAV on an affected device. A successful exploit could allow
the attacker to trigger a buffer overflow, likely resulting in the
termination of the ClamAV scanning process and a DoS condition on
the affected software. Although unproven, there is also a possibility
that an attacker could leverage the buffer overflow to execute
arbitrary code with the privileges of the ClamAV process.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-20260</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-20260</url>
</references>
<dates>
<discovery>2025-06-18</discovery>
<entry>2025-06-20</entry>
</dates>
</vuln>
<vuln vid="333b4663-4cde-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>137.0.7151.119</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>137.0.7151.119</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[420697404] High CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27</li>
<li>[421471016] High CVE-2025-6192: Use after free in Profiler. Reported by Chaoyuan Peng (@ret2happy) on 2025-05-31</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-6191</cvename>
<cvename>CVE-2025-6192</cvename>
<url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html</url>
</references>
<dates>
<discovery>2025-06-17</discovery>
<entry>2025-06-19</entry>
</dates>
</vuln>
<vuln vid="fc2d2fb8-4c83-11f0-8deb-f8f21e52f724">
<topic>Navidrome -- SQL Injection via role parameter</topic>
<affects>
<package>
<name>navidrome</name>
<range><gt>0.55.0</gt><lt>0.56.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Deluan reports:</p>
<blockquote cite="https://github.com/navidrome/navidrome/security/advisories/GHSA-5wgp-vjxm-3x2r">
<p>This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-48949</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-48949</url>
</references>
<dates>
<discovery>2025-05-29</discovery>
<entry>2025-06-18</entry>
</dates>
</vuln>
<vuln vid="6548cb01-4c33-11f0-8a97-6c3be5272acd">
<topic>Grafana -- DingDing contact points exposed in Grafana Alerting</topic>
<affects>
<package>
<name>grafana</name>
<range><lt>10.4.19+security-01</lt></range>
<range><ge>11.0.0</ge><lt>11.2.10+security-01</lt></range>
<range><ge>11.3.0</ge><lt>11.3.7+security-01</lt></range>
<range><ge>11.4.0</ge><lt>11.4.5+security-01</lt></range>
<range><ge>11.5.0</ge><lt>11.5.5+security-01</lt></range>
<range><ge>11.6.0</ge><lt>11.6.2+security-01</lt></range>
<range><ge>12.0.0</ge><lt>12.0.1+security-01</lt></range>
</package>
<package>
<name>grafana8</name>
<range><ge>8.0.0</ge></range>
</package>
<package>
<name>grafana9</name>
<range><ge>9.0.0</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/">
<p>An incident occurred where the DingDing alerting integration URL
was inadvertently exposed to viewers due to a setting oversight,
which we learned about through a <a href="https://grafana.com/blog/2023/05/04/introducing-the-grafana-labs-bug-bounty-program/">bug bounty report</a>.</p>
<p>The CVSS 3.0 score for this vulnerability is 4.3 (Medium).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3415</cvename>
<url>https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/</url>
</references>
<dates>
<discovery>2025-04-05</discovery>
<entry>2025-06-18</entry>
</dates>
</vuln>
<vuln vid="ee046f5d-37a8-11f0-baaa-6c3be5272acd">
<topic>Grafana -- User deletion issue</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>5.4.0</ge><lt>10.4.18+security-01</lt></range>
<range><ge>11.0.0</ge><lt>11.2.9+security-01</lt></range>
<range><ge>11.3.0</ge><lt>11.3.6+security-01</lt></range>
<range><ge>11.4.0</ge><lt>11.4.4+security-01</lt></range>
<range><ge>11.5.0</ge><lt>11.5.4+security-01</lt></range>
<range><ge>11.6.0</ge><lt>11.6.1+security-01</lt></range>
<range><ge>12.0.0</ge><lt>12.0.0+security-01</lt></range>
</package>
<package>
<name>grafana8</name>
<range><ge>8.0.0</ge></range>
</package>
<package>
<name>grafana9</name>
<range><ge>9.0.0</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/">
<p>On April 15, we discovered a vulnerability that stems from the user
deletion logic associated with organization administrators.
An organization admin could remove any user from the specific
organization they manage. Additionally, they have the power to delete
users entirely from the system if they have no other org membership.
This leads to two situations:</p>
<ol>
<li>They can delete a server admin if the organization
the Organization Admin manages is the server admin’s final
organizational membership.</li>
<li>They can delete any user (regardless of whether they are a server
admin or not) if that user currently belongs to no organizations.</li>
</ol>
<p>These two situations allow an organization manager to disrupt
instance-wide activity by continually deleting server administrators
if there is only one organization or if the server administrators are
not part of any organization.</p>
<p>The CVSS score for this vulnerability is 5.5 Medium.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3580</cvename>
<url>https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/</url>
</references>
<dates>
<discovery>2025-04-15</discovery>
<entry>2025-05-23</entry>
</dates>
</vuln>
<vuln vid="b704d4b8-4b87-11f0-9605-b42e991fc52e">
<topic>Firefox -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>139.0.4,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1970095">
<p>CVE-2025-49709: Certain canvas operations could have lead
to memory corruption.</p>
<p>CVE-2025-49710: An integer overflow was present in
`OrderedHashTable` used by the JavaScript engine.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-49709</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-49709</url>
<cvename>CVE-2025-49710</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-49710</url>
</references>
<dates>
<discovery>2025-06-11</discovery>
<entry>2025-06-17</entry>
</dates>
</vuln>
<vuln vid="e3d6d485-c93c-4ada-90b3-09f1c454fb8a">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>137.0.7151.103</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>137.0.7151.103</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[$8000][420150619] High CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25</li>
<li>[NA][422313191] High CVE-2025-5959: Type Confusion in V8. Reported by Seunghyun Lee as part of TyphoonPWN 2025 on 2025-06-04</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5958</cvename>
<cvename>CVE-2025-5959</cvename>
<url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html</url>
</references>
<dates>
<discovery>2025-06-10</discovery>
<entry>2025-06-17</entry>
</dates>
</vuln>
<vuln vid="4323e86c-2422-4fd7-8c8f-ec71c81ea7dd">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>137.0.7151.68</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>137.0.7151.68</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[420636529] High CVE-2025-5419: Out of bounds read and write in V8. Reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28 by a configuration change pushed out to Stable across all Chrome platforms.</li>
<li>[409059706] Medium CVE-2025-5068: Use after free in Blink. Reported by Walkman on 2025-04-07</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5419</cvename>
<cvename>CVE-2025-5068</cvename>
<url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2025-06-02</discovery>
<entry>2025-06-17</entry>
</dates>
</vuln>
<vuln vid="201cccc1-4a01-11f0-b0f8-b42e991fc52e">
<topic>Mozilla -- control access bypass</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.10</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1917536">
<p>Thunderbird&apos;s update mechanism allowed a medium-integrity user
process to interfere with the SYSTEM-level updater by manipulating
the file-locking behavior. By injecting code into the user-privileged
process, an attacker could bypass intended access controls, allowing
SYSTEM-level file operations on paths controlled by a non-privileged
user and enabling privilege escalation. This vulnerability affects
Firefox &lt; 138, Firefox ESR &lt; 128.10, Firefox ESR &lt; 115.23,
Thunderbird &lt; 138, and Thunderbird &lt; 128.10.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2817</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-2817</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-06-15</entry>
</dates>
</vuln>
<vuln vid="805ad2e0-49da-11f0-87e8-bcaec55be5e5">
<topic>webmin -- CGI Command Injection Remote Code Execution</topic>
<affects>
<package>
<name>webmin</name>
<range><le>2.105</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Webmin reports:</p>
<blockquote cite="https://webmin.com/security/">
<p>A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12828</cvename>
<url>https://webmin.com/security/</url>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-12828</url>
</references>
<dates>
<discovery>2024-12-30</discovery>
<entry>2025-06-15</entry>
</dates>
</vuln>
<vuln vid="9449f018-84a3-490d-959f-38c05fbc77a7">
<topic>Yelp -- arbitrary file read</topic>
<affects>
<package>
<name>yelp-xsl</name>
<range><lt>42.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>secalert@redhat.com reports:</p>
<blockquote cite="https://access.redhat.com/errata/RHSA-2025:4450">
<p>A flaw was found in Yelp. The Gnome user help application allows
the help document to execute arbitrary scripts. This vulnerability
allows malicious users to input help documents, which may exfiltrate
user files to an external environment.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3155</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3155</url>
</references>
<dates>
<discovery>2025-04-03</discovery>
<entry>2025-06-14</entry>
</dates>
</vuln>
<vuln vid="0e200a73-289a-489e-b405-40b997911036">
<topic>Yelp -- arbitrary file read</topic>
<affects>
<package>
<name>yelp</name>
<range><lt>42.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>secalert@redhat.com reports:</p>
<blockquote cite="https://access.redhat.com/errata/RHSA-2025:4450">
<p>A flaw was found in Yelp. The Gnome user help application allows
the help document to execute arbitrary scripts. This vulnerability
allows malicious users to input help documents, which may exfiltrate
user files to an external environment.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3155</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3155</url>
</references>
<dates>
<discovery>2025-04-03</discovery>
<entry>2025-06-14</entry>
</dates>
</vuln>
<vuln vid="ae028662-475e-11f0-9ca4-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.0.0</ge><lt>18.0.2</lt></range>
<range><ge>17.11.0</ge><lt>17.11.4</lt></range>
<range><ge>2.1.0</ge><lt>17.10.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/">
<p>HTML injection impacts GitLab CE/EE</p>
<p>Cross-site scripting issue impacts GitLab CE/EE</p>
<p>Missing authorization issue impacts GitLab Ultimate EE</p>
<p>Denial of Service impacts GitLab CE/EE</p>
<p>Denial of Service via unbounded Webhook token names impacts GitLab CE/EE</p>
<p>Denial of Service via unbounded Board Names impacts GitLab CE/EE</p>
<p>Information disclosure issue impacts GitLab CE/EE</p>
<p>Denial of Service (DoS) via uncontrolled HTTP Response Processing impacts GitLab CE/EE</p>
<p>Information disclosure via authorization bypass impacts GitLab CE/EE</p>
<p>Sensitive information disclosure via Group IP restriction bypass</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4278</cvename>
<cvename>CVE-2025-2254</cvename>
<cvename>CVE-2025-5121</cvename>
<cvename>CVE-2025-0673</cvename>
<cvename>CVE-2025-1516</cvename>
<cvename>CVE-2025-1478</cvename>
<cvename>CVE-2024-9512</cvename>
<cvename>CVE-2025-5996</cvename>
<cvename>CVE-2025-5195</cvename>
<cvename>CVE-2025-5982</cvename>
<url>https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/</url>
</references>
<dates>
<discovery>2025-06-11</discovery>
<entry>2025-06-12</entry>
</dates>
</vuln>
<vuln vid="2a220a73-4759-11f0-a44a-6cc21735f730">
<topic>PostgreSQL JDBC library -- Improper Authentication</topic>
<affects>
<package>
<name>postgresql-jdbc</name>
<range><lt>42.7.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL JDBC Driver project reports:</p>
<blockquote cite="https://jdbc.postgresql.org/changelogs/2025-06-11-42">
<p>
Client Allows Fallback to Insecure Authentication Despite
channelBinding=require configuration. Fix channel binding
required handling to reject non-SASL authentication Previously,
when channel binding was set to "require", the driver
would silently ignore this requirement for non-SASL
authentication methods. This could lead to a false sense of
security when channel binding was explicitly requested but not
actually enforced. The fix ensures that when channel binding is
set to "require", the driver will reject connections that use
non-SASL authentication methods or when SASL authentication has
not completed properly.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-49146</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-49146</url>
</references>
<dates>
<discovery>2025-06-12</discovery>
<entry>2025-06-12</entry>
</dates>
</vuln>
<vuln vid="fa1d42c8-42fe-11f0-a9fa-b42e991fc52e">
<topic>ModSecurity -- possible DoS vulnerability</topic>
<affects>
<package>
<name>ap24-mod_security</name>
<range><lt>2.9.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e">
<p>
ModSecurity is an open source, cross platform web
application firewall (WAF) engine for Apache, IIS
and Nginx. Versions prior to 2.9.10 contain a denial of
service vulnerability similar to
GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg`
(and `sanitizeArg` - this is the same action but an
alias) is vulnerable to adding an excessive number
of arguments, thereby leading to denial of service.
Version 2.9.10 fixes the issue. As a workaround, avoid
using rules that contain the `sanitiseArg` (or
`sanitizeArg`) action.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-48866</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-48866</url>
</references>
<dates>
<discovery>2025-06-02</discovery>
<entry>2025-06-06</entry>
</dates>
</vuln>
<vuln vid="ecea70d2-42fe-11f0-a9fa-b42e991fc52e">
<topic>ModSecurity -- possible DoS vulnerability</topic>
<affects>
<package>
<name>ap24-mod_security</name>
<range><lt>2.9.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/pull/3389">
<p>ModSecurity is an open source, cross platform web
application firewall (WAF) engine for Apache, IIS and Nginx.
Versions up to and including 2.9.8 are vulnerable to denial
of service in one special case (in stable released versions):
when the payload&apos;s content type is `application/json`,
and there is at least one rule which does a
`sanitiseMatchedBytes` action. A patch is available at
pull request 3389 and expected to be part of version 2.9.9.
No known workarounds are available.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-47947</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-47947</url>
</references>
<dates>
<discovery>2025-05-21</discovery>
<entry>2025-06-06</entry>
</dates>
</vuln>
<vuln vid="63268efe-4222-11f0-976e-b42e991fc52e">
<topic>Mozilla -- clickjacking vulnerability</topic>
<affects>
<package>
<name>firefox-esr</name>
<range><lt>128.11.0</lt></range>
</package>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1954137">
<p>A clickjacking vulnerability could have been used to trick a user
into leaking saved payment card details to a malicious page.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5267</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5267</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-06-05</entry>
</dates>
</vuln>
<vuln vid="61be5684-4222-11f0-976e-b42e991fc52e">
<topic>Mozilla -- XS-leak attack</topic>
<affects>
<package>
<name>firefox-esr</name>
<range><lt>128.11.0</lt></range>
</package>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1965628">
<p>Script elements loading cross-origin resources generated load and
error events which leaked information enabling XS-Leaks attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5266</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5266</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-06-05</entry>
</dates>
</vuln>
<vuln vid="5ec0b4e5-4222-11f0-976e-b42e991fc52e">
<topic>Mozilla -- local code execution</topic>
<affects>
<package>
<name>firefox-esr</name>
<range><lt>115.24.0</lt></range>
</package>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1950001">
<p>Due to insufficient escaping of the newline character in the Copy
as cURL feature, an attacker could trick a user into using this
command, potentially leading to local code execution on the user&apos;s
system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5264</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5264</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-06-05</entry>
</dates>
</vuln>
<vuln vid="5d1e56dc-4222-11f0-976e-b42e991fc52e">
<topic>Mozilla -- cross-origin leak attack</topic>
<affects>
<package>
<name>firefox-esr</name>
<range><lt>115.24.0</lt></range>
</package>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1960745">
<p>Error handling for script execution was incorrectly isolated from
web content, which could have allowed cross-origin leak attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5263</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5263</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-06-05</entry>
</dates>
</vuln>
<vuln vid="5759c6e2-410a-11f0-a945-b42e991fc52e">
<topic>Chrome -- Out of bounds read</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>137.0.7151.68</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>chrome-cve-admin@google.com reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html">
<p>Out of bounds read and write in V8 in Google Chrome prior
to 137.0.7151.68 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page.
(Chromium security severity: High)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5419</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5419</url>
</references>
<dates>
<discovery>2025-06-03</discovery>
<entry>2025-06-04</entry>
</dates>
</vuln>
<vuln vid="8c94ae2a-06f5-4383-9a7f-1211cb0dd476">
<topic>electron{34,35,36} -- Out of bounds read and write in V8</topic>
<affects>
<package>
<name>electron34</name>
<range><lt>34.5.8</lt></range>
</package>
<package>
<name>electron35</name>
<range><lt>35.5.1</lt></range>
</package>
<package>
<name>electron36</name>
<range><lt>36.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v35.5.1">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2025-5419.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5419</cvename>
<url>https://github.com/advisories/GHSA-x828-wp24-7h9m</url>
</references>
<dates>
<discovery>2025-06-04</discovery>
<entry>2025-06-04</entry>
<modified>2025-06-04</modified>
</dates>
</vuln>
<vuln vid="0d6094a2-4095-11f0-8c92-00d861a0e66d">
<topic>Post-Auth Remote Code Execution found in Roundcube Webmail</topic>
<affects>
<package>
<name>roundcube-php81</name>
<range><lt>1.6.11</lt></range>
</package>
<package>
<name>roundcube-php82</name>
<range><lt>1.6.11</lt></range>
</package>
<package>
<name>roundcube-php83</name>
<range><lt>1.6.11</lt></range>
</package>
<package>
<name>roundcube-php84</name>
<range><lt>1.6.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Roundcube Webmail reports:</p>
<blockquote cite="https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10">
<p>Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-49113</cvename>
<url>https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10</url>
</references>
<dates>
<discovery>2025-06-01</discovery>
<entry>2025-06-03</entry>
</dates>
</vuln>
<vuln vid="dc99c67a-3fc9-11f0-a39d-b42e991fc52e">
<topic>Gimp -- GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</topic>
<affects>
<package>
<name>gimp</name>
<range><lt>3.0.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>zdi-disclosures@trendmicro.com reports:</p>
<blockquote cite="https://www.zerodayinitiative.com/advisories/ZDI-25-204/">
<p>GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability. This vulnerability allows remote attackers to execute
arbitrary code on affected installations of GIMP. User interaction
is required to exploit this vulnerability in that the target must
visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FLI files. The issue
results from the lack of proper validation of user-supplied data,
which can result in a write past the end of an allocated buffer.
An attacker can leverage this vulnerability to execute code in the
context of the current process. Was ZDI-CAN-25100.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2761</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-2761</url>
</references>
<dates>
<discovery>2025-04-23</discovery>
<entry>2025-06-02</entry>
</dates>
</vuln>
<vuln vid="da0a4374-3fc9-11f0-a39d-b42e991fc52e">
<topic>Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability</topic>
<affects>
<package>
<name>gimp</name>
<range><lt>3.0.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>zdi-disclosures@trendmicro.com reports:</p>
<blockquote cite="https://www.zerodayinitiative.com/advisories/ZDI-25-203/">
<p>GIMP XWD File Parsing Integer Overflow Remote Code Execution
Vulnerability. This vulnerability allows remote attackers to execute
arbitrary code on affected installations of GIMP. User interaction
is required to exploit this vulnerability in that the target must
visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue
results from the lack of proper validation of user-supplied data,
which can result in an integer overflow before allocating a buffer.
An attacker can leverage this vulnerability to execute code in the
context of the current process. Was ZDI-CAN-25082.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2760</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-2760</url>
</references>
<dates>
<discovery>2025-04-23</discovery>
<entry>2025-06-02</entry>
</dates>
</vuln>
<vuln vid="533b4470-3f25-11f0-b440-f02f7432cf97">
<topic>curl -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>curl</name>
<range><ge>8.5.0</ge><lt>8.14.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>curl security team reports:</p>
<blockquote cite="https://curl.se/docs/security.html">
<p>CVE-2025-5025: No QUIC certificate pinning with wolfSSL</p>
<p>CVE-2025-4947: QUIC certificate check skip with wolfSSL</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5025</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5025</url>
<cvename>CVE-2025-4947</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4947</url>
</references>
<dates>
<discovery>2025-05-28</discovery>
<entry>2025-06-01</entry>
</dates>
</vuln>
<vuln vid="2926c487-3e53-11f0-95d4-00a098b42aeb">
<topic>libxml2 -- Out-of-bounds memory access</topic>
<affects>
<package>
<name>py39-libxml2</name>
<name>py310-libxml2</name>
<name>py311-libxml2</name>
<name>py312-libxml2</name>
<range><lt>2.11.9_3</lt></range>
<range><ge>2.12.0</ge><lt>2.13.8</lt></range>
<range><ge>2.14.0</ge><lt>2.14.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://gitlab.gnome.org/GNOME/libxml2/-/issues/889">
<p>In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds
memory access can occur in the Python API (Python bindings) because
of an incorrect return value. This occurs in xmlPythonFileRead and
xmlPythonFileReadRaw because of a difference between bytes and
characters.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-32414</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-32414</url>
</references>
<dates>
<discovery>2025-04-08</discovery>
<entry>2025-05-31</entry>
</dates>
</vuln>
<vuln vid="fdd02be0-3e50-11f0-95d4-00a098b42aeb">
<topic>libxml2 -- Stack-based Buffer Overflow</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.11.9_1</lt></range>
<range><ge>2.12.0</ge><lt>2.12.10</lt></range>
<range><ge>2.13.0</ge><lt>2.13.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://gitlab.gnome.org/GNOME/libxml2/-/issues/847">
<p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based
buffer overflow in xmlSnprintfElements in valid.c. To exploit this,
DTD validation must occur for an untrusted document or untrusted
DTD. NOTE: this is similar to CVE-2017-9047.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-24928</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-24928</url>
</references>
<dates>
<discovery>2025-02-18</discovery>
<entry>2025-05-31</entry>
</dates>
</vuln>
<vuln vid="bd2af307-3e50-11f0-95d4-00a098b42aeb">
<topic>libxml2 -- Use After Free</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.11.9_1</lt></range>
<range><ge>2.12.0</ge><lt>2.12.10</lt></range>
<range><ge>2.13.0</ge><lt>2.13.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://gitlab.gnome.org/GNOME/libxml2/-/issues/828">
<p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free
in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in
xmlschemas.c. To exploit this, a crafted XML document must be
validated against an XML schema with certain identity constraints,
or a crafted XML schema must be used.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-56171</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-56171</url>
</references>
<dates>
<discovery>2025-02-18</discovery>
<entry>2025-05-31</entry>
</dates>
</vuln>
<vuln vid="25acd603-3dde-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>137.0.7151.55</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>137.0.7151.55</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html">
<p>This update includes 11 security fixes:</p>
<ul>
<li>[411573532] High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18</li>
<li>[417169470] High CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car] on 2025-05-12</li>
<li>[40058068] Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-29</li>
<li>[40059071] Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. Reported by NDevTK on 2022-03-11</li>
<li>[356658477] Medium CVE-2025-5066: Inappropriate implementation in Messages. Reported by Mohit Raj (shadow2639) on 2024-07-31</li>
<li>[417215501] Medium CVE-2025-5281: Inappropriate implementation in BFCache. Reported by Jesper van den Ende (Pelican Party Studios) on 2025-05-12</li>
<li>[419467315] Medium CVE-2025-5283: Use after free in libvpx. Reported by Mozilla on 2025-05-22</li>
<li>[40075024] Low CVE-2025-5067: Inappropriate implementation in Tab Strip. Reported by Khalil Zhani on 2023-10-17</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5063</cvename>
<cvename>CVE-2025-5280</cvename>
<cvename>CVE-2025-5064</cvename>
<cvename>CVE-2025-5065</cvename>
<cvename>CVE-2025-5066</cvename>
<cvename>CVE-2025-5281</cvename>
<cvename>CVE-2025-5283</cvename>
<cvename>CVE-2025-5067</cvename>
<url>https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-31</entry>
</dates>
</vuln>
<vuln vid="4864aec7-3d80-11f0-9a55-b42e991fc52e">
<topic>Chrome -- Heap corruption exploitation</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>137.0.7151.55</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>chrome-cve-admin@google.com reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html">
<p>Use after free in Compositing in Google Chrome prior to
137.0.7151.55 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page.
(Chromium security severity: High)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5063</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5063</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-30</entry>
</dates>
</vuln>
<vuln vid="a6e1b7ee-3d7c-11f0-9a55-b42e991fc52e">
<topic>Mozilla -- memory corruption</topic>
<affects>
<package>
<name>firefox-esr</name>
<range><lt>128.11.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.11.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1924108">
<p>Memory safety bug present in Firefox ESR 128.10, and
Thunderbird 128.10.
This bug showed evidence of memory corruption and we presume
that with enough effort this could have been exploited to run
arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5269</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5269</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-30</entry>
</dates>
</vuln>
<vuln vid="a5b553e5-3d7c-11f0-9a55-b42e991fc52e">
<topic>Mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.11</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634">
<p>Memory safety bugs present in Firefox 138, Thunderbird
138, Firefox ESR 128.10, and Thunderbird 128.10.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5268</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5268</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-30</entry>
</dates>
</vuln>
<vuln vid="a470ac63-3d7c-11f0-9a55-b42e991fc52e">
<topic>Firefox -- unencrypted SNI</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1910298">
<p>In certain cases, SNI could have been sent unencrypted
even when encrypted DNS was enabled.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5270</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5270</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-30</entry>
</dates>
</vuln>
<vuln vid="a3291f81-3d7c-11f0-9a55-b42e991fc52e">
<topic>Firefox -- content injection attack</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1920348">
<p>Previewing a response in Devtools ignored CSP headers,
which could have allowed content injection attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5271</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5271</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-30</entry>
</dates>
</vuln>
<vuln vid="a14dbea7-3d7c-11f0-9a55-b42e991fc52e">
<topic>Mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>139.0,2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>129.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1726254%2C1742738%2C1960121">
<p>Memory safety bugs present in Firefox 138 and Thunderbird
138. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could
have been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-5272</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-5272</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-30</entry>
</dates>
</vuln>
<vuln vid="a372abb0-3d3c-11f0-86e7-b42e991fc52e">
<topic>ModSecurity -- Possible DoS Vulnerability</topic>
<affects>
<package>
<name>ap24-mod_security</name>
<range><lt>2.9.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/pull/3389">
<p>ModSecurity is an open source, cross platform web application
firewall (WAF) engine for Apache, IIS and Nginx. Versions up to
and including 2.9.8 are vulnerable to denial of service in one
special case (in stable released versions): when the payload&apos;s
content type is `application/json`, and there is at least one rule
which does a `sanitiseMatchedBytes` action. A patch is available
at pull request 3389 and expected to be part of version 2.9.9. No
known workarounds are available.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-47947</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-47947</url>
</references>
<dates>
<discovery>2025-05-21</discovery>
<entry>2025-05-30</entry>
</dates>
</vuln>
<vuln vid="67dd7a9e-3cd8-11f0-b601-5404a68ad561">
<topic>traefik -- Path traversal vulnerability</topic>
<affects>
<package>
<name>traefik</name>
<range><lt>3.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The traefik project reports:</p>
<blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5">
<p>There is a potential vulnerability in Traefik managing the requests
using a PathPrefix, Path or PathRegex matcher. When Traefik is configured
to route the requests to a backend using a matcher based on the path, if
the URL contains a URL encoded string in its path, it's possible to target
a backend, exposed using another router, by-passing the middlewares chain.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-47952</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-47952</url>
</references>
<dates>
<discovery>2025-05-27</discovery>
<entry>2025-05-29</entry>
</dates>
</vuln>
<vuln vid="c36decbe-3c84-11f0-8d29-b42e991fc52e">
<topic>glpi-project -- GLPI multiple vulnerabilities</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.18</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.18">
<p>
CVE-2024-11955: A vulnerability was found in GLPI up to
10.0.17. It has been declared as problematic. Affected by
this vulnerability is an unknown functionality of the file
/index.php.
The manipulation of the argument redirect leads to
open redirect. The attack can be launched remotely.
The exploit has been disclosed to the public and
may be used. Upgrading to version 10.0.18 is able to
address this issue.
It is recommended to upgrade the affected component.
</p>
<p>
CVE-2025-23024: Starting in version 0.72 and prior to
version 10.0.18, an anonymous user can disable all the
active plugins. Version 10.0.18 contains a patch.
As a workaround, one may delete the `install/update.php`
file.
</p>
<p>
CVE-2025-23046: Prior to version 10.0.18, a low privileged
user can enable debug mode and access sensitive information.
Version 10.0.18 contains a patch.
As a workaround, one may delete the `install/update.php`
file.
</p>
<p>
CVE-2025-25192: Starting in version 9.5.0 and prior to
version 10.0.18, if a &quot;Mail servers&quot;
authentication provider is configured to use an Oauth
connection provided by the OauthIMAP plugin, anyone can
connect to GLPI using a user name on which an Oauth
authorization has already been established.
Version 10.0.18 contains a patch. As a
workaround, one may disable any &quot;Mail
servers&quot; authentication provider configured to
use an Oauth connection provided by the OauthIMAP
plugin.
</p>
<p>
CVE-2025-21626: Starting in version 0.71 and prior to
version 10.0.18, an anonymous user can fetch sensitive
information from the `status.php` endpoint.
Version 10.0.18 contains a fix for the issue.
Some workarounds are available. One may delete the
`status.php` file, restrict its access, or
remove any sensitive values from the `name` field of
the active LDAP directories, mail servers authentication
providers and mail receivers.
</p>
<p>
CVE-2025-21627: In versions prior to 10.0.18, a malicious
link can be crafted to perform a reflected XSS attack on the
search page. If the anonymous ticket creation is enabled,
this attack can be performed by an unauthenticated
user. Version 10.0.18 contains a fix for the issue.
</p>
<p>
CVE-2025-21619: An administrator user can perfom a SQL
injection through the rules configuration forms.
This vulnerability is fixed in 10.0.18.
</p>
<p>
CVE-2025-24799: An unauthenticated user can perform a SQL
injection through the inventory endpoint.
This vulnerability is fixed in 10.0.18.
</p>
<p>
CVE-2025-24801: An authenticated user can upload and force
the execution of *.php files located on the GLPI server.
This vulnerability is fixed in 10.0.18.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-11955</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-11955</url>
<cvename>CVE-2025-23024</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-23024</url>
<cvename>CVE-2025-23046</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-23046</url>
<cvename>CVE-2025-25192</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-25192</url>
<cvename>CVE-2025-21626</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-21626</url>
<cvename>CVE-2025-21627</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-21627</url>
<cvename>CVE-2025-21619</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-21619</url>
<cvename>CVE-2025-24799</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-24799</url>
<cvename>CVE-2025-24801</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-24801</url>
</references>
<dates>
<discovery>2025-02-25</discovery>
<entry>2025-05-29</entry>
</dates>
</vuln>
<vuln vid="47ef0ac6-38fc-4b35-850b-c794f04619fe">
<topic>electron{34,35} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron34</name>
<range><lt>34.5.7</lt></range>
</package>
<package>
<name>electron35</name>
<range><lt>35.5.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v34.5.7">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2025-4609.</li>
<li>Security: backported fix for CVE-2025-4664.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4609</cvename>
<cvename>CVE-2025-4664</cvename>
<url>https://github.com/advisories/GHSA-vxhm-55mv-5fhx</url>
</references>
<dates>
<discovery>2025-05-29</discovery>
<entry>2025-05-29</entry>
</dates>
</vuln>
<vuln vid="34744aab-3bf7-11f0-b81c-001b217e4ee5">
<topic>ISC KEA -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>kea</name>
<range><lt>2.6.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Internet Systems Consortium, Inc. reports:</p>
<blockquote cite="https://kb.isc.org/docs/">
<ul>
<li>Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801</li>
<li>Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802</li>
<li>Insecure file permissions can result in confidential information leakage https://kb.isc.org/docs/cve-2025-32803</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-32801</cvename>
<cvename>CVE-2025-32802</cvename>
<cvename>CVE-2025-32803</cvename>
</references>
<dates>
<discovery>2025-05-28</discovery>
<entry>2025-05-28</entry>
</dates>
</vuln>
<vuln vid="45eb98d6-3b13-11f0-97f7-b42e991fc52e">
<topic>grafana -- XSS vulnerability</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>8.0.0</ge><lt>10.4.18+security-01</lt></range>
<range><ge>11.0.0</ge><lt>11.2.9+security-01</lt></range>
<range><ge>11.3.0</ge><lt>11.3.6+security-01</lt></range>
<range><ge>11.4.0</ge><lt>11.4.4+security-01</lt></range>
<range><ge>11.5.0</ge><lt>11.5.4+security-01</lt></range>
<range><ge>11.6.0</ge><lt>11.6.1+security-01</lt></range>
<range><ge>12.0.0</ge><lt>12.0.0+security-01</lt></range>
</package>
<package>
<name>grafana8</name>
<range><ge>8.0.0</ge></range>
</package>
<package>
<name>grafana9</name>
<range><ge>9.0.0</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@grafana.com reports:</p>
<blockquote cite="https://grafana.com/security/security-advisories/cve-2025-4123/">
<p>A cross-site scripting (XSS) vulnerability exists in Grafana caused
by combining a client path traversal and open redirect. This allows
attackers to redirect users to a website that hosts a frontend
plugin that will execute arbitrary JavaScript. This vulnerability
does not require editor permissions and if anonymous access is
enabled, the XSS will work. If the Grafana Image Renderer plugin
is installed, it is possible to exploit the open redirect to achieve
a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the
XSS though the `connect-src` directive.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4123</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4123</url>
</references>
<dates>
<discovery>2025-04-26</discovery>
<entry>2025-05-27</entry>
</dates>
</vuln>
<vuln vid="e587b52d-38ac-11f0-b7b6-dcfe074bd614">
<topic>cpython -- Use-after-free in &quot;unicode_escape&quot; decoder with error handler</topic>
<affects>
<package>
<name>python39</name>
<range><lt>3.9.22_1</lt></range>
</package>
<package>
<name>python310</name>
<range><lt>3.10.17_1</lt></range>
</package>
<package>
<name>python311</name>
<range><lt>3.11.12_1</lt></range>
</package>
<package>
<name>python312</name>
<range><lt>3.12.10_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@python.org reports:</p>
<blockquote cite="https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142">
<p>There is an issue in CPython when using
`bytes.decode(&quot;unicode_escape&quot;,
error=&quot;ignore|replace&quot;)`. If you are not using the
&quot;unicode_escape&quot; encoding or an error handler your
usage is not affected. To work-around this issue you may stop
using the error= handler and instead wrap the bytes.decode()
call in a try-except catching the DecodeError.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4516</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4516</url>
</references>
<dates>
<discovery>2025-05-15</discovery>
<entry>2025-05-24</entry>
</dates>
</vuln>
<vuln vid="5baa64d6-37ee-11f0-a116-8447094a420f">
<topic>OpenSSL -- Inverted security logic in x509 app</topic>
<affects>
<package>
<name>openssl35</name>
<range><lt>3.5.0_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://openssl-library.org/news/secadv/20250522.txt">
<p>The x509 application adds trusted use instead of rejected use (low)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4575</cvename>
<url>https://openssl-library.org/news/secadv/20250522.txt</url>
</references>
<dates>
<discovery>2025-05-23</discovery>
<entry>2025-05-23</entry>
</dates>
</vuln>
<vuln vid="6529e5e7-36d5-11f0-8f57-b42e991fc52e">
<topic>Firefox -- memory corruption due to race condition</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>137.0.2,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1951554">
<p>A race condition existed in nsHttpTransaction that could
have been exploited to cause memory corruption, potentially
leading to an exploitable condition.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3608</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3608</url>
</references>
<dates>
<discovery>2025-04-15</discovery>
<entry>2025-05-22</entry>
</dates>
</vuln>
<vuln vid="a1a1b0c2-3791-11f0-8600-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>18.0.0</ge><lt>18.0.1</lt></range>
<range><ge>17.11.0</ge><lt>17.11.3</lt></range>
<range><ge>10.2.0</ge><lt>17.10.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/">
<p>Unprotected large blob endpoint in GitLab allows Denial of Service</p>
<p>Improper XPath validation allows modified SAML response to bypass 2FA requirement</p>
<p>A Discord webhook integration may cause DoS</p>
<p>Unbounded Kubernetes cluster tokens may lead to DoS</p>
<p>Unvalidated notes position may lead to Denial of Service</p>
<p>Hidden/masked variables may get exposed in the UI</p>
<p>Two-factor authentication requirement bypass</p>
<p>View full email addresses that should be partially obscured</p>
<p>Branch name confusion in confidential MRs</p>
<p>Unauthorized access to job data via a GraphQL query</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0993</cvename>
<cvename>CVE-2024-12093</cvename>
<cvename>CVE-2024-7803</cvename>
<cvename>CVE-2025-3111</cvename>
<cvename>CVE-2025-2853</cvename>
<cvename>CVE-2025-4979</cvename>
<cvename>CVE-2025-0605</cvename>
<cvename>CVE-2025-0679</cvename>
<cvename>CVE-2024-9163</cvename>
<cvename>CVE-2025-1110</cvename>
<url>https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/</url>
</references>
<dates>
<discovery>2025-05-21</discovery>
<entry>2025-05-23</entry>
</dates>
</vuln>
<vuln vid="4abd86c1-366d-11f0-9c0c-000c29ffbb6c">
<topic>screen -- multiple vulnerabilities</topic>
<affects>
<package>
<name>screen</name>
<range><lt>5.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The screen project reports:</p>
<blockquote cite="https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html">
<p>Multiple security issues in screen.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-46805</cvename>
<cvename>CVE-2025-46804</cvename>
<cvename>CVE-2025-46803</cvename>
<cvename>CVE-2025-46802</cvename>
<cvename>CVE-2025-23395</cvename>
<url>https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html</url>
</references>
<dates>
<discovery>2025-05-12</discovery>
<entry>2025-05-21</entry>
</dates>
</vuln>
<vuln vid="07560111-34cc-11f0-af94-b42e991fc52e">
<topic>firefox -- out-of-bounds read/write</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0.4,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.10.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1966614">
<p>An attacker was able to perform an out-of-bounds read or
write on a JavaScript object by confusing array index sizes.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4918</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4918</url>
<cvename>CVE-2025-4919</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4919</url>
</references>
<dates>
<discovery>2025-05-17</discovery>
<entry>2025-05-19</entry>
</dates>
</vuln>
<vuln vid="46594aa3-32f7-11f0-a116-8447094a420f">
<topic>WeeChat -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>weechat</name>
<range><lt>4.6.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Weechat project reports:</p>
<blockquote cite="https://weechat.org/doc/weechat/security/">
<p>Multiple integer and buffer overflows in WeeChat core.</p>
</blockquote>
</body>
</description>
<references>
<url>https://weechat.org/doc/weechat/security/</url>
</references>
<dates>
<discovery>2025-05-11</discovery>
<entry>2025-05-17</entry>
</dates>
</vuln>
<vuln vid="79400d31-3166-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>136.0.7103.113</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>136.0.7103.113</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[415810136] High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser_ on 2025-05-05</li>
<li>[412578726] High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on 2025-04-22</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4664</cvename>
<cvename>CVE-2025-4609</cvename>
<url>https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html</url>
</references>
<dates>
<discovery>2025-05-14</discovery>
<entry>2025-05-15</entry>
</dates>
</vuln>
<vuln vid="52efdd56-30bd-11f0-81be-b42e991fc52e">
<topic>Mozilla -- memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.10</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>138.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105">
<p>Memory safety bugs present in Firefox 137, Thunderbird 137,
Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs
showed evidence of memory corruption and we presume that
with enough effort some of these could have been exploited
to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4091</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4091</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-14</entry>
</dates>
</vuln>
<vuln vid="4f17db64-30bd-11f0-81be-b42e991fc52e">
<topic>Mozilla -- memory corruption</topic>
<affects>
<package>
<name>firefox-esr</name>
<range><lt>128.10</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1894100">
<p>Memory safety bug present in Firefox ESR 128.9, and
Thunderbird 128.9. This bug showed evidence of memory
corruption and we presume that with enough effort this could
have been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4093</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4093</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-14</entry>
</dates>
</vuln>
<vuln vid="6f10b49d-07b1-4be4-8abf-edf880b16ad2">
<topic>vscode -- security feature bypass vulnerability</topic>
<affects>
<package>
<name>vscode</name>
<range><lt>1.100.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>VSCode developers report:</p>
<blockquote cite="https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm">
<p>A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-21264</cvename>
<url>https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm</url>
<url>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264</url>
</references>
<dates>
<discovery>2025-05-13</discovery>
<entry>2025-05-14</entry>
</dates>
</vuln>
<vuln vid="a96cd659-303e-11f0-94b5-54ee755069b5">
<topic>libxslt -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libxslt</name>
<range><lt>1.1.43</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>[CVE-2024-55549] Fix UAF related to excluded namespaces</h1>
<blockquote cite="https://gitlab.gnome.org/GNOME/libxslt/-/issues/127">
<p>xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.</p>
</blockquote>
<h1>[CVE-2025-24855] Fix use-after-free of XPath context node</h1>
<blockquote cite="https://gitlab.gnome.org/GNOME/libxslt/-/issues/128">
<p>numbers.c in libxslt before 1.1.43 has a use-after-free because
, in nested XPath evaluations, an XPath context node can be
modified but never restored. This is related to
xsltNumberFormatGetValue, xsltEvalXPathPredicate,
xsltEvalXPathStringNs, and xsltComputeSortResultInternal.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-55549</cvename>
<cvename>CVE-2025-24855</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-55549</url>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-24855</url>
</references>
<dates>
<discovery>2025-03-13</discovery>
<entry>2025-05-13</entry>
</dates>
</vuln>
<vuln vid="89c668d5-2f80-11f0-9632-641c67a117d8">
<topic>www/varnish7 -- Request Smuggling Attack</topic>
<affects>
<package>
<name>varnish7</name>
<range><lt>7.7.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Varnish Development Team reports:</p>
<blockquote cite="https://varnish-cache.org/security/VSV00016.html">
<p>A client-side desync vulnerability can be triggered in Varnish Cache
and Varnish Enterprise. This vulnerability can be triggered under
specific circumstances involving malformed HTTP/1 requests.</p>
<p>An attacker can abuse a flaw in Varnish's handling of chunked
transfer encoding which allows certain malformed HTTP/1 requests
to exploit improper framing of the message body to smuggle additional
requests. Specifically, Varnish incorrectly permits CRLF to be
skipped to delimit chunk boundaries.</p>
</blockquote>
</body>
</description>
<references>
<url>https://varnish-cache.org/security/VSV00016.html</url>
</references>
<dates>
<discovery>2025-05-12</discovery>
<entry>2025-05-12</entry>
</dates>
</vuln>
<vuln vid="a8a1a8e7-2e85-11f0-a989-b42e991fc52e">
<topic>Mozilla -- memory corruption</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>138.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367">
<p>Memory safety bugs present in Firefox 137 and Thunderbird 137.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4092</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4092</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-11</entry>
</dates>
</vuln>
<vuln vid="a59bd59e-2e85-11f0-a989-b42e991fc52e">
<topic>Mozilla -- insufficient character escaping</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>138.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198">
<p>Due to insufficient escaping of special characters in the
&quot;copy as cURL&quot; feature, an attacker could trick
a user into using this command, potentially leading to local
code execution on the user&apos;s system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4089</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4089</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-11</entry>
</dates>
</vuln>
<vuln vid="a4422500-2e85-11f0-a989-b42e991fc52e">
<topic>Mozilla -- Cross-Site Request Forgery</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>138.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1953521">
<p>A security vulnerability in Thunderbird allowed malicious
sites to use redirects to send credentialed requests to
arbitrary endpoints on any site that had invoked the Storage
Access API. This enabled potential Cross-Site Request
Forgery attacks across origins.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4088</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4088</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-11</entry>
</dates>
</vuln>
<vuln vid="a2d5bd7b-2e85-11f0-a989-b42e991fc52e">
<topic>Mozilla -- XPath parsing undefined behavior</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.10,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>138</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1952465">
<p>A vulnerability was identified in Thunderbird where XPath
parsing could trigger undefined behavior due to missing null
checks during attribute access. This could lead to
out-of-bounds read access and potentially, memory
corruption.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4087</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4087</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-11</entry>
</dates>
</vuln>
<vuln vid="9fa8c4a2-2e85-11f0-a989-b42e991fc52e">
<topic>Mozilla -- Information leak</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>138.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915280">
<p>An attacker with control over a content process could
potentially leverage the privileged UITour actor to leak
sensitive information or escalate privileges.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4085</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4085</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-11</entry>
</dates>
</vuln>
<vuln vid="9c37a02e-2e85-11f0-a989-b42e991fc52e">
<topic>Mozilla -- javascript content execution</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>138.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.10,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>138.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1958350">
<p>A process isolation vulnerability in Thunderbird stemmed
from improper handling of javascript: URIs, which could
allow content to execute in the top-level document&apos;s
process instead of the intended frame, potentially enabling
a sandbox escape.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4083</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-4083</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-11</entry>
</dates>
</vuln>
<vuln vid="6943cbf2-2d55-11f0-9471-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.11.0</ge><lt>17.11.2</lt></range>
<range><ge>17.10.0</ge><lt>17.10.6</lt></range>
<range><ge>12.0.0</ge><lt>17.9.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/">
<p>Partial Bypass for Device OAuth flow using Cross Window Forgery</p>
<p>Denial of service by abusing Github import API</p>
<p>Group IP restriction bypass allows disclosing issue title of restricted project</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0549</cvename>
<cvename>CVE-2024-8973</cvename>
<cvename>CVE-2025-1278</cvename>
<url>https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/</url>
</references>
<dates>
<discovery>2025-05-07</discovery>
<entry>2025-05-10</entry>
</dates>
</vuln>
<vuln vid="78b8e808-2c45-11f0-9a65-6cc21735f730">
<topic>PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation</topic>
<affects>
<package>
<name>postgresql17-client</name>
<range><lt>17.5</lt></range>
</package>
<package>
<name>postgresql16-client</name>
<range><lt>16.9</lt></range>
</package>
<package>
<name>postgresql15-client</name>
<range><lt>15.13</lt></range>
</package>
<package>
<name>postgresql14-client</name>
<range><lt>14.18</lt></range>
</package>
<package>
<name>postgresql13-client</name>
<range><lt>13.21</lt></range>
</package>
<package>
<name>postgresql17-server</name>
<range><lt>17.5</lt></range>
</package>
<package>
<name>postgresql16-server</name>
<range><lt>16.9</lt></range>
</package>
<package>
<name>postgresql15-server</name>
<range><lt>15.13</lt></range>
</package>
<package>
<name>postgresql14-server</name>
<range><lt>14.18</lt></range>
</package>
<package>
<name>postgresql13-server</name>
<range><lt>13.21</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL project reports:</p>
<blockquote cite="https://www.postgresql.org/support/security/CVE-2025-4207/">
<p>
A buffer over-read in PostgreSQL GB18030 encoding
validation allows a database input provider to achieve
temporary denial of service on platforms where a 1-byte
over-read can elicit process termination. This affects
the database server and also libpq. Versions before
PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are
affected.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4207</cvename>
<url>https://www.postgresql.org/support/security/CVE-2025-4207/</url>
</references>
<dates>
<discovery>2025-05-08</discovery>
<entry>2025-05-08</entry>
</dates>
</vuln>
<vuln vid="db221414-2b0d-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>136.0.7103.92</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>136.0.7103.92</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[412057896] Medium CVE-2025-4372: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-04-20</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4372</cvename>
<url>https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2025-05-06</discovery>
<entry>2025-05-07</entry>
</dates>
</vuln>
<vuln vid="e195e915-2a43-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>136.0.7103.59</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>136.0.7103.59</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html">
<p>This update includes 8 security fixes:</p>
<ul>
<li>[409911705] High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11</li>
<li>[409342999] Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09</li>
<li>[404000989] Medium CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-16</li>
<li>[401927528] Low CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-4096</cvename>
<cvename>CVE-2025-4050</cvename>
<cvename>CVE-2025-4051</cvename>
<cvename>CVE-2025-4052</cvename>
<url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-06</entry>
</dates>
</vuln>
<vuln vid="5f868a5f-2943-11f0-bb22-f02f7432cf97">
<topic>fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams</topic>
<affects>
<package>
<name>fcgi</name>
<range><lt>2.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/FastCGI-Archives/fcgi2/issues/67">
<p>FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer
overflow (and resultant heap-based buffer overflow) via
crafted nameLen or valueLen values in data to the IPC socket.
This occurs in ReadParams in fcgiapp.c.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-23016</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-23016</url>
<url>https://github.com/FastCGI-Archives/fcgi2/issues/67</url>
</references>
<dates>
<discovery>2025-01-10</discovery>
<entry>2025-05-04</entry>
</dates>
</vuln>
<vuln vid="7e7a32e7-2901-11f0-ab20-b42e991fc52e">
<topic>dnsdist -- Denial of service via crafted DoH exchange</topic>
<affects>
<package>
<name>null</name>
<range><lt>null</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@open-xchange.com reports:</p>
<blockquote cite="https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html">
<p>
When DNSdist is configured to provide DoH via the
nghttp2provider, an attacker can cause a denial of service by
crafting a DoH exchange that triggers an illegal memory
access (double-free) and crash of DNSdist, causing a denial
of service. The remedy is: upgrade to the patched 1.9.9
version. A workaround is to temporarily switch to the h2o
provider until DNSdist has been upgraded to a fixed version.
We would like to thank Charles Howes for bringing this issue
to our attention.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-30194</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-30194</url>
</references>
<dates>
<discovery>2025-04-29</discovery>
<entry>2025-05-04</entry>
</dates>
</vuln>
<vuln vid="d70d5e0a-1f5e-11f0-9c67-6805ca2fa271">
<topic>powerdns-recursor -- denial of service</topic>
<affects>
<package>
<name>powerdns-recursor</name>
<range><eq>5.2.0</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Team reports:</p>
<blockquote cite="https://blog.powerdns.com/2025/04/07/powerdns-recursor-5-2-1-released">
<p>PowerDNS Security Advisory 2025-01: A crafted zone can
lead to an illegal memory access in the Recursor</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-30195</cvename>
<url>https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html</url>
</references>
<dates>
<discovery>2025-04-07</discovery>
<entry>2025-04-22</entry>
</dates>
</vuln>
<vuln vid="409206f6-25e6-11f0-9360-b42e991fc52e">
<topic>sqlite -- integer overflow</topic>
<affects>
<package>
<name>sqlite</name>
<range><lt>3.49.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a">
<p>
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the
concat_ws() SQL function can cause memory to be written
beyond the end of a malloc-allocated buffer. If the
separator argument is attacker-controlled and has a large
string (e.g., 2MB or more), an integer overflow occurs in
calculating the size of the result buffer, and thus malloc
may not allocate enough memory.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-29087</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-29087</url>
</references>
<dates>
<discovery>2025-04-07</discovery>
<entry>2025-04-30</entry>
</dates>
</vuln>
<vuln vid="df126e23-24fa-11f0-ab92-f02f7497ecda">
<topic>h11 accepts some malformed Chunked-Encoding bodies</topic>
<affects>
<package>
<name>py39-h11</name>
<name>py310-h11</name>
<name>py311-h11</name>
<name>py312-h11</name>
<range><lt>0.16.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>h11 reports:</p>
<blockquote cite="https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj">
<p>h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-43859</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-43859</url>
</references>
<dates>
<discovery>2025-04-24</discovery>
<entry>2025-04-29</entry>
</dates>
</vuln>
<vuln vid="310f5923-211c-11f0-8ca6-6c3be5272acd">
<topic>Grafana -- Authorization bypass in data source proxy API</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>8.0.0</ge><lt>10.4.17+security-01</lt></range>
<range><ge>11.0.0</ge><lt>11.2.8+security-01</lt></range>
<range><ge>11.3.0</ge><lt>11.3.5+security-01</lt></range>
<range><ge>11.4.0</ge><lt>11.4.3+security-01</lt></range>
<range><ge>11.5.0</ge><lt>11.5.3+security-01</lt></range>
<range><ge>11.6.0</ge><lt>11.6.0+security-01</lt></range>
</package>
<package>
<name>grafana8</name>
<range><ge>8.0.0</ge></range>
</package>
<package>
<name>grafana9</name>
<range><ge>9.0.0</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/">
<p>This vulnerability, which was discovered while reviewing a pull
request from an external contributor, effects Grafana’s data source
proxy API and allows authorization checks to be bypassed by adding
an extra slash character (/) in the URL path. Among Grafana-maintained
data sources, the vulnerability only affects the read paths
of Prometheus (all flavors) and Alertmanager when configured with
basic authorization.</p>
<p>The CVSS score for this vulnerability is
<a href="https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N">5.0 MEDIUM</a>.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3454</cvename>
<url>https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/</url>
</references>
<dates>
<discovery>2025-03-25</discovery>
<entry>2025-04-24</entry>
</dates>
</vuln>
<vuln vid="6adfda5a-2118-11f0-8ca6-6c3be5272acd">
<topic>Grafana -- Bypass Viewer and Editor permissions</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>11.6.0</ge><lt>11.6.0+security-01</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/">
<p>During the development of a new feature in Grafana 11.6.x,
a security vulnerability was introduced that allows for Viewers
and Editors to bypass dashboard-specific permissions. As a result,
users with the Viewer role could view all the dashboards within their
org and users with the Editor role could view, edit, and delete all
the dashboards in their org.</p>
<p><em>Note: Organization isolation boundaries still apply, which
means viewers and editors in one organization cannot view or edit
dashboards in another org. Also this vulnerability does not allow
users to query data via data sources they don’t have access to.</em>
</p>
<p>The CVSS score for this vulnerability is
<a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L&amp;version=3.1">8.3 HIGH</a>.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3260</cvename>
<url>https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/</url>
</references>
<dates>
<discovery>2025-04-04</discovery>
<entry>2025-04-24</entry>
</dates>
</vuln>
<vuln vid="f8b7af82-2116-11f0-8ca6-6c3be5272acd">
<topic>Grafana -- DOM XSS vulnerability</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>11.1.0</ge><lt>11.2.8+security-01</lt></range>
<range><ge>11.3.0</ge><lt>11.3.5+security-01</lt></range>
<range><ge>11.4.0</ge><lt>11.4.3+security-01</lt></range>
<range><ge>11.5.0</ge><lt>11.5.3+security-01</lt></range>
<range><ge>11.6.0</ge><lt>11.6.0+security-01</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/">
<p>An external security researcher responsibly reported a security
vulnerability in Grafana’s built-in
<a href="https://grafana.com/docs/grafana/latest/panels-visualizations/visualizations/xy-chart/">XY chart plugin</a>
that is vulnerable to a
<a href="https://grafana.com/blog/2023/07/11/trusted-types-how-we-mitigate-xss-threats-in-grafana-10/#what-is-dom-xss">DOM XSS vulnerability</a>.</p>
<p>The CVSS score for this vulnerability is
<a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L&amp;version=3.1">6.8 MEDIUM</a>.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2703</cvename>
<url>https://grafana.com/security/security-advisories/cve-2025-2703/</url>
</references>
<dates>
<discovery>2025-03-14</discovery>
<entry>2025-04-24</entry>
</dates>
</vuln>
<vuln vid="af8d043f-20df-11f0-b9c5-000c295725e4">
<topic>redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client</topic>
<affects>
<package>
<name>redis</name>
<range><lt>7.4.3</lt></range>
</package>
<package>
<name>redis72</name>
<range><lt>7.2.8</lt></range>
</package>
<package>
<name>redis62</name>
<range><lt>6.2.18</lt></range>
</package>
<package>
<name>valkey</name>
<range><lt>8.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Axel Mierczuk reports:</p>
<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff">
<p>
By default, the Redis configuration does not limit the
output buffer of normal clients (see
client-output-buffer-limit). Therefore, the output buffer
can grow unlimitedly over time. As a result, the service
is exhausted and the memory is unavailable.
</p>
<p>
When password authentication is enabled on the Redis
server, but no password is provided, the client can still
cause the output buffer to grow from "NOAUTH" responses
until the system will run out of memory.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-21605</cvename>
<url>https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff</url>
</references>
<dates>
<discovery>2025-04-23</discovery>
<entry>2025-04-24</entry>
</dates>
</vuln>
<vuln vid="11b71871-20ba-11f0-9471-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.11.0</ge><lt>17.11.1</lt></range>
<range><ge>17.10.0</ge><lt>17.10.5</lt></range>
<range><ge>16.6.0</ge><lt>17.9.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/">
<p>Cross Site Scripting (XSS) in Maven Dependency Proxy through CSP directives</p>
<p>Cross Site Scripting (XSS) in Maven dependency proxy through cache headers</p>
<p>Network Error Logging (NEL) Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring</p>
<p>Denial of service (DOS) via issue preview</p>
<p>Unauthorized access to branch names when Repository assets are disabled in the project</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1763</cvename>
<cvename>CVE-2025-2443</cvename>
<cvename>CVE-2025-1908</cvename>
<cvename>CVE-2025-0639</cvename>
<cvename>CVE-2024-12244</cvename>
<url>https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/</url>
</references>
<dates>
<discovery>2025-04-23</discovery>
<entry>2025-04-24</entry>
</dates>
</vuln>
<vuln vid="194f79c3-1ffe-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>135.0.7049.114</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>135.0.7049.114</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_22.html">
<p>This update includes 1 security fix.</p>
</blockquote>
</body>
</description>
<references>
<url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_22.html</url>
</references>
<dates>
<discovery>2025-04-22</discovery>
<entry>2025-04-23</entry>
</dates>
</vuln>
<vuln vid="5ca2cafa-1f24-11f0-ab07-f8f21e52f724">
<topic>Navidrome -- Authentication bypass in Subsonic API</topic>
<affects>
<package>
<name>navidrome</name>
<range><gt>0.52.0</gt><lt>0.54.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Deluan reports:</p>
<blockquote cite="https://github.com/navidrome/navidrome/security/advisories/GHSA-c3p4-vm8f-386p">
<p>In certain Subsonic API endpoints, authentication can be
bypassed by using a non-existent username combined with an
empty (salted) password hash. This allows read-only access to
the server’s resources, though attempts at write operations
fail with a “permission denied” error.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27112</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-27112</url>
</references>
<dates>
<discovery>2025-02-25</discovery>
<entry>2025-04-22</entry>
</dates>
</vuln>
<vuln vid="06269ae8-1e0d-11f0-ad0b-b42e991fc52e">
<topic>Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE</topic>
<affects>
<package>
<name>erlang</name>
<range><lt>26.2.5.11</lt></range>
</package>
<package>
<name>erlang-runtime21</name>
<range><lt>25.3.2.20</lt></range>
</package>
<package>
<name>erlang-runtime22</name>
<range><lt>25.3.2.20</lt></range>
</package>
<package>
<name>erlang-runtime23</name>
<range><lt>25.3.2.20</lt></range>
</package>
<package>
<name>erlang-runtime24</name>
<range><lt>25.3.2.20</lt></range>
</package>
<package>
<name>erlang-runtime25</name>
<range><lt>25.3.2.20</lt></range>
</package>
<package>
<name>erlang-runtime26</name>
<range><lt>26.2.5.11</lt></range>
</package>
<package>
<name>erlang-runtime27</name>
<range><lt>27.3.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12">
<p>
Erlang/OTP is a set of libraries for the Erlang
programming language. Prior to versions OTP-27.3.3,
OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow
an attacker to perform unauthenticated remote code
execution (RCE). By exploiting a flaw in SSH protocol
message handling, a malicious actor could gain
unauthorized access to affected systems and execute
arbitrary commands without valid credentials. This issue
is patched in versions OTP-27.3.3, OTP-26.2.5.11, and
OTP-25.3.2.20. A temporary workaround involves disabling
the SSH server or to prevent access via firewall rules.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-32433</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-32433</url>
</references>
<dates>
<discovery>2025-04-16</discovery>
<entry>2025-04-20</entry>
</dates>
</vuln>
<vuln vid="1b8d502e-1cfd-11f0-944d-901b0e9408dc">
<topic>ejabberd -- mod_muc_occupantid: Fix handling multiple occupant-id</topic>
<affects>
<package>
<name>ejabberd</name>
<range><lt>25.04</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ejabberd team reports:</p>
<blockquote cite="https://www.process-one.net/blog/ejabberd-25-04/#occupantid">
<p>Fixed issue with handling of user provided occupant-id in
messages and presences sent to muc room. Server was
replacing just first instance of occupant-id with its own
version, leaving other ones untouched. That would mean that
depending on order in which clients send occupant-id, they
could see value provided by sender, and that could be used
to spoof as different sender.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.process-one.net/blog/ejabberd-25-04/#occupantid</url>
</references>
<dates>
<discovery>2025-04-16</discovery>
<entry>2025-04-19</entry>
</dates>
</vuln>
<vuln vid="bf5d29ea-1a93-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>135.0.7049.95</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>135.0.7049.95</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[409619251] Critical CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09</li>
<li>[405292639] High CVE-2025-3620: Use after free in USB. Reported by @retsew0x01 on 2025-03-21</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3619</cvename>
<cvename>CVE-2025-3620</cvename>
<url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html</url>
</references>
<dates>
<discovery>2025-04-15</discovery>
<entry>2025-04-16</entry>
</dates>
</vuln>
<vuln vid="030778d5-19cc-11f0-8cb5-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>135.0.7049.84</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>135.0.7049.84</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[405140652] High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe (@svn-dys) on 2025-03-21</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3066</cvename>
<url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html</url>
</references>
<dates>
<discovery>2025-04-08</discovery>
<entry>2025-04-15</entry>
</dates>
</vuln>
<vuln vid="e9b8e519-0d50-11f0-86d8-901b0e934d69">
<topic>py-matrix-synapse -- federation denial of service via malformed events</topic>
<affects>
<package>
<name>py38-matrix-synapse</name>
<name>py39-matrix-synapse</name>
<name>py310-matrix-synapse</name>
<name>py311-matrix-synapse</name>
<range><lt>1.127.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>element-hq/synapse developers report:</p>
<blockquote cite="https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6">
<p>A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-30355</cvename>
<url>https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6</url>
</references>
<dates>
<discovery>2025-03-26</discovery>
<entry>2025-03-26</entry>
</dates>
</vuln>
<vuln vid="45276ea6-1653-4240-9986-ccfc6fec7ece">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.504</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.492.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2025-04-02/">
<h1>Description</h1>
<h5>(Medium) SECURITY-3512 / CVE-2025-31720</h5>
<p>Missing permission check allows retrieving agent configurations</p>
<h1>Description</h1>
<h5>(Medium) SECURITY-3513 / CVE-2025-31721</h5>
<p>Missing permission check allows retrieving secrets from agent configurations</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-31720</cvename>
<cvename>CVE-2025-31721</cvename>
<url>https://www.jenkins.io/security/advisory/2025-04-02/</url>
</references>
<dates>
<discovery>2025-04-02</discovery>
<entry>2025-04-11</entry>
</dates>
</vuln>
<vuln vid="ed602f8b-15c2-11f0-b4e4-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.10.0</ge><lt>17.10.4</lt></range>
<range><ge>17.9.0</ge><lt>17.9.6</lt></range>
<range><ge>7.7.0</ge><lt>17.8.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/04/09/patch-release-gitlab-17-10-4-released/">
<p>Denial of service via CI pipelines</p>
<p>Unintentionally authorizing sensitive actions on users behalf</p>
<p>IP Restriction Bypass through GraphQL Subscription</p>
<p>Unauthorized users can list the number of confidential issues</p>
<p>Debugging Information Disclosed</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1677</cvename>
<cvename>CVE-2025-0362</cvename>
<cvename>CVE-2025-2408</cvename>
<cvename>CVE-2024-11129</cvename>
<cvename>CVE-2025-2469</cvename>
<url>https://about.gitlab.com/releases/2025/04/09/patch-release-gitlab-17-10-4-released/</url>
</references>
<dates>
<discovery>2025-04-09</discovery>
<entry>2025-04-10</entry>
</dates>
</vuln>
<vuln vid="8f71ad3b-14f5-11f0-87ba-002590c1f29c">
<topic>expat: improper restriction of xml entity expansion depth</topic>
<affects>
<package>
<name>expat</name>
<range><lt>2.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>secalert@redhat.com reports:</p>
<blockquote cite="https://access.redhat.com/errata/RHSA-2025:3531">
<p>A stack overflow vulnerability exists in the libexpat library due
to the way it handles recursive entity expansion in XML documents.
When parsing an XML document with deeply nested entity references,
libexpat can be forced to recurse indefinitely, exhausting the stack
space and causing a crash. This issue could lead to denial of
service (DoS) or, in some cases, exploitable memory corruption,
depending on the environment and library usage.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-8176</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8176</url>
</references>
<dates>
<discovery>2025-03-14</discovery>
<entry>2025-04-09</entry>
</dates>
</vuln>
<vuln vid="34c51a2b-13c8-11f0-a5bd-b42e991fc52e">
<topic>Mozilla -- memory corruption</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>137.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>137.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>137.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1894100%2C1934086%2C1950360">
<p>Memory safety bugs present in Firefox 136 and Thunderbird 136.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3034</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3034</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-07</entry>
</dates>
</vuln>
<vuln vid="315f568e-13c8-11f0-a5bd-b42e991fc52e">
<topic>Mozilla -- privilege escalation attack</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>137.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>137.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>137.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1949987">
<p>Leaking of file descriptors from the fork server to web
content processes could allow for privilege escalation
attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3032</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3032</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-07</entry>
</dates>
</vuln>
<vuln vid="2fc74cae-13c8-11f0-a5bd-b42e991fc52e">
<topic>Mozilla -- stack memory read</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>137.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>137.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>137.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1947141">
<p>An attacker could read 32 bits of values spilled onto the stack in
a JIT compiled function.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3031</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3031</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-07</entry>
</dates>
</vuln>
<vuln vid="2e0ff31b-13c8-11f0-a5bd-b42e991fc52e">
<topic>Mozilla -- Memory corruption</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>137.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.9.0</lt></range>
</package>
<package>
<name>firefox</name>
<range><lt>137.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494">
<p>Memory safety bugs present in Firefox 136, Thunderbird
136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these
bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been
exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3030</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3030</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-07</entry>
</dates>
</vuln>
<vuln vid="2c0180a5-13c8-11f0-a5bd-b42e991fc52e">
<topic>Mozilla -- URL spoofing attack</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>137.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.9</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>137.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>137.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1952213">
<p>A crafted URL containing specific Unicode characters
could have hidden the true origin of the page, resulting in
a potential spoofing attack.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3029</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3029</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-07</entry>
</dates>
</vuln>
<vuln vid="28e5f7be-13c8-11f0-a5bd-b42e991fc52e">
<topic>Mozilla -- use-after-free error</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>137.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.22</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>137.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>137.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1941002">
<p>JavaScript code running while transforming a document
with the XSLTProcessor could lead to a use-after-free.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3028</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3028</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-07</entry>
</dates>
</vuln>
<vuln vid="789bcfb6-1224-11f0-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>135.0.7049.52</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>135.0.7049.52</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html">
<p>This update includes 13 security fixes:</p>
<ul>
<li>[376491759] Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31</li>
<li>[401823929] Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09</li>
<li>[40060076] Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26</li>
<li>[40086360] Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01</li>
<li>[40051596] Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23</li>
<li>[362545037] Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27</li>
<li>[388680893] Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09</li>
<li>[392818696] Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3067</cvename>
<cvename>CVE-2025-3068</cvename>
<cvename>CVE-2025-3069</cvename>
<cvename>CVE-2025-3070</cvename>
<cvename>CVE-2025-3071</cvename>
<cvename>CVE-2025-3072</cvename>
<cvename>CVE-2025-3073</cvename>
<cvename>CVE-2025-3074</cvename>
<url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-05</entry>
</dates>
</vuln>
<vuln vid="1205eccf-116d-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- Memory corruption bug</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.6.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>134.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783">
<p>Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ESR 128.5, and Thunderbird 128.5. Some of these
bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been
exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0243</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0243</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="f9d7b6ae-116c-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>134.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2C1910021%2C1919803%2C1931576%2C1931948%2C1932173">
<p>Memory safety bugs present in Firefox 133 and Thunderbird 133.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0247</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0247</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="f7d80111-116c-11f0-8b2c-b42e991fc52e">
<topic>firefox -- authentication bypass</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1895342">
<p>Under certain circumstances, a user opt-in setting that
Focus should require authentication before use could have
been be bypassed.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0245</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0245</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="f508f81e-116c-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.19</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>134.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169">
<p>Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18,
and Thunderbird 128.5. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort
some of these could have been exploited to run arbitrary
code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0242</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0242</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="f38dd0f1-116c-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- DoS via segmentation fault</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.6.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>134.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1933023">
<p>When segmenting specially crafted text, segmentation
would corrupt memory leading to a potentially exploitable
crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0241</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0241</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="f1f92cd3-116c-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- use-after-free while parsing JSON</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.6.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>134.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1929623">
<p>Parsing a JavaScript module as JSON could, under some
circumstances, cause cross-compartment access, which may
result in a use-after-free.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0240</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0240</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="f02e3c59-116c-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- redirection to insecure site</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.6.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>134.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1929156">
<p>When using Alt-Svc, ALPN did not properly validate
certificates when the original server is redirecting to an
insecure site.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0239</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0239</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="ee407762-116c-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- use-after-free after failed memory allocation</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.6.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915535">
<p>Assuming a controlled failed memory allocation, an
attacker could have caused a use-after-free, leading to a
potentially exploitable crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0238</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0238</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="ea51e89a-116c-11f0-8b2c-b42e991fc52e">
<topic>Mozilla -- privilege escalation attack</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>134.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>134.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.6.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915257">
<p>The WebChannel API, which is used to transport various
information across processes, did not check the sending
principal but rather accepted the principal being sent.
This could have led to privilege escalation attacks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0237</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-0237</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-04-04</entry>
</dates>
</vuln>
<vuln vid="37c368f1-10a2-11f0-8195-b42e991fc52e">
<topic>mozilla -- memory corruption</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>136.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>136.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>136.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281">
<p>Memory safety bugs present in Firefox 135 and Thunderbird
135. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could
have been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1943</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1943</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="b31a4e74-109d-11f0-8195-b42e991fc52e">
<topic>mozilla -- memory corruption</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>136.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>136.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.8,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>136.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111">
<p>CVE-2025-1938: Memory safety bugs present in Firefox 135,
Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
<p>CVE-2025-1935: A web page could trick a user into setting
that site as the default handler for a custom URL protocol.</p>
<p>CVE-2025-1934: It was possible to interrupt the processing
of a RegExp bailout and run additional JavaScript, potentially
triggering garbage collection when the engine was not
expecting it.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1938</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1938</url>
<cvename>CVE-2025-1935</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1935</url>
<cvename>CVE-2025-1934</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1934</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="aeb2ca87-109d-11f0-8195-b42e991fc52e">
<topic>mozilla -- Memory safety bugs</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>136.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>136.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.21,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>136.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716">
<p>Memory safety bugs present in Firefox 135, Thunderbird 135,
Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1937</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1937</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="acf902f6-109d-11f0-8195-b42e991fc52e">
<topic>mozilla -- use-after-free in WebTransport connection</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>136.0,2</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>136.0</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.21,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>136.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1944126">
<p>It was possible to cause a use-after-free in the content
process side of a WebTransport connection, leading to a
potentially exploitable crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1931</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1931</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="a93a1d2a-109d-11f0-8195-b42e991fc52e">
<topic>mozilla -- 64 bit JIT WASM read on left over memory</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>136.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.21,1</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>136.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>136.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1946004">
<p>On 64-bit CPUs, when the JIT compiles WASM i32 return
values they can pick up bits from left over memory.
This can potentially cause them to be treated as a different
type.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1933</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1933</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="350b3389-107f-11f0-8195-b42e991fc52e">
<topic>MongoDB -- crash due to improper validation of explain command</topic>
<affects>
<package>
<name>mongodb50</name>
<range><lt>5.0.31</lt></range>
</package>
<package>
<name>mongodb60</name>
<range><lt>6.0.20</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.16</lt></range>
</package>
<package>
<name>mongodb80</name>
<range><lt>8.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-103153">
<p>When run on commands with certain arguments set, explain may fail
to validate these arguments before using them. This can lead to
crashes in router servers. This affects MongoDB Server v5.0 prior
to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0
prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3084</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3084</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="32f5e57f-107f-11f0-8195-b42e991fc52e">
<topic>MongoDB -- Malformed wire protocol messages may cause mongos to crash</topic>
<affects>
<package>
<name>mongodb50</name>
<range><lt>5.0.31</lt></range>
</package>
<package>
<name>mongodb60</name>
<range><lt>6.0.20</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.16</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-103152">
<p>Specifically crafted MongoDB wire protocol messages can cause mongos
to crash during command validation. This can occur without using
an authenticated connection. This issue affects MongoDB v5.0
versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and
MongoDB v7.0 versions prior to 7.0.16</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3083</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3083</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="30418b26-107f-11f0-8195-b42e991fc52e">
<topic>MongoDB -- Unauthorized access to underlying data</topic>
<affects>
<package>
<name>mongodb50</name>
<range><lt>5.0.31</lt></range>
</package>
<package>
<name>mongodb60</name>
<range><lt>6.0.20</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.16</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cna@mongodb.com reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-103151">
<p>A user authorized to access a view may be able to alter the intended
collation, allowing them to access to a different or unintended
view of underlying data. This issue affects MongoDB Server v5.0
version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20,
MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3
versions prior to 7.3.4.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-3082</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-3082</url>
</references>
<dates>
<discovery>2025-04-01</discovery>
<entry>2025-04-03</entry>
</dates>
</vuln>
<vuln vid="2cad4541-0f5b-11f0-89f8-411aefea0df9">
<topic>openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2</topic>
<affects>
<package>
<name>openvpn</name>
<range><ge>2.6.1</ge><lt>2.6.14</lt></range>
</package>
<package>
<name>openvpn-devel</name>
<range><lt>g20250402,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gert Doering reports:</p>
<blockquote cite="https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614">
<p>OpenVPN servers between 2.6.1 and 2.6.13 using
--tls-crypt-v2 can be made to abort with an ASSERT() message by
sending a particular combination of authenticated and malformed packets.</p>
<p>To trigger the bug, a valid tls-crypt-v2 client key is needed, or
network observation of a handshake with a valid tls-crypt-v2 client key</p>
<p>No crypto integrity is violated, no data is leaked, and no remote
code execution is possible.</p>
<p>This bug does not affect OpenVPN clients.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2704</cvename>
<url>https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614</url>
</references>
<dates>
<discovery>2025-03-26</discovery>
<entry>2025-04-02</entry>
</dates>
</vuln>
<vuln vid="300f86de-0e4d-11f0-ae40-b42e991fc52e">
<topic>gitea -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.23.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@golang.org reports:</p>
<blockquote cite="https://go.dev/cl/654697">
<p>Matching of hosts against proxy patterns can improperly treat an
IPv6 zone ID as a hostname component. For example, when the NO_PROXY
environment variable is set to &quot;*.example.com&quot;, a request
to &quot;[::1%25.example.com]:80` will incorrectly match and not
be proxied.</p>
<p>go-redis is the official Redis client library for the Go programming
language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially
responds out of order when `CLIENT SETINFO` times out during
connection establishment. This can happen when the client is
configured to transmit its identity, there are network connectivity
issues, or the client was configured with aggressive timeouts. The
problem occurs for multiple use cases. For sticky connections, you
receive persistent out-of-order responses for the lifetime of the
connection. All commands in the pipeline receive incorrect responses.
When used with the default ConnPool once a connection is returned
after use with ConnPool#Put the read buffer will be checked and the
connection will be marked as bad due to the unread data. This means
that at most one out-of-order response before the connection is
discarded. This issue is fixed in 9.5.5, 9.6.3, and 9.7.3. You
can prevent the vulnerability by setting the flag DisableIndentity
to true when constructing the client instance.</p>
<p>golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a
call to strings.Split) its argument (which is untrusted data) on
periods. As a result, in the face of a malicious request whose
Authorization header consists of Bearer followed by many period
characters, a call to that function incurs allocations to the tune
of O(n) bytes (where n stands for the length of the function&apos;s
argument), with a constant factor of about 16. This issue is fixed
in 5.2.2 and 4.5.2.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-22870</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-22870</url>
<cvename>CVE-2025-29923</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-29923</url>
<cvename>CVE-2025-30204</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-30204</url>
</references>
<dates>
<discovery>2025-03-12</discovery>
<entry>2025-03-31</entry>
</dates>
</vuln>
<vuln vid="1a67144d-0d86-11f0-8542-b42e991fc52e">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>136.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.8,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>136.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.8</lt></range>
</package>
<package>
<name>librewolf</name>
<range><lt>136.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1945392">
<p>An inconsistent comparator in xslt/txNodeSorter could have resulted
in potentially exploitable out-of-bounds access. Only affected
version 122 and later. This vulnerability affects Firefox &lt;
136, Firefox ESR &lt; 128.8, Thunderbird &lt; 136, and Thunderbird
&lt; 128.8.</p>
<p>Under certain circumstances, a user opt-in setting that Focus should
require authentication before use could have been be bypassed
(distinct from CVE-2025-0245). This vulnerability affects Firefox
&lt; 136.</p>
<p>When String.toUpperCase() caused a string to get longer it was
possible for uninitialized memory to be incorporated into the result
string This vulnerability affects Firefox &lt; 136 and Thunderbird
&lt; 136.</p>
<p>Websites redirecting to a non-HTTP scheme URL could allow a website
address to be spoofed for a malicious page This vulnerability affects
Firefox for iOS &lt; 136.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1932</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1932</url>
<cvename>CVE-2025-1941</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1941</url>
<cvename>CVE-2025-1942</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1942</url>
<cvename>CVE-2025-27424</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-27424</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-03-30</entry>
</dates>
</vuln>
<vuln vid="1d53db32-0d60-11f0-8542-b42e991fc52e">
<topic>suricata -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>suricata</name>
<range><lt>7.0.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Suricate team reports:</p>
<blockquote cite="https://forum.suricata.io/t/suricata-7-0-9-released/5495">
<p>Multiple vulnerabilities</p>
</blockquote>
<ul>
<li>
CVE-2025-29915: Severity HIGH. The AF_PACKET defrag option
is enabled by default and allows AF_PACKET to re-assemble
fragmented packets before reaching Suricata. However the
default packet size in Suricata is based on the network
interface MTU which leads to Suricata seeing truncated
packets.
</li>
<li>
CVE-2025-29916: Severity Moderate. Datasets declared in
rules have an option to specify the `hashsize` to use.
This size setting isn't properly limited, so the hash
table allocation can be large. Untrusted rules can lead to
large memory allocations, potentially leading to denial of
service due to resource starvation
</li>
<li>
CVE-2025-29917: Severity HIGH. The bytes setting in the
decode_base64 keyword is not properly limited. Due to
this, signatures using the keyword and setting can cause
large memory allocations of up to 4 GiB per thread.
</li>
<li>
CVE-2025-29918: Severity HIGH. A PCRE rule can be written
that leads to an infinite loop when negated PCRE is used.
Packet processing thread becomes stuck in infinite loop
limiting visibility and availability in inline mode.
</li>
</ul>
</body>
</description>
<references>
<cvename>CVE-2025-29915</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29915</url>
<cvename>CVE-2025-29916</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29916</url>
<cvename>CVE-2025-29917</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29917</url>
<cvename>CVE-2025-29918</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29918</url>
</references>
<dates>
<discovery>2025-03-12</discovery>
<entry>2025-03-30</entry>
</dates>
</vuln>
<vuln vid="7cb6642c-0c5a-11f0-8688-4ccc6adda413">
<topic>qt6-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt6-pdf</name>
<name>qt6-webengine</name>
<range><lt>6.8.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based">
<p>Backports for 11 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-11477: 7-Zip Zstd decompression integer underflow</li>
<li>CVE-2025-0762: Use after free in DevTools</li>
<li>CVE-2025-0996: Inappropriate implementation in Browser UI</li>
<li>CVE-2025-0998: Out of bounds memory access in V8</li>
<li>CVE-2025-0999: Heap buffer overflow in V8</li>
<li>CVE-2025-1006: Use after free in Network</li>
<li>CVE-2025-1426: Heap buffer overflow in GPU</li>
<li>CVE-2025-1918: Out of bounds read in Pdfium</li>
<li>CVE-2025-1919: Out of bounds read in Media</li>
<li>CVE-2025-1921: Inappropriate implementation in Media</li>
<li>CVE-2025-2036: Use after free in Inspector</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-11477</cvename>
<cvename>CVE-2025-0762</cvename>
<cvename>CVE-2025-0996</cvename>
<cvename>CVE-2025-0998</cvename>
<cvename>CVE-2025-0999</cvename>
<cvename>CVE-2025-1006</cvename>
<cvename>CVE-2025-1426</cvename>
<cvename>CVE-2025-1918</cvename>
<cvename>CVE-2025-1919</cvename>
<cvename>CVE-2025-1921</cvename>
<cvename>CVE-2025-2036</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based</url>
</references>
<dates>
<discovery>2025-02-20</discovery>
<entry>2025-03-29</entry>
</dates>
</vuln>
<vuln vid="01a7e1e1-d249-4dd8-9a4a-ef95b5747afb">
<topic>electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo</topic>
<affects>
<package>
<name>electron33</name>
<range><lt>33.4.8</lt></range>
</package>
<package>
<name>electron34</name>
<range><lt>34.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v33.4.8">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2025-2783.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2783</cvename>
<url>https://github.com/advisories/GHSA-hfqm-jfc6-rh2f</url>
</references>
<dates>
<discovery>2025-03-27</discovery>
<entry>2025-03-28</entry>
</dates>
</vuln>
<vuln vid="1daa2814-0a6c-11f0-b4e4-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.10.0</ge><lt>17.10.1</lt></range>
<range><ge>17.9.0</ge><lt>17.9.3</lt></range>
<range><ge>12.10.0</ge><lt>17.8.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/">
<p>Cross-site Scripting (XSS) through merge-request error messages</p>
<p>Cross-site Scripting (XSS) through improper rendering of certain file types</p>
<p>Admin Privileges Persists After Role is Revoked</p>
<p>External user can access internal projects</p>
<p>Prompt injection in Amazon Q integration may allow unauthorized actions</p>
<p>Uncontrolled Resource Consumption via a maliciously crafted terraform file in merge request</p>
<p>Maintainer can inject shell code in Harbor project name configuration when using helper scripts</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2255</cvename>
<cvename>CVE-2025-0811</cvename>
<cvename>CVE-2025-2242</cvename>
<cvename>CVE-2024-12619</cvename>
<cvename>CVE-2024-10307</cvename>
<cvename>CVE-2024-9773</cvename>
<url>https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/</url>
</references>
<dates>
<discovery>2025-03-26</discovery>
<entry>2025-03-26</entry>
</dates>
</vuln>
<vuln vid="964aa5da-f094-47fe-9ebd-2142f9157440">
<topic>electron{33,34} -- Type Confusion in V8</topic>
<affects>
<package>
<name>electron33</name>
<range><lt>33.4.6</lt></range>
</package>
<package>
<name>electron34</name>
<range><lt>34.3.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v33.4.6">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2025-1920.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1920</cvename>
<url>https://github.com/advisories/GHSA-fhwv-7gx3-h767</url>
</references>
<dates>
<discovery>2025-03-20</discovery>
<entry>2025-03-25</entry>
</dates>
</vuln>
<vuln vid="a58fdfef-07c6-11f0-8688-4ccc6adda413">
<topic>qt5-webengine -- Use after free in Compositing</topic>
<affects>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.18p7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based">
<p>Backports for 1 security bug in Chromium:</p>
<ul>
<li>CVE-2024-12694: Use after free in Compositing</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12694</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url>
</references>
<dates>
<discovery>2025-02-14</discovery>
<entry>2025-03-23</entry>
</dates>
</vuln>
<vuln vid="26f6733d-06a9-11f0-ba0b-641c67a117d8">
<topic>www/varnish7 -- client-side desync vulnerability</topic>
<affects>
<package>
<name>varnish7</name>
<range><lt>7.6.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Varnish Development Team reports:</p>
<blockquote cite="https://varnish-cache.org/security/VSV00015.html#vsv00015">
<p>A client-side desync vulnerability can be triggered in Varnish Cache
and Varnish Enterprise. This vulnerability can be triggered under
specific circumstances involving malformed HTTP/1 requests.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-30346</cvename>
<url>https://varnish-cache.org/security/VSV00015.html#vsv00015</url>
</references>
<dates>
<discovery>2024-12-17</discovery>
<entry>2025-03-22</entry>
</dates>
</vuln>
<vuln vid="9456d4e9-055f-11f0-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>134.0.6998.117</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>134.0.6998.117</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[401029609] Critical CVE-2025-2476: Use after free in Lens. Reported by SungKwon Lee of Enki Whitehat on 2025-03-05</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-2476</cvename>
<url>https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html</url>
</references>
<dates>
<discovery>2025-03-19</discovery>
<entry>2025-03-20</entry>
</dates>
</vuln>
<vuln vid="2ac2ddc2-0051-11f0-8673-f02f7432cf97">
<topic>php -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>php81</name>
<range>
<lt>8.1.32</lt>
</range>
</package>
<package>
<name>php82</name>
<range>
<lt>8.2.28</lt>
</range>
</package>
<package>
<name>php83</name>
<range>
<lt>8.3.19</lt>
</range>
</package>
<package>
<name>php84</name>
<range>
<lt>8.4.5</lt>
</range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>php.net reports:</p>
<blockquote cite="https://www.php.net/ChangeLog-8.php">
<ul>
<li>
CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free).
</li>
<li>
CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource).
</li>
<li>
CVE-2025-1736: Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header).
</li>
<li>
CVE-2025-1861: Streams: Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes).
</li>
<li>
CVE-2025-1734: Streams: Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon).
</li>
<li>
CVE-2025-1217: Streams: Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers).
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-11235</cvename>
<cvename>CVE-2025-1219</cvename>
<cvename>CVE-2025-1736</cvename>
<cvename>CVE-2025-1861</cvename>
<cvename>CVE-2025-1734</cvename>
<cvename>CVE-2025-1217</cvename>
<url>https://www.php.net/ChangeLog-8.php</url>
</references>
<dates>
<discovery>2025-03-13</discovery>
<entry>2025-03-13</entry>
</dates>
</vuln>
<vuln vid="0b43fac4-005d-11f0-a540-6cc21735f730">
<topic>shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages</topic>
<affects>
<package>
<name>opensaml</name>
<range><lt>3.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Shibboleth Project reports:</p>
<blockquote cite="https://shibboleth.net/community/advisories/secadv_20250313.txt">
<p>
An updated version of the OpenSAML C++ library is available
which corrects a parameter manipulation vulnerability when using
SAML bindings that rely on non-XML signatures. The Shibboleth
Service Provider is impacted by this issue, and it manifests as
a critical security issue in that context.
</p>
<p>
Parameter manipulation allows the forging of signed SAML messages
</p>
<p>
A number of vulnerabilities in the OpenSAML library used by the
Shibboleth Service Provider allowed for creative manipulation of
parameters combined with reuse of the contents of older requests
to fool the library's signature verification of non-XML based
signed messages.
</p>
<p>
Most uses of that feature involve very low or
low impact use cases without critical security implications;
however, there are two scenarios that are much more critical,
one affecting the SP and one affecting some implementers who
have implemented their own code on top of our OpenSAML library
and done so improperly.
</p>
<p>
The SP's support for the HTTP-POST-SimpleSign SAML binding for
Single Sign-On responses is its critical vulnerability, and it
is enabled by default (regardless of what one's published SAML
metadata may advertise).
</p>
<p>
The other critical case involves a mistake that
does *not* impact the Shibboleth SP, allowing SSO to occur over
the HTTP-Redirect binding contrary to the plain language of the
SAML Browser SSO profile. The SP does not support this, but
other implementers may have done so.
</p>
<p>
Prior to updating, it is possible to mitigate the POST-SimpleSign
vulnerability by editing the protocols.xml configuration file and
removing this line:
<code>&lt;Binding id="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
path="/SAML2/POST-SimpleSign" /&gt;</code>
</p>
</blockquote>
</body>
</description>
<references>
<url>https://shibboleth.net/community/advisories/secadv_20250313.txt</url>
</references>
<dates>
<discovery>2025-03-13</discovery>
<entry>2025-03-13</entry>
</dates>
</vuln>
<vuln vid="a435609c-ffd5-11ef-b4e4-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.9.0</ge><lt>17.9.2</lt></range>
<range><ge>17.8.0</ge><lt>17.8.5</lt></range>
<range><ge>11.5</ge><lt>17.7.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/">
<p>CVE-2025-25291 and CVE-2025-25292 (third party gem ruby-saml)</p>
<p>CVE-2025-27407 (third party gem graphql)</p>
<p>Denial of Service Due to Inefficient Processing of Untrusted Input</p>
<p>Credentials disclosed when repository mirroring fails</p>
<p>Denial of Service Vulnerability in GitLab Approval Rules due to Unbounded Field</p>
<p>Internal Notes in Merge Requests Are Emailed to Non-Members Upon Review Submission</p>
<p>Maintainer can inject shell code in Google integrations</p>
<p>Guest with custom Admin group member permissions can approve the users invitation despite user caps</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-25291</cvename>
<cvename>CVE-2025-25292</cvename>
<cvename>CVE-2025-27407</cvename>
<cvename>CVE-2024-13054</cvename>
<cvename>CVE-2024-12380</cvename>
<cvename>CVE-2025-1257</cvename>
<cvename>CVE-2025-0652</cvename>
<cvename>CVE-2024-8402</cvename>
<cvename>CVE-2024-7296</cvename>
<url>https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/</url>
</references>
<dates>
<discovery>2025-03-12</discovery>
<entry>2025-03-13</entry>
</dates>
</vuln>
<vuln vid="9cf03c96-ffa5-11ef-bb15-002590af0794">
<topic>vim -- potential data loss with zip.vim and specially crafted zip files</topic>
<affects>
<package>
<name>vim</name>
<range><lt>9.1.1198</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Vim reports:</p>
<blockquote cite="https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf">
<p>See https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-29768</cvename>
<url>https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf</url>
</references>
<dates>
<discovery>2025-03-12</discovery>
<entry>2025-03-12</entry>
</dates>
</vuln>
<vuln vid="a02a6d94-fe53-11ef-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>134.0.6998.88</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>134.0.6998.88</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html">
<p>This update includes 5 security fixes:</p>
<ul>
<li>[398065918] High CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o. on 2025-02-21</li>
<li>[400052777] High CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2025-03-02</li>
<li>[401059730] High CVE-TBD: Out of bounds write in GPU. Reported on 2025-03-05</li>
<li>[395032416] Medium CVE-2025-2136: Use after free in Inspector. Reported by Sakana.S on 2025-02-10</li>
<li>[398999390] Medium CVE-2025-2137: Out of bounds read in V8. Reported by zeroxiaobai@ on 2025-02-25</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1920</cvename>
<cvename>CVE-2025-2135</cvename>
<cvename>CVE-2025-2136</cvename>
<cvename>CVE-2025-2137</cvename>
<url>https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html</url>
</references>
<dates>
<discovery>2025-03-10</discovery>
<entry>2025-03-11</entry>
</dates>
</vuln>
<vuln vid="a86f9189-fdd9-11ef-91ff-b42e991fc52e">
<topic>libreoffice -- Macro URL arbitrary script execution</topic>
<affects>
<package>
<name>libreoffice</name>
<range><ge>24.8</ge><lt>24.8.5</lt></range>
<range><ge>25.2</ge><lt>25.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@documentfoundation.org reports:</p>
<blockquote cite="https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080">
<p>LibreOffice supports Office URI Schemes to enable browser integration
of LibreOffice with MS SharePoint server. An additional scheme
&apos;vnd.libreoffice.command&apos; specific to LibreOffice was
added. In the affected versions of LibreOffice a link in a browser
using that scheme could be constructed with an embedded inner URL
that when passed to LibreOffice could call internal macros with
arbitrary arguments. This issue affects LibreOffice: from 24.8
before &lt; 24.8.5, from 25.2 before &lt; 25.2.1.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1080</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1080</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-03-10</entry>
</dates>
</vuln>
<vuln vid="2ec7816d-fdb7-11ef-91ff-b42e991fc52e">
<topic>vim -- Improper Input Validation in Vim</topic>
<affects>
<package>
<name>vim</name>
<range><lt>9.1.1164</lt></range>
</package>
<package>
<name>vim-gtk2</name>
<range><lt>9.1.1164</lt></range>
</package>
<package>
<name>vim-gtk3</name>
<range><lt>9.1.1164</lt></range>
</package>
<package>
<name>vim-motif</name>
<range><lt>9.1.1164</lt></range>
</package>
<package>
<name>vim-tiny</name>
<range><lt>9.1.1164</lt></range>
</package>
<package>
<name>vim-x11</name>
<range><lt>9.1.1164</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29">
<p>Vim is distributed with the tar.vim plugin, that allows
easy editing and viewing of (compressed or uncompressed) tar
files. Starting with 9.1.0858, the tar.vim plugin uses the
&quot;:read&quot; ex command line to append below the
cursor position, however the is not sanitized and is taken
literally from the tar archive. This allows to execute
shellcommands via special crafted tar archives. Whether
this really happens, depends on the shell being used
(&apos;shell&apos; option, which is set using $SHELL).
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27423</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-27423</url>
</references>
<dates>
<discovery>2025-03-03</discovery>
<entry>2025-03-10</entry>
</dates>
</vuln>
<vuln vid="6ba9e26e-c9c6-49f7-ae43-47e5864f0b66">
<topic>electron33 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron33</name>
<range><lt>33.4.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron develpers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v33.4.3">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2025-0445.</li>
<li>Security: backported fix for CVE-2025-0995.</li>
<li>Security: backported fix for CVE-2025-0998.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0445</cvename>
<url>https://github.com/advisories/GHSA-q4fq-38gr-ccp3</url>
<cvename>CVE-2025-0995</cvename>
<url>https://github.com/advisories/GHSA-377p-4737-hx6m</url>
<cvename>CVE-2025-0998</cvename>
<url>https://github.com/advisories/GHSA-4v9x-qxmv-4h58</url>
</references>
<dates>
<discovery>2025-03-06</discovery>
<entry>2025-03-08</entry>
</dates>
</vuln>
<vuln vid="6e27040b-61b7-4989-9471-dfb10c3cd76e">
<topic>electron32 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron32</name>
<range><lt>32.3.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v32.3.3">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2025-0445.</li>
<li>Security: backported fix for CVE-2025-0998.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0445</cvename>
<url>https://github.com/advisories/GHSA-q4fq-38gr-ccp3</url>
<cvename>CVE-2025-0998</cvename>
<url>https://github.com/advisories/GHSA-4v9x-qxmv-4h58</url>
</references>
<dates>
<discovery>2025-03-03</discovery>
<entry>2025-03-07</entry>
</dates>
</vuln>
<vuln vid="3299cbfd-fa6e-11ef-929d-b0416f0c4c67">
<topic>Jinja2 -- Sandbox breakout through attr filter selecting format method</topic>
<affects>
<package>
<name>py38-Jinja2</name>
<name>py39-Jinja2</name>
<name>py310-Jinja2</name>
<name>py311-Jinja2</name>
<range><lt>3.1.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403">
<p>Jinja is an extensible templating engine. Prior to 3.1.6, an
oversight in how the Jinja sandboxed environment interacts with the
|attr filter allows an attacker that controls the content of a
template to execute arbitrary Python code. To exploit the
vulnerability, an attacker needs to control the content of a template.
Whether that is the case depends on the type of application using
Jinja. This vulnerability impacts users of applications which
execute untrusted templates. Jinja&apos;s sandbox does catch calls
to str.format and ensures they don&apos;t escape the sandbox.
However, it&apos;s possible to use the |attr filter to get a reference
to a string&apos;s plain format method, bypassing the sandbox.
After the fix, the |attr filter no longer bypasses the environment&apos;s
attribute lookup. This vulnerability is fixed in 3.1.6.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27516</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-27516</url>
</references>
<dates>
<discovery>2025-03-05</discovery>
<entry>2025-03-06</entry>
</dates>
</vuln>
<vuln vid="f4297478-fa62-11ef-b597-001fc69cd6dc">
<topic>xorg server -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>xorg-server</name>
<name>xephyr</name>
<name>xorg-vfbserver</name>
<range><lt>21.1.16,1</lt></range>
</package>
<package>
<name>xorg-nextserver</name>
<range><lt>21.1.16,2</lt></range>
</package>
<package>
<name>xwayland</name>
<range><lt>24.1.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The X.Org project reports:</p>
<blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html">
<ul>
<li>
CVE-2025-26594: Use-after-free of the root cursor
<p>The root cursor is referenced in the xserver as a global variable. If
a client manages to free the root cursor, the internal reference points
to freed memory and causes a use-after-free.</p>
</li>
<li>
CVE-2025-26595: Buffer overflow in XkbVModMaskText()
<p>The code in XkbVModMaskText() allocates a fixed sized buffer on the
stack and copies the names of the virtual modifiers to that buffer.
The code however fails to check the bounds of the buffer correctly and
would copy the data regardless of the size, which may lead to a buffer
overflow.</p>
</li>
<li>
CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
<p>The computation of the length in XkbSizeKeySyms() differs from what is
actually written in XkbWriteKeySyms(), which may lead to a heap based
buffer overflow.</p>
</li>
<li>
CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()
<p>If XkbChangeTypesOfKey() is called with 0 group, it will resize the key
symbols table to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value of groups,
this will cause a buffer overflow because the key actions are of the wrong
size.</p>
</li>
<li>
CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()
<p>The function GetBarrierDevice() searches for the pointer device based on
its device id and returns the matching value, or supposedly NULL if no
match was found.
However the code will return the last element of the list if no matching
device id was found which can lead to out of bounds memory access.</p>
</li>
<li>
CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()
<p>The function compCheckRedirect() may fail if it cannot allocate the backing
pixmap. In that case, compRedirectWindow() will return a BadAlloc error
without the validation of the window tree marked just before, which leaves
the validate data partly initialized, and the use of an uninitialized pointer
later.</p>
</li>
<li>
CVE-2025-26600: Use-after-free in PlayReleasedEvents()
<p>When a device is removed while still frozen, the events queued for that
device remain while the device itself is freed and replaying the events
will cause a use after free.</p>
</li>
<li>
CVE-2025-26601: Use-after-free in SyncInitTrigger()
<p>When changing an alarm, the values of the change mask are evaluated one
after the other, changing the trigger values as requested and eventually,
SyncInitTrigger() is called.
If one of the changes triggers an error, the function will return early,
not adding the new sync object.
This can be used to cause a use after free when the alarm eventually
triggers.</p>
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-26594</cvename>
<cvename>CVE-2025-26595</cvename>
<cvename>CVE-2025-26596</cvename>
<cvename>CVE-2025-26597</cvename>
<cvename>CVE-2025-26598</cvename>
<cvename>CVE-2025-26599</cvename>
<cvename>CVE-2025-26600</cvename>
<cvename>CVE-2025-26601</cvename>
<url>https://lists.x.org/archives/xorg-announce/2025-February/003584.html</url>
</references>
<dates>
<discovery>2025-02-25</discovery>
<entry>2025-03-06</entry>
</dates>
</vuln>
<vuln vid="d8bd20ae-fa48-11ef-ab7a-ace2d30de67a">
<topic>caldera -- Remote Code Execution</topic>
<affects>
<package>
<name>caldera</name>
<range><lt>5.2.0</lt></range>
</package>
<package>
<name>caldera4</name>
<range><le>4.2.0</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MITRE Caldera contributor report:</p>
<blockquote cite="https://github.com/mitre/caldera/pull/3129">
<p>In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e,
a Remote Code Execution (RCE) vulnerability was found in the dynamic
agent (implant) compilation functionality of the server. This allows
remote attackers to execute arbitrary code on the server that Caldera
is running on via a crafted web request to the Caldera server API used
for compiling and downloading of Caldera's Sandcat or Manx agent
(implants). This web request can use the gcc -extldflags linker flag
with sub-commands.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27364</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-27364</url>
</references>
<dates>
<discovery>2025-02-16</discovery>
<entry>2025-03-06</entry>
</dates>
</vuln>
<vuln vid="cb98d018-f9f5-11ef-a398-00e081b7aa2d">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.500</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.492.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2025-03-05/">
<h1>Description</h1>
<h5>(Medium) SECURITY-3495 / CVE-2025-27622</h5>
<p>Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission</p>
<h1>Description</h1>
<h5>(Medium) SECURITY-3496 / CVE-2025-27623</h5>
<p>Encrypted values of secrets stored in view configuration revealed to users with View/Read permission</p>
<h1>Description</h1>
<h5>(Medium) SECURITY-3498 / CVE-2025-27624</h5>
<p>CSRF vulnerability</p>
<h1>Description</h1>
<h5>(Medium) SECURITY-3501 / CVE-2025-27625</h5>
<p>Open redirect vulnerability</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27622</cvename>
<cvename>CVE-2025-27623</cvename>
<cvename>CVE-2025-27624</cvename>
<cvename>CVE-2025-27625</cvename>
<url>https://www.jenkins.io/security/advisory/2025-03-05/</url>
</references>
<dates>
<discovery>2025-03-05</discovery>
<entry>2025-03-05</entry>
</dates>
</vuln>
<vuln vid="475d1968-f99d-11ef-b382-b0416f0c4c67">
<topic>Spotipy -- Spotipy&apos;s cache file, containing spotify auth token, is created with overly broad permissions</topic>
<affects>
<package>
<name>py38-spotipy</name>
<name>py39-spotipy</name>
<name>py310-spotipy</name>
<name>py311-spotipy</name>
<range><lt>2.25.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cache_handler.py#L93-L98">
<p>Spotipy is a lightweight Python library for the Spotify Web API.
The `CacheHandler` class creates a cache file to store the auth
token. Prior to version 2.25.1, the file created has `rw-r--r--`
(644) permissions by default, when it could be locked down to
`rw-------` (600) permissions. This leads to overly broad exposure
of the spotify auth token. If this token can be read by an attacker
(another user on the machine, or a process running as another user),
it can be used to perform administrative actions on the Spotify
account, depending on the scope granted to the token. Version
2.25.1 tightens the cache file permissions.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-27154</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-27154</url>
</references>
<dates>
<discovery>2025-02-27</discovery>
<entry>2025-03-05</entry>
</dates>
</vuln>
<vuln vid="9c62d3f0-f997-11ef-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>134.0.6998.35</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>134.0.6998.35</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html">
<p>This update includes 14 security fixes:</p>
<ul>
<li>[397731718] High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13) on 2025-02-20</li>
<li>[391114799] Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Reported by Topi Lassila on 2025-01-20</li>
<li>[376493203] Medium CVE-2025-1916: Use after free in Profiles. Reported by parkminchan, SSD Labs Korea on 2024-10-31</li>
<li>[329476341] Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Reported by Khalil Zhani on 2024-03-14</li>
<li>[388557904] Medium CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine on 2025-01-09</li>
<li>[392375312] Medium CVE-2025-1919: Out of bounds read in Media. Reported by @Bl1nnnk and @Pisanbao on 2025-01-26</li>
<li>[387583503] Medium CVE-2025-1921: Inappropriate Implementation in Media Stream. Reported by Kaiido on 2025-01-04</li>
<li>[384033062] Low CVE-2025-1922: Inappropriate Implementation in Selection. Reported by Alesandro Ortiz on 2024-12-14</li>
<li>[382540635] Low CVE-2025-1923: Inappropriate Implementation in Permission Prompts. Reported by Khalil Zhani on 2024-12-06</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1914</cvename>
<cvename>CVE-2025-1915</cvename>
<cvename>CVE-2025-1916</cvename>
<cvename>CVE-2025-1917</cvename>
<cvename>CVE-2025-1918</cvename>
<cvename>CVE-2025-1919</cvename>
<cvename>CVE-2025-1921</cvename>
<cvename>CVE-2025-1922</cvename>
<cvename>CVE-2025-1923</cvename>
<url>https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2025-03-04</discovery>
<entry>2025-03-05</entry>
</dates>
</vuln>
<vuln vid="f4f3e001-402b-4d6d-8efa-ab11fcf8de2b">
<topic>electron{32,33} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron32</name>
<range><lt>32.3.2</lt></range>
</package>
<package>
<name>electron33</name>
<range><lt>33.4.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v32.3.2">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2025-0611.</li>
<li>Security: backported fix for CVE-2025-0612.</li>
<li>Security: backported fix for CVE-2025-0999.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0611</cvename>
<url>https://github.com/advisories/GHSA-83vc-v46q-mv3w</url>
<cvename>CVE-2025-0612</cvename>
<url>https://github.com/advisories/GHSA-c6xg-jh94-mf2w</url>
<cvename>CVE-2025-0999</cvename>
<url>https://github.com/advisories/GHSA-f2jv-hxph-r5wm</url>
</references>
<dates>
<discovery>2025-02-27</discovery>
<entry>2025-03-04</entry>
</dates>
</vuln>
<vuln vid="6af5e3a3-f85a-11ef-95b9-589cfc10a551">
<topic>unit -- potential security issue</topic>
<affects>
<package>
<name>unit</name>
<name>unit-java</name>
<range><ge>1.11.0</ge><lt>1.34.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SO-AND-SO reports:</p>
<blockquote cite="https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html">
<p>Unit 1.34.2 fixes two issues in the Java language module websocket code.</p>
<ol>
<li>It addresses a potential security issue where we could get a negative
payload length that could cause the Java language module process(es) to
enter an infinite loop and consume excess CPU. This was a bug carried
over from the initial Java websocket code import. It has been re-issued
a CVE number (CVE-2025-1695).</li>
<li>It addresses an issue whereby decoded payload lengths would be limited
to 32 bits.</li>
</ol>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1695</cvename>
<url>https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html</url>
</references>
<dates>
<discovery>2025-03-03</discovery>
<entry>2025-03-03</entry>
</dates>
</vuln>
<vuln vid="398d1ec1-f7e6-11ef-bb15-002590af0794">
<topic>vim -- Potential code execution</topic>
<affects>
<package>
<name>vim</name>
<name>vim-gtk2</name>
<name>vim-gtk3</name>
<name>vim-motif</name>
<name>vim-x11</name>
<name>vim-tiny</name>
<range><lt>9.1.1164</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>vim reports:</p>
<blockquote cite="https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3">
<h1>Summary</h1>
<p>Potential code execution with tar.vim and special crafted tar files</p>
<h1>Description</h1>
<p>Vim is distributed with the tar.vim plugin, that allows easy
editing and viewing of (compressed or uncompressed) tar files.</p>
<p>Since commit 129a844 (Nov 11, 2024 runtime(tar): Update tar.vim to
support permissions), the tar.vim plugin uses the ":read " ex command
line to append below the cursor position, however the is not sanitized
and is taken literaly from the tar archive. This allows to execute
shell commands via special crafted tar archives. Whether this really
happens, depends on the shell being used ('shell' option, which is set
using $SHELL).</p>
<h1>Impact</h1>
<p>Impact is high but a user must be convinced to edit such a file
using Vim which will reveal the filename, so a careful user may suspect
some strange things going on.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3</url>
</references>
<dates>
<discovery>2025-03-02</discovery>
<entry>2025-03-02</entry>
</dates>
</vuln>
<vuln vid="8fb9101e-f58a-11ef-b4e4-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.9.0</ge><lt>17.9.1</lt></range>
<range><ge>17.8.0</ge><lt>17.8.4</lt></range>
<range><ge>15.10.0</ge><lt>17.7.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/">
<p>XSS in k8s proxy endpoint</p>
<p>XSS Maven Dependency Proxy</p>
<p>HTML injection leads to XSS on self hosted instances</p>
<p>Improper Authorisation Check Allows Guest User to Read Security Policy</p>
<p>Planner role can read code review analytics in private projects</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0475</cvename>
<cvename>CVE-2025-0555</cvename>
<cvename>CVE-2024-8186</cvename>
<cvename>CVE-2024-10925</cvename>
<cvename>CVE-2025-0307</cvename>
<url>https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/</url>
</references>
<dates>
<discovery>2025-02-26</discovery>
<entry>2025-02-28</entry>
</dates>
</vuln>
<vuln vid="a4cb7f9b-f506-11ef-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>133.0.6943.141</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>133.0.6943.141</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html">
<p>This update includes 1 security fix.</p>
</blockquote>
</body>
</description>
<references>
<url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html</url>
</references>
<dates>
<discovery>2025-02-25</discovery>
<entry>2025-02-27</entry>
</dates>
</vuln>
<vuln vid="6ae77556-f31d-11ef-a695-4ccc6adda413">
<topic>exiv2 -- Use after free in TiffSubIfd</topic>
<affects>
<package>
<name>exiv2</name>
<range><ge>0.28.0</ge><lt>0.28.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kevin Backhouse reports:</p>
<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7">
<p>A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4.
Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a
command-line utility and C++ library for reading, writing, deleting, and
modifying the metadata of image files. The heap overflow is triggered when
Exiv2 is used to write metadata into a crafted image file. An attacker
could potentially exploit the vulnerability to gain code execution, if
they can trick the victim into running Exiv2 on a crafted image file.</p>
<p>Note that this bug is only triggered when writing the metadata, which
is a less frequently used Exiv2 operation than reading the metadata. For
example, to trigger the bug in the Exiv2 command-line application, you
need to add an extra command-line argument such as fixiso.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-26623</cvename>
<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7</url>
</references>
<dates>
<discovery>2025-02-18</discovery>
<entry>2025-02-25</entry>
</dates>
</vuln>
<vuln vid="e60e538f-e795-4a00-b475-cc85a7546e00">
<topic>Emacs -- Arbitrary code execution vulnerability</topic>
<affects>
<package>
<name>emacs</name>
<name>emacs-canna</name>
<name>emacs-nox</name>
<name>emacs-wayland</name>
<range><lt>30.1,3</lt></range>
</package>
<package>
<name>emacs-devel</name>
<name>emacs-devel-nox</name>
<range><lt>30.0.50.20240115,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description</h1>
<p>A shell injection vulnerability exists in GNU Emacs due to improper
handling of custom man URI schemes.</p>
<h1>Impact</h1>
<p>Initially considered low severity, as it required user interaction with
local files, it was later discovered that an attacker could exploit this
vulnerability by tricking a user into visiting a specially crafted
website or an HTTP URL with a redirect, leading to arbitrary shell
command execution without further user action.</p>
</body>
</description>
<references>
<cvename>CVE-2025-1244</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1244</url>
</references>
<dates>
<discovery>2025-02-11</discovery>
<entry>2025-02-24</entry>
<modified>2025-02-25</modified>
</dates>
</vuln>
<vuln vid="7ba6c085-1590-491a-98ce-5452646b196f">
<topic>Emacs -- Shell injection vulnerability</topic>
<affects>
<package>
<name>emacs</name>
<name>emacs-canna</name>
<name>emacs-nox</name>
<name>emacs-wayland</name>
<range><lt>30.1,3</lt></range>
</package>
<package>
<name>emacs-devel</name>
<name>emacs-devel-nox</name>
<range><lt>31.0.50.20250101,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>An Emacs user who chooses to invoke elisp-completion-at-point (for
code completion) on untrusted Emacs Lisp source code can trigger unsafe
Lisp macro expansion that allows attackers to execute arbitrary code.
This unsafe expansion also occurs if a user chooses to enable on-the-fly
diagnosis that byte compiles untrusted Emacs Lisp source code.</p>
</body>
</description>
<references>
<cvename>CVE-2024-53920</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-53920</url>
</references>
<dates>
<discovery>2024-11-27</discovery>
<entry>2025-02-24</entry>
</dates>
</vuln>
<vuln vid="07c34df5-f299-11ef-a441-b42e991fc52e">
<topic>exim -- SQL injection</topic>
<affects>
<package>
<name>exim</name>
<range><lt>4.98.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://bugzilla.suse.com/show_bug.cgi?id=1237424">
<p>Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization
are used, allows remote SQL injection.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-26794</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-26794</url>
</references>
<dates>
<discovery>2025-02-21</discovery>
<entry>2025-02-24</entry>
</dates>
</vuln>
<vuln vid="a8f1ee74-f267-11ef-87ba-002590c1f29c">
<topic>FreeBSD -- Multiple vulnerabilities in OpenSSH</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.2</ge><lt>14.2_2</lt></range>
<range><ge>14.1</ge><lt>14.1_8</lt></range>
<range><ge>13.4</ge><lt>13.4_4</lt></range>
</package>
<package>
<name>openssh-portable</name>
<range><lt>9.9.p2_1,1</lt></range>
</package>
<package>
<name>openssh-portable-hpn</name>
<range><lt>9.9.p2_1,1</lt></range>
</package>
<package>
<name>openssh-portable-gssapi</name>
<range><lt>9.9.p2_1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>OpenSSH client host verification error (CVE-2025-26465)</p>
<p>ssh(1) contains a logic error that allows an on-path attacker to
impersonate any server during certain conditions when the
VerifyHostKeyDNS option is enabled.</p>
<p>OpenSSH server denial of service (CVE-2025-26466)</p>
<p>The OpenSSH client and server are both vulnerable to a memory/CPU
denial of service while handling SSH2_MSG_PING packets.</p>
<h1>Impact:</h1>
<p>OpenSSH client host verification error (CVE-2025-26465)</p>
<p>Under specific circumstances, a machine-in-the-middle may impersonate
any server when the client has the VerifyHostKeyDNS option enabled.</p>
<p>OpenSSH server denial of service (CVE-2025-26466)</p>
<p>During the processing of SSH2_MSG_PING packets, a server may be
subject to a memory/CPU denial of service.</p>
</body>
</description>
<references>
<cvename>CVE-2025-26465</cvename>
<cvename>CVE-2025-26466</cvename>
<freebsdsa>SA-25:05.openssh</freebsdsa>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-26465</url>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-26466</url>
</references>
<dates>
<discovery>2025-02-21</discovery>
<entry>2025-02-24</entry>
<modified>2025-03-08</modified>
</dates>
</vuln>
<vuln vid="2a3be628-ef6e-11ef-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>133.0.6943.126</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>133.0.6943.126</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[394350433] High CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee (@0x10n) on 2025-02-04</li>
<li>[383465163] High CVE-2025-1426: Heap buffer overflow in GPU. Reported by un3xploitable and GF on 2024-12-11</li>
<li>[390590778] Medium CVE-2025-1006: Use after free in Network. Reported by Tal Keren, Sam Agranat, Eran Rom, Edouard Bochin, Adam Hatsir of Palo Alto Networks on 2025-01-18</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0999</cvename>
<cvename>CVE-2025-1426</cvename>
<cvename>CVE-2025-1006</cvename>
<url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html</url>
</references>
<dates>
<discovery>2025-02-18</discovery>
<entry>2025-02-20</entry>
</dates>
</vuln>
<vuln vid="f572b9d1-ef6d-11ef-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>133.0.6943.98</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>133.0.6943.98</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[391907159] High CVE-2025-0995: Use after free in V8. Reported by Popax21 on 2025-01-24</li>
<li>[391788835] High CVE-2025-0996: Inappropriate implementation in Browser UI. Reported by yuki yamaoto on 2025-01-23</li>
<li>[391666328] High CVE-2025-0997: Use after free in Navigation. Reported by asnine on 2025-01-23</li>
<li>[386857213] High CVE-2025-0998: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-31</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0995</cvename>
<cvename>CVE-2025-0996</cvename>
<cvename>CVE-2025-0997</cvename>
<cvename>CVE-2025-0998</cvename>
<url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html</url>
</references>
<dates>
<discovery>2025-02-12</discovery>
<entry>2025-02-20</entry>
</dates>
</vuln>
<vuln vid="b09d0b3b-ef6d-11ef-85f3-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>133.0.6943.53</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>133.0.6943.53</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html">
<p>This update includes 12 security fixes:</p>
<ul>
<li>[390889644] High CVE-2025-0444: Use after free in Skia. Reported by Francisco Alonso (@revskills) on 2025-01-19</li>
<li>[392521083] High CVE-2025-0445: Use after free in V8. Reported by 303f06e3 on 2025-01-27</li>
<li>[40061026] Medium CVE-2025-0451: Inappropriate implementation in Extensions API. Reported by Vitor Torres and Alesandro Ortiz on 2022-09-18</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0444</cvename>
<cvename>CVE-2025-0445</cvename>
<cvename>CVE-2025-0451</cvename>
<url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2025-02-04</discovery>
<entry>2025-02-20</entry>
</dates>
</vuln>
<vuln vid="cbf5d976-656b-4bb6-805f-3af038e2de3e">
<topic>vscode -- multiple vulnerabilities</topic>
<affects>
<package>
<name>vscode</name>
<range><lt>1.97.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>VSCode developers report:</p>
<blockquote cite="https://github.com/microsoft/vscode/releases/tag/1.97.1">
<p>The update addresses these issues, including a fix for a security vulnerability.</p>
<ul>
<li>Scope node_module binary resolution in js-debug</li>
<li>Elevation of Privilege Vulnerability with VS Code server for web UI</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-24042</cvename>
<url>https://github.com/microsoft/vscode/security/advisories/GHSA-f85p-3684-2g3j</url>
<cvename>CVE-2025-24039</cvename>
<url>https://github.com/microsoft/vscode/security/advisories/GHSA-532g-4pv9-25f2</url>
</references>
<dates>
<discovery>2025-02-11</discovery>
<entry>2025-02-13</entry>
</dates>
</vuln>
<vuln vid="e915b60e-ea25-11ef-a1c0-0050569f0b83">
<topic>security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response</topic>
<affects>
<package>
<name>openvpn-auth-ldap</name>
<range><lt>2.0.4_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Graham Northup reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2024-28820">
<p>A buffer overflow in extract_openvpn_cr allows attackers with a valid
LDAP username and who can control the challenge/response password field
to pass a string with more than 14 colons into this field and cause a
buffer overflow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-28820</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-28820</url>
</references>
<dates>
<discovery>2024-06-27</discovery>
<entry>2025-02-13</entry>
</dates>
</vuln>
<vuln vid="fadf3b41-ea19-11ef-a540-6cc21735f730">
<topic>PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation</topic>
<affects>
<package>
<name>postgresql17-client</name>
<range><lt>17.3</lt></range>
</package>
<package>
<name>postgresql16-client</name>
<range><lt>16.7</lt></range>
</package>
<package>
<name>postgresql15-client</name>
<range><lt>15.11</lt></range>
</package>
<package>
<name>postgresql14-client</name>
<range><lt>14.16</lt></range>
</package>
<package>
<name>postgresql13-client</name>
<range><lt>13.19</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The PostgreSQL Project reports:</p>
<blockquote cite="https://www.postgresql.org/support/security/CVE-2025-1094/">
<p>
Improper neutralization of quoting syntax in PostgreSQL
libpq functions PQescapeLiteral(), PQescapeIdentifier(),
PQescapeString(), and PQescapeStringConn() allows a
database input provider to achieve SQL injection in
certain usage patterns. Specifically, SQL injection
requires the application to use the function result to
construct input to psql, the PostgreSQL interactive
terminal. Similarly, improper neutralization of quoting
syntax in PostgreSQL command line utility programs
allows a source of command line arguments to achieve SQL
injection when client_encoding is BIG5 and
server_encoding is one of EUC_TW or MULE_INTERNAL.
Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and
13.19 are affected.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1094</cvename>
<url>https://www.postgresql.org/support/security/CVE-2025-1094/</url>
</references>
<dates>
<discovery>2025-02-13</discovery>
<entry>2025-02-13</entry>
</dates>
</vuln>
<vuln vid="1a8c5720-e9cf-11ef-9e96-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.8.0</ge><lt>17.8.2</lt></range>
<range><ge>17.7.0</ge><lt>17.7.4</lt></range>
<range><ge>8.3.0</ge><lt>17.6.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/">
<p>A CSP-bypass XSS in merge-request page</p>
<p>Denial of Service due to Unbounded Symbol Creation</p>
<p>Exfiltrate content from private issues using Prompt Injection</p>
<p>A custom permission may allow overriding Repository settings</p>
<p>Internal HTTP header leak via route confusion in workhorse</p>
<p>SSRF via workspaces</p>
<p>Unauthorized Incident Closure and Deletion by Planner Role in GitLab</p>
<p>ActionCable does not invalidate tokens after revocation</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0376</cvename>
<cvename>CVE-2024-12379</cvename>
<cvename>CVE-2024-3303</cvename>
<cvename>CVE-2025-1042</cvename>
<cvename>CVE-2025-1212</cvename>
<cvename>CVE-2024-9870</cvename>
<cvename>CVE-2025-0516</cvename>
<cvename>CVE-2025-1198</cvename>
<url>https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/</url>
</references>
<dates>
<discovery>2025-02-12</discovery>
<entry>2025-02-13</entry>
</dates>
</vuln>
<vuln vid="d598266d-7772-4a31-9594-83b76b1fb837">
<topic>Intel CPUs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>cpu-microcode-intel</name>
<range><lt>20250211</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Intel reports:</p>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html">
<p>
A potential security vulnerability in some Intel Processors may allow
denial of service. Intel released microcode updates to mitigate this
potential vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html">
<p>
A potential security vulnerability in some Intel Software Guard
Extensions (Intel SGX) Platforms may allow denial of service. Intel
is released microcode updates to mitigate this potential
vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html">
<p>
Potential security vulnerabilities in the UEFI firmware for some Intel
Processors may allow escalation of privilege, denial of service, or
information disclosure. Intel released UEFI firmware and CPU microcode
updates to mitigate these potential vulnerabilities.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html">
<p>
A potential security vulnerability in some 13th and 14th Generation
Intel Core™ Processors may allow denial of service. Intel released
microcode and UEFI reference code updates to mitigate this potential
vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html">
<p>
A potential security vulnerability in the Intel Data Streaming
Accelerator (Intel DSA) for some Intel Xeon Processors may allow
denial of service. Intel released software updates to mitigate this
potential vulnerability.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31068</cvename>
<cvename>CVE-2024-36293</cvename>
<cvename>CVE-2023-43758</cvename>
<cvename>CVE-2024-39355</cvename>
<cvename>CVE-2024-37020</cvename>
<url>https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211</url>
</references>
<dates>
<discovery>2025-02-11</discovery>
<entry>2025-02-12</entry>
</dates>
</vuln>
<vuln vid="a64761a1-e895-11ef-873e-8447094a420f">
<topic>OpenSSL -- Man-in-the-Middle vulnerability</topic>
<affects>
<package>
<name>openssl32</name>
<range><lt>3.2.4</lt></range>
</package>
<package>
<name>openssl33</name>
<range><lt>3.3.2</lt></range>
</package>
<package>
<name>openssl34</name>
<range><lt>3.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://openssl-library.org/news/secadv/20250211.txt">
<p>RFC7250 handshakes with unauthenticated servers don't abort as expected (High).
Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12797</cvename>
<url>https://openssl-library.org/news/secadv/20250211.txt</url>
</references>
<dates>
<discovery>2025-02-11</discovery>
<entry>2025-02-11</entry>
</dates>
</vuln>
<vuln vid="20485d27-e540-11ef-a845-b42e991fc52e">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>135.0.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.7,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.7</lt></range>
<range><gt>129</gt><lt>135</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471">
<p>A bug in WebAssembly code generation could have lead to a crash.
It may have been possible for an attacker to leverage this to achieve
code execution.</p>
<p>A race condition could have led to private browsing tabs being
opened in normal browsing windows. This could have resulted in a
potential privacy leak.</p>
<p>Certificate length was not properly checked when added to a certificate
store. In practice only trusted data was processed.</p>
<p>Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox
ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1011</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1011</url>
<cvename>CVE-2025-1013</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1013</url>
<cvename>CVE-2025-1014</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1014</url>
<cvename>CVE-2025-1017</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1017</url>
</references>
<dates>
<discovery>2025-02-04</discovery>
<entry>2025-02-07</entry>
</dates>
</vuln>
<vuln vid="f7ca4ff7-e53f-11ef-a845-b42e991fc52e">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mozilla</name>
<range><lt>135.0.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169">
<p>Memory safety bugs present in Firefox 134 and Thunderbird 134. Some
of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to
run arbitrary code.</p>
<p>The fullscreen notification is prematurely hidden when fullscreen
is re-requested quickly by the user. This could have been leveraged
to perform a potential spoofing attack.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1018</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1018</url>
<cvename>CVE-2025-1019</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1019</url>
<cvename>CVE-2025-1020</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1020</url>
</references>
<dates>
<discovery>2025-02-04</discovery>
<entry>2025-02-07</entry>
</dates>
</vuln>
<vuln vid="e54a1413-e539-11ef-a845-b42e991fc52e">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>135.0.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>115.20,1</lt></range>
<range><gt>116.0,1</gt><lt>128.6,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.7</lt></range>
<range><gt>129</gt><lt>135</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994">
<p>An attacker could have caused a use-after-free via crafted XSLT
data, leading to a potentially exploitable crash.</p>
<p>An attacker could have caused a use-after-free via the Custom
Highlight API, leading to a potentially exploitable crash.</p>
<p>A race during concurrent delazification could have led to a
use-after-free.</p>
<p>Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox
ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird
128.6. Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have been
exploited to run arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1009</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1009</url>
<cvename>CVE-2025-1010</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1010</url>
<cvename>CVE-2025-1012</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1012</url>
<cvename>CVE-2025-1016</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1016</url>
</references>
<dates>
<discovery>2025-02-04</discovery>
<entry>2025-02-07</entry>
</dates>
</vuln>
<vuln vid="830381c7-e539-11ef-a845-b42e991fc52e">
<topic>Thundirbird -- unprivileged JavaScript code execution</topic>
<affects>
<package>
<name>mozilla</name>
<range><lt>128.7,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1939458">
<p>The Thunderbird Address Book URI fields contained unsanitized links.
This could be used by an attacker to create and export an address
book containing a malicious payload in a field. For example, in
the Other field of the Instant Messaging section. If another user
imported the address book, clicking on the link could result in
opening a web page inside Thunderbird, and that page could execute
(unprivileged) JavaScript.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-1015</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2025-1015</url>
</references>
<dates>
<discovery>2025-02-04</discovery>
<entry>2025-02-07</entry>
</dates>
</vuln>
<vuln vid="7bcfca95-e563-11ef-873e-8447094a420f">
<topic>MariaDB -- DoS vulnerability in InnoDB</topic>
<affects>
<package>
<name>mariadb105-server</name>
<range><lt>10.5.28</lt></range>
</package>
<package>
<name>mariadb106-server</name>
<range><lt>10.6.21</lt></range>
</package>
<package>
<name>mariadb1011-server</name>
<range><lt>10.11.11</lt></range>
</package>
<package>
<name>mariadb114-server</name>
<range><lt>11.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MariaDB reports:</p>
<blockquote cite="https://mariadb.com/kb/en/security/">
<p>Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-21490</cvename>
<url>http://mariadb.com/kb/en/security/</url>
</references>
<dates>
<discovery>2025-02-04</discovery>
<entry>2025-02-07</entry>
</dates>
</vuln>
<vuln vid="c10b639c-e51c-11ef-9e76-4ccc6adda413">
<topic>libcaca -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>libcaca</name>
<range><lt>0.99.b20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Sam Hocevar reports:</p>
<blockquote cite="https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20">
<p>Multiple memory leaks and invalid memory accesses:</p>
<ul>
<li>CVE-2018-20545: Illegal WRITE memory access at common-image.c</li>
<li>CVE-2018-20546: Illegal READ memory access at caca/dither.c</li>
<li>CVE-2018-20547: Illegal READ memory access at caca/dither.c</li>
<li>CVE-2018-20548: Illegal WRITE memory access at common-image.c</li>
<li>CVE-2018-20549: Illegal WRITE memory access at caca/file.c</li>
<li>CVE-2021-3410: Buffer overflow in libcaca/caca/canvas.c in function caca_resize</li>
<li>CVE-2021-30498: Heap buffer overflow in export.c in function export_tga</li>
<li>CVE-2021-30499: Buffer overflow in export.c in function export_troff</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2018-20545</cvename>
<cvename>CVE-2018-20546</cvename>
<cvename>CVE-2018-20547</cvename>
<cvename>CVE-2018-20548</cvename>
<cvename>CVE-2018-20549</cvename>
<cvename>CVE-2021-3410</cvename>
<cvename>CVE-2021-30498</cvename>
<cvename>CVE-2021-30499</cvename>
<url>https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20</url>
</references>
<dates>
<discovery>2021-10-19</discovery>
<entry>2025-02-07</entry>
</dates>
</vuln>
<vuln vid="e7974ca5-e4c8-11ef-aab3-40b034429ecf">
<topic>cacti -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>cacti</name>
<range><lt>1.2.29</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cacti repo reports:</p>
<blockquote cite="https://github.com/Cacti/cacti/releases/tag/release%2F1.2.29">
<ul>
<li>security #GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses</li>
<li>security #GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API</li>
<li>security #GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices</li>
<li>security #GHSA-fxrq-fr7h-9rqq: Arbitrary File Creation leading to RCE</li>
<li>security #GHSA-pv2c-97pp-vxwg: Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path</li>
<li>security #GHSA-vj9g-p7f2-4wqj: SQL Injection vulnerability when view host template</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-22604</cvename>
<cvename>CVE-2025-24368</cvename>
<cvename>CVE-2024-54145</cvename>
<cvename>CVE-2025-24367</cvename>
<cvename>CVE-2024-45598</cvename>
<cvename>CVE-2024-54146</cvename>
</references>
<dates>
<discovery>2025-02-02</discovery>
<entry>2025-02-05</entry>
</dates>
</vuln>
<vuln vid="9761af78-e3e4-11ef-9f4a-589cfc10a551">
<topic>nginx-devel -- SSL session reuse vulnerability</topic>
<affects>
<package>
<name>nginx-devel</name>
<range><lt>1.27.4</lt></range>
</package>
<package>
<name>nginx</name>
<range><lt>1.26.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx development team reports:</p>
<blockquote cite="http://nginx.org/en/security_advisories.html">
<p>This update fixes the SSL session reuse vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-23419</cvename>
</references>
<dates>
<discovery>2025-02-05</discovery>
<entry>2025-02-05</entry>
</dates>
</vuln>
<vuln vid="72b8729e-e134-11ef-9e76-4ccc6adda413">
<topic>qt6-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt6-webengine</name>
<range><lt>6.8.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based">
<p>Backports for 9 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-12693: Out of bounds memory access in V8</li>
<li>CVE-2024-12694: Use after free in Compositing</li>
<li>CVE-2025-0436: Integer overflow in Skia</li>
<li>CVE-2025-0437: Out of bounds read in Metrics</li>
<li>CVE-2025-0438: Stack buffer overflow in Tracing</li>
<li>CVE-2025-0441: Inappropriate implementation in Fenced Frames</li>
<li>CVE-2025-0443: Insufficient data validation in Extensions</li>
<li>CVE-2025-0447: Inappropriate implementation in Navigation</li>
<li>CVE-2025-0611: Object corruption in V8</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12693</cvename>
<cvename>CVE-2024-12694</cvename>
<cvename>CVE-2025-0436</cvename>
<cvename>CVE-2025-0437</cvename>
<cvename>CVE-2025-0438</cvename>
<cvename>CVE-2025-0441</cvename>
<cvename>CVE-2025-0443</cvename>
<cvename>CVE-2025-0447</cvename>
<cvename>CVE-2025-0611</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based</url>
</references>
<dates>
<discovery>2025-01-09</discovery>
<entry>2025-02-02</entry>
</dates>
</vuln>
<vuln vid="186101b4-dfa6-11ef-8c1c-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>132.0.6834.159</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>132.0.6834.159</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[384844003] Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0762</cvename>
<url>https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html</url>
</references>
<dates>
<discovery>2025-01-18</discovery>
<entry>2025-01-31</entry>
</dates>
</vuln>
<vuln vid="cd2ace09-df23-11ef-a205-901b0e9408dc">
<topic>dendrite -- Server-side request forgery vulnerability</topic>
<affects>
<package>
<name>dendrite</name>
<range><lt>0.14.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dendrite team reports:</p>
<blockquote cite="https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822">
<p>This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-52594</cvename>
<url>https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822</url>
</references>
<dates>
<discovery>2025-01-16</discovery>
<entry>2025-01-30</entry>
</dates>
</vuln>
<vuln vid="2830b374-debd-11ef-87ba-002590c1f29c">
<topic>FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.2</ge><lt>14.2_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>In some cases, the ktrace facility will log the contents of
kernel structures to userspace. In one such case, ktrace dumps a
variable-sized sockaddr to userspace. There, the full sockaddr is
copied, even when it is shorter than the full size. This can result
in up to 14 uninitialized bytes of kernel memory being copied out
to userspace.</p>
<h1>Impact:</h1>
<p>It is possible for an unprivileged userspace program to leak
14 bytes of a kernel heap allocation to userspace.</p>
</body>
</description>
<references>
<cvename>CVE-2025-0662</cvename>
<freebsdsa>SA-25:04.ktrace</freebsdsa>
</references>
<dates>
<discovery>2025-01-29</discovery>
<entry>2025-01-30</entry>
</dates>
</vuln>
<vuln vid="fa9ae646-debc-11ef-87ba-002590c1f29c">
<topic>FreeBSD -- Unprivileged access to system files</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.2</ge><lt>14.2_1</lt></range>
<range><ge>14.1</ge><lt>14.1_7</lt></range>
<range><ge>13.4</ge><lt>13.4_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>When etcupdate encounters conflicts while merging files, it
saves a version containing conflict markers in /var/db/etcupdate/conflicts.
This version does not preserve the mode of the input file, and is
world-readable. This applies to files that would normally have
restricted visibility, such as /etc/master.passwd.</p>
<h1>Impact:</h1>
<p>An unprivileged local user may be able to read encrypted root
and user passwords from the temporary master.passwd file created
in /var/db/etcupdate/conflicts. This is possible only when conflicts
within the password file arise during an update, and the unprotected
file is deleted when conflicts are resolved.</p>
</body>
</description>
<references>
<cvename>CVE-2025-0374</cvename>
<freebsdsa>SA-25:03.etcupdate</freebsdsa>
</references>
<dates>
<discovery>2025-01-29</discovery>
<entry>2025-01-30</entry>
</dates>
</vuln>
<vuln vid="ab0cbe3f-debc-11ef-87ba-002590c1f29c">
<topic>FreeBSD -- Buffer overflow in some filesystems via NFS</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.2</ge><lt>14.2_1</lt></range>
<range><ge>14.1</ge><lt>14.1_7</lt></range>
<range><ge>13.4</ge><lt>13.4_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>In order to export a file system via NFS, the file system must
define a file system identifier (FID) for all exported files. Each
FreeBSD file system implements operations to translate between FIDs
and vnodes, the kernel's in-memory representation of files. These
operations are VOP_VPTOFH(9) and VFS_FHTOVP(9).</p>
<p>On 64-bit systems, the implementation of VOP_VPTOFH() in the
cd9660, tarfs and ext2fs filesystems overflows the destination FID
buffer by 4 bytes, a stack buffer overflow.</p>
<h1>Impact:</h1>
<p>A NFS server that exports a cd9660, tarfs, or ext2fs file system
can be made to panic by mounting and accessing the export with an
NFS client. Further exploitation (e.g., bypassing file permission
checking or remote kernel code execution) is potentially possible,
though this has not been demonstrated. In particular, release
kernels are compiled with stack protection enabled, and some instances
of the overflow are caught by this mechanism, causing a panic.</p>
</body>
</description>
<references>
<cvename>CVE-2025-0373</cvename>
<freebsdsa>SA-25:02.fs</freebsdsa>
</references>
<dates>
<discovery>2025-01-29</discovery>
<entry>2025-01-30</entry>
</dates>
</vuln>
<vuln vid="69e19c0b-debc-11ef-87ba-002590c1f29c">
<topic>FreeBSD -- OpenSSH Keystroke Obfuscation Bypass</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>A logic error in the ssh(1) ObscureKeystrokeTiming feature (on
by default) rendered this feature ineffective.</p>
<h1>Impact:</h1>
<p>A passive observer could detect which network packets contain
real keystrokes, and infer the specific characters being transmitted
from packet timing.</p>
</body>
</description>
<references>
<cvename>CVE-2024-39894</cvename>
<freebsdsa>SA-25:01.openssh</freebsdsa>
</references>
<dates>
<discovery>2025-01-29</discovery>
<entry>2025-01-30</entry>
</dates>
</vuln>
<vuln vid="258a58a9-6583-4808-986b-e785c27b0a18">
<topic>oauth2-proxy -- Non-linear parsing of case-insensitive content</topic>
<affects>
<package>
<name>oauth2-proxy</name>
<range><lt>7.8.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Golang reports:</p>
<blockquote cite="https://github.com/advisories/GHSA-w32m-9786-jp63">
<p>This update include security fixes:</p>
<ul>
<li>CVE-2024-45338: Non-linear parsing of case-insensitive content</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-45338</cvename>
</references>
<dates>
<discovery>2025-01-14</discovery>
<entry>2025-01-30</entry>
</dates>
</vuln>
<vuln vid="41711c0d-db27-11ef-873e-8447094a420f">
<topic>Vaultwarden -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>vaultwarden</name>
<range><lt>1.33.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Vaultwarden project reports:</p>
<blockquote cite="https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0">
<p>RCE in the admin panel.</p>
<p>Getting access to the Admin Panel via CSRF.</p>
<p>Escalation of privilege via variable confusion in OrgHeaders trait.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-24364</cvename>
<url>https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797</url>
<cvename>CVE-2025-24365</cvename>
<url>https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h6cc-rc6q-23j4</url>
</references>
<dates>
<discovery>2025-01-25</discovery>
<entry>2025-01-25</entry>
</dates>
</vuln>
<vuln vid="c53cd328-8131-4fc2-a083-a9e9d45e3028">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>132.0.6834.110</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>132.0.6834.110</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[386143468] High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26</li>
<li>[385155406] High CVE-2025-0612: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-20</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0611</cvename>
<cvename>CVE-2025-0612</cvename>
<url>https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html</url>
</references>
<dates>
<discovery>2025-01-22</discovery>
<entry>2025-01-25</entry>
</dates>
</vuln>
<vuln vid="756839e1-cd78-4082-9f9e-d0da616ca8dd">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>132.0.6834.83</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>132.0.6834.83</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html">
<p>This update includes 16 security fixes:</p>
<ul>
<li>[374627491] High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21</li>
<li>[379652406] High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18</li>
<li>[382786791] High CVE-2025-0436: Integer overflow in Skia. Reported by Han Zheng (HexHive) on 2024-12-08</li>
<li>[378623799] High CVE-2025-0437: Out of bounds read in Metrics. Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-11-12</li>
<li>[384186539] High CVE-2025-0438: Stack buffer overflow in Tracing. Reported by Han Zheng (HexHive) on 2024-12-15</li>
<li>[371247941] Medium CVE-2025-0439: Race in Frames. Reported by Hafiizh on 2024-10-03</li>
<li>[40067914] Medium CVE-2025-0440: Inappropriate implementation in Fullscreen. Reported by Umar Farooq on 2023-07-22</li>
<li>[368628042] Medium CVE-2025-0441: Inappropriate implementation in Fenced Frames. Reported by someoneverycurious on 2024-09-21</li>
<li>[40940854] Medium CVE-2025-0442: Inappropriate implementation in Payments. Reported by Ahmed ElMasry on 2023-11-08</li>
<li>[376625003] Medium CVE-2025-0443: Insufficient data validation in Extensions. Reported by Anonymous on 2024-10-31</li>
<li>[359949844] Low CVE-2025-0446: Inappropriate implementation in Extensions. Reported by Hafiizh on 2024-08-15</li>
<li>[375550814] Low CVE-2025-0447: Inappropriate implementation in Navigation. Reported by Khiem Tran (@duckhiem) on 2024-10-25</li>
<li>[377948403] Low CVE-2025-0448: Inappropriate implementation in Compositing. Reported by Dahyeon Park on 2024-11-08</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0434</cvename>
<cvename>CVE-2025-0435</cvename>
<cvename>CVE-2025-0436</cvename>
<cvename>CVE-2025-0437</cvename>
<cvename>CVE-2025-0438</cvename>
<cvename>CVE-2025-0439</cvename>
<cvename>CVE-2025-0440</cvename>
<cvename>CVE-2025-0441</cvename>
<cvename>CVE-2025-0442</cvename>
<cvename>CVE-2025-0443</cvename>
<cvename>CVE-2025-0446</cvename>
<cvename>CVE-2025-0447</cvename>
<cvename>CVE-2025-0448</cvename>
<url>https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html</url>
</references>
<dates>
<discovery>2025-01-14</discovery>
<entry>2025-01-25</entry>
</dates>
</vuln>
<vuln vid="ef303b6a-7d9e-4e28-b92e-21f39d519d9e">
<topic>electron32 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron32</name>
<range><lt>32.3.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v32.3.0">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-12693.</li>
<li>Security: backported fix for CVE-2024-12694.</li>
<li>Security: backported fix for CVE-2024-12695.</li>
<li>Security: backported fix for CVE-2025-0434.</li>
<li>Security: backported fix for CVE-2025-0436.</li>
<li>Security: backported fix for CVE-2025-0437.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12693</cvename>
<url>https://github.com/advisories/GHSA-m84q-p89f-6cc5</url>
<cvename>CVE-2024-12694</cvename>
<url>https://github.com/advisories/GHSA-cgc6-4xgf-5q5x</url>
<cvename>CVE-2024-12695</cvename>
<url>https://github.com/advisories/GHSA-6895-2frg-pq5j</url>
<cvename>CVE-2025-0434</cvename>
<url>https://github.com/advisories/GHSA-fpmx-pfpg-92xg</url>
<cvename>CVE-2025-0436</cvename>
<url>https://github.com/advisories/GHSA-ww3g-8h77-wr7v</url>
<cvename>CVE-2025-0437</cvename>
<url>https://github.com/advisories/GHSA-4353-vp82-4qq4</url>
</references>
<dates>
<discovery>2025-01-23</discovery>
<entry>2025-01-25</entry>
</dates>
</vuln>
<vuln vid="2def27c7-7dd0-42cb-adf6-8e5a7afe4db3">
<topic>electron33 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron33</name>
<range><lt>33.3.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v33.3.2">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2025-0434.</li>
<li>Security: backported fix for CVE-2025-0436.</li>
<li>Security: backported fix for CVE-2025-0437.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0434</cvename>
<url>https://github.com/advisories/GHSA-fpmx-pfpg-92xg</url>
<cvename>CVE-2025-0436</cvename>
<url>https://github.com/advisories/GHSA-ww3g-8h77-wr7v</url>
<cvename>CVE-2025-0437</cvename>
<url>https://github.com/advisories/GHSA-4353-vp82-4qq4</url>
</references>
<dates>
<discovery>2025-01-22</discovery>
<entry>2025-01-23</entry>
</dates>
</vuln>
<vuln vid="24c93a28-d95b-11ef-b6b2-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.8.0</ge><lt>17.8.1</lt></range>
<range><ge>17.7.0</ge><lt>17.7.3</lt></range>
<range><ge>15.7.0</ge><lt>17.6.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/">
<p>Stored XSS via Asciidoctor render</p>
<p>Developer could exfiltrate protected CI/CD variables via CI lint</p>
<p>Cyclic reference of epics leads resource exhaustion</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0314</cvename>
<cvename>CVE-2024-11931</cvename>
<cvename>CVE-2024-6324</cvename>
<url>https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/</url>
</references>
<dates>
<discovery>2025-01-22</discovery>
<entry>2025-01-23</entry>
</dates>
</vuln>
<vuln vid="1e109b60-d92e-11ef-a661-08002784c58d">
<topic>clamav -- Possbile denial-of-service vulnerability</topic>
<affects>
<package>
<name>clamav</name>
<range><ge>1.0.0,1</ge><lt>1.4.2,1</lt></range>
</package>
<package>
<name>clamav-lts</name>
<range><ge>1.0.0,1</ge><lt>1.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The ClamAV project reports:</p>
<blockquote cite="https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html">
<p>
A possible buffer overflow read bug is found in the OLE2
file parser that could cause a denial-of-service (DoS)
condition.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-20128</cvename>
<url>https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html</url>
</references>
<dates>
<discovery>2025-01-22</discovery>
<entry>2025-01-23</entry>
</dates>
</vuln>
<vuln vid="7d17676d-4828-4a43-85d6-1ee14362de6e">
<topic>electron32 -- Type Confusion in V8</topic>
<affects>
<package>
<name>electron32</name>
<range><lt>32.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v32.2.8">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-12053.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12053</cvename>
<url>https://github.com/advisories/GHSA-wvx7-72hc-rp32</url>
</references>
<dates>
<discovery>2025-01-06</discovery>
<entry>2025-01-22</entry>
</dates>
</vuln>
<vuln vid="704aa72a-d840-11ef-a205-901b0e9408dc">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go122</name>
<range><lt>1.22.11</lt></range>
</package>
<package>
<name>go123</name>
<range><lt>1.23.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://go.dev/issue/71156">
<p>crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints</p>
<p>A certificate with a URI which has a IPv6 address with a
zone ID may incorrectly satisfy a URI name constraint that
applies to the certificate chain.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/70530">
<p>net/http: sensitive headers incorrectly sent after cross-domain redirect</p>
<p>The HTTP client drops sensitive headers after following a
cross-domain redirect. For example, a request to a.com/
containing an Authorization header which is redirected to
b.com/ will not send that header to b.com.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-45341</cvename>
<cvename>CVE-2024-45336</cvename>
<url>https://go.dev/issue/71156</url>
<url>https://go.dev/issue/70530</url>
</references>
<dates>
<discovery>2025-01-07</discovery>
<entry>2025-01-21</entry>
</dates>
</vuln>
<vuln vid="3161429b-3897-4593-84a0-b41ffbbfa36b">
<topic>electron31 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron31</name>
<range><lt>31.7.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v31.7.7">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-12053.</li>
<li>Security: backported fix for CVE-2024-12693.</li>
<li>Security: backported fix for CVE-2024-12694.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12053</cvename>
<url>https://github.com/advisories/GHSA-wvx7-72hc-rp32</url>
<cvename>CVE-2024-12693</cvename>
<url>https://github.com/advisories/GHSA-m84q-p89f-6cc5</url>
<cvename>CVE-2024-12694</cvename>
<url>https://github.com/advisories/GHSA-cgc6-4xgf-5q5x</url>
</references>
<dates>
<discovery>2025-01-14</discovery>
<entry>2025-01-20</entry>
</dates>
</vuln>
<vuln vid="d9b0fea0-d564-11ef-b9bc-d05099c0ae8c">
<topic>age -- age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution</topic>
<affects>
<package>
<name>age</name>
<range><lt>1.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Filippo Valsorda reports:</p>
<blockquote cite="https://github.com/advisories/GHSA-32gq-x56h-299c">
<p>A plugin name containing a path separator may allow an
attacker to execute an arbitrary binary.</p>
<p>Such a plugin name can be provided to the age CLI through
an attacker-controlled recipient or identity string, or to
the plugin.NewIdentity, plugin.NewIdentityWithoutData, or
plugin.NewRecipient APIs.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/advisories/GHSA-32gq-x56h-299c</url>
</references>
<dates>
<discovery>2024-12-18</discovery>
<entry>2025-01-18</entry>
</dates>
</vuln>
<vuln vid="47bc292a-d472-11ef-aaab-7d43732cb6f5">
<topic>openvpn -- too long a username or password from a client can confuse openvpn servers</topic>
<affects>
<package>
<name>openvpn</name>
<range><lt>2.6.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Frank Lichtenheld reports:</p>
<blockquote cite="https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13">
<p>[OpenVPN v2.6.13 ...] improve server-side handling of clients sending
usernames or passwords longer than USER_PASS_LEN - this would not
result in a crash, buffer overflow or other security issues, but the
server would then misparse incoming IV variables and produce misleading
error messages.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13</url>
</references>
<dates>
<discovery>2024-10-28</discovery>
<entry>2025-01-17</entry>
</dates>
</vuln>
<vuln vid="163edccf-d2ba-11ef-b10e-589cfc10a551">
<topic>rsync -- Multiple security fixes</topic>
<affects>
<package>
<name>rsync</name>
<range><lt>3.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>rsync reports:</p>
<blockquote cite="https://kb.cert.org/vuls/id/952657">
<p>This update includes multiple security fixes:</p>
<ul>
<li>CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing</li>
<li>CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR</li>
<li>CVE-2024-12086: Server leaks arbitrary client files</li>
<li>CVE-2024-12087: Server can make client write files outside of destination directory using symbolic links</li>
<li>CVE-2024-12088: --safe-links Bypass</li>
<li>CVE-2024-12747: symlink race condition</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-12084</cvename>
<cvename>CVE-2024-12085</cvename>
<cvename>CVE-2024-12086</cvename>
<cvename>CVE-2024-12087</cvename>
<cvename>CVE-2024-12088</cvename>
<cvename>CVE-2024-12747</cvename>
</references>
<dates>
<discovery>2025-01-14</discovery>
<entry>2025-01-14</entry>
</dates>
</vuln>
<vuln vid="3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8">
<topic>git -- multiple vulnerabilities</topic>
<affects>
<package>
<name>git</name>
<name>git-cvs</name>
<name>git-gui</name>
<name>git-p4</name>
<name>git-svn</name>
<range><lt>2.48.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Git development team reports:</p>
<blockquote cite="https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/">
<p>CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the
user susceptible to crafted URLs (e.g. in recursive clones) that
mislead the user into typing in passwords for trusted sites that
would then be sent to untrusted sites instead.</p>
<p>CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to
credential helpers which use line-reading functions that
interpret said Carriage Returns as line endings, even though Git
did not intend that.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-50349</cvename>
<url>https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr</url>
<cvename>CVE-2024-52006</cvename>
<url>https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp</url>
</references>
<dates>
<discovery>2024-10-29</discovery>
<entry>2025-01-14</entry>
</dates>
</vuln>
<vuln vid="5e2bd238-d2bb-11ef-bc0e-1c697a616631">
<topic>keycloak -- Multiple security fixes</topic>
<affects>
<package>
<name>keycloak</name>
<range><lt>26.0.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Keycloak reports:</p>
<blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>CVE-2024-11734: Unrestricted admin use of system and environment variables</li>
<li>CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-11734</cvename>
<cvename>CVE-2024-11736</cvename>
</references>
<dates>
<discovery>2025-01-13</discovery>
<entry>2025-01-13</entry>
</dates>
</vuln>
<vuln vid="7624c151-d116-11ef-b232-b42e991fc52e">
<topic>asterisk - path traversal</topic>
<affects>
<package>
<name>asterisk18</name>
<range><lt>18.26.2</lt></range>
</package>
<package>
<name>asterisk20</name>
<range><lt>20.11.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616">
<p>An issue in the action_listcategories() function of Sangoma Asterisk
v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
execute a path traversal.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-53566</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-53566</url>
</references>
<dates>
<discovery>2024-12-02</discovery>
<entry>2025-01-12</entry>
</dates>
</vuln>
<vuln vid="4d79fd1a-cc93-11ef-abed-08002784c58d">
<topic>redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors</topic>
<affects>
<package>
<name>redis</name>
<range><ge>7.0.0</ge><lt>7.4.2</lt></range>
</package>
<package>
<name>redis72</name>
<range><lt>7.2.7</lt></range>
</package>
<package>
<name>redis-devel</name>
<range><lt>7.4.2.20250201</lt></range>
</package>
<package>
<name>valkey</name>
<range><lt>8.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Redis core team reports:</p>
<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9">
<p>
An authenticated with sufficient privileges may create a
malformed ACL selector which, when accessed, triggers a
server panic and subsequent denial of service.The problem
exists in Redis 7.0.0 or newer.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-51741</cvename>
<url>https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9</url>
</references>
<dates>
<discovery>2025-01-06</discovery>
<entry>2025-01-10</entry>
</dates>
</vuln>
<vuln vid="5f19ac58-cc90-11ef-abed-08002784c58d">
<topic>redis,valkey -- Remote code execution valnerability</topic>
<affects>
<package>
<name>redis</name>
<range><lt>7.4.2</lt></range>
</package>
<package>
<name>redis72</name>
<range><lt>7.2.7</lt></range>
</package>
<package>
<name>redis62</name>
<range><lt>6.2.17</lt></range>
</package>
<package>
<name>redis-devel</name>
<range><lt>7.4.2.20250201</lt></range>
</package>
<package>
<name>valkey</name>
<range><lt>8.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Redis core team reports:</p>
<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c">
<p>
An authenticated user may use a specially crafted Lua
script to manipulate the garbage collector and potentially
lead to remote code execution. The problem exists in all
versions of Redis with Lua scripting.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-46981</cvename>
<url>https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c</url>
</references>
<dates>
<discovery>2025-01-06</discovery>
<entry>2025-01-10</entry>
</dates>
</vuln>
<vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.7.0</ge><lt>17.7.1</lt></range>
<range><ge>17.6.0</ge><lt>17.6.3</lt></range>
<range><ge>11.0.0</ge><lt>17.5.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/">
<p>Possible access token exposure in GitLab logs</p>
<p>Cyclic reference of epics leads resource exhaustion</p>
<p>Unauthorized user can manipulate status of issues in public projects</p>
<p>Instance SAML does not respect external_provider configuration</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0194</cvename>
<cvename>CVE-2024-6324</cvename>
<cvename>CVE-2024-12431</cvename>
<cvename>CVE-2024-13041</cvename>
<url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url>
</references>
<dates>
<discovery>2025-01-08</discovery>
<entry>2025-01-08</entry>
</dates>
</vuln>

File Metadata

Mime Type
text/x-diff
Expires
Sun, Mar 29, 1:26 PM (1 d, 16 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28218305
Default Alt Text
(394 KB)

Event Timeline