diff options
Diffstat (limited to 'security/vuxml/vuln/2025.xml')
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 680 |
1 files changed, 679 insertions, 1 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index a9af758de7a4..14393c4e4738 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,681 @@ + <vuln vid="45eb98d6-3b13-11f0-97f7-b42e991fc52e"> + <topic>grafana -- XSS vulnerability</topic> + <affects> + <package> + <name>grafana</name> + <range><lt>12.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@grafana.com reports:</p> + <blockquote cite="https://grafana.com/security/security-advisories/cve-2025-4123/"> + <p>A cross-site scripting (XSS) vulnerability exists in Grafana caused + by combining a client path traversal and open redirect. This allows + attackers to redirect users to a website that hosts a frontend + plugin that will execute arbitrary JavaScript. This vulnerability + does not require editor permissions and if anonymous access is + enabled, the XSS will work. If the Grafana Image Renderer plugin + is installed, it is possible to exploit the open redirect to achieve + a full read SSRF. + + The default Content-Security-Policy (CSP) in Grafana will block the + XSS though the `connect-src` directive.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4123</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4123</url> + </references> + <dates> + <discovery>2025-05-22</discovery> + <entry>2025-05-27</entry> + </dates> + </vuln> + + <vuln vid="e587b52d-38ac-11f0-b7b6-dcfe074bd614"> + <topic>cpython -- Use-after-free in "unicode_escape" decoder with error handler</topic> + <affects> + <package> + <name>python39</name> + <range><lt>3.9.22_1</lt></range> + </package> + <package> + <name>python310</name> + <range><lt>3.10.17_1</lt></range> + </package> + <package> + <name>python311</name> + <range><lt>3.11.12_1</lt></range> + </package> + <package> + <name>python312</name> + <range><lt>3.12.10_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@python.org reports:</p> + <blockquote cite="https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142"> + <p>There is an issue in CPython when using + `bytes.decode("unicode_escape", + error="ignore|replace")`. If you are not using the + "unicode_escape" encoding or an error handler your + usage is not affected. To work-around this issue you may stop + using the error= handler and instead wrap the bytes.decode() + call in a try-except catching the DecodeError.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4516</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4516</url> + </references> + <dates> + <discovery>2025-05-15</discovery> + <entry>2025-05-24</entry> + </dates> + </vuln> + + <vuln vid="5baa64d6-37ee-11f0-a116-8447094a420f"> + <topic>OpenSSL -- Inverted security logic in x509 app</topic> + <affects> + <package> + <name>openssl35</name> + <range><lt>3.5.0_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The OpenSSL project reports:</p> + <blockquote cite="https://openssl-library.org/news/secadv/20250522.txt"> + <p>The x509 application adds trusted use instead of rejected use (low)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4575</cvename> + <url>https://openssl-library.org/news/secadv/20250522.txt</url> + </references> + <dates> + <discovery>2025-05-23</discovery> + <entry>2025-05-23</entry> + </dates> + </vuln> + + <vuln vid="6529e5e7-36d5-11f0-8f57-b42e991fc52e"> + <topic>Firefox -- memory corruption due to race condition</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>137.0.2,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1951554"> + <p>A race condition existed in nsHttpTransaction that could + have been exploited to cause memory corruption, potentially + leading to an exploitable condition.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-3608</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3608</url> + </references> + <dates> + <discovery>2025-04-15</discovery> + <entry>2025-05-22</entry> + </dates> + </vuln> + + <vuln vid="a1a1b0c2-3791-11f0-8600-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.0.0</ge><lt>18.0.1</lt></range> + <range><ge>17.11.0</ge><lt>17.11.3</lt></range> + <range><ge>10.2.0</ge><lt>17.10.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/"> + <p>Unprotected large blob endpoint in GitLab allows Denial of Service</p> + <p>Improper XPath validation allows modified SAML response to bypass 2FA requirement</p> + <p>A Discord webhook integration may cause DoS</p> + <p>Unbounded Kubernetes cluster tokens may lead to DoS</p> + <p>Unvalidated notes position may lead to Denial of Service</p> + <p>Hidden/masked variables may get exposed in the UI</p> + <p>Two-factor authentication requirement bypass</p> + <p>View full email addresses that should be partially obscured</p> + <p>Branch name confusion in confidential MRs</p> + <p>Unauthorized access to job data via a GraphQL query</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-0993</cvename> + <cvename>CVE-2024-12093</cvename> + <cvename>CVE-2024-7803</cvename> + <cvename>CVE-2025-3111</cvename> + <cvename>CVE-2025-2853</cvename> + <cvename>CVE-2025-4979</cvename> + <cvename>CVE-2025-0605</cvename> + <cvename>CVE-2025-0679</cvename> + <cvename>CVE-2024-9163</cvename> + <cvename>CVE-2025-1110</cvename> + <url>https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/</url> + </references> + <dates> + <discovery>2025-05-21</discovery> + <entry>2025-05-23</entry> + </dates> + </vuln> + + <vuln vid="4abd86c1-366d-11f0-9c0c-000c29ffbb6c"> + <topic>screen -- multiple vulnerabilities</topic> + <affects> + <package> + <name>screen</name> + <range><lt>5.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The screen project reports:</p> + <blockquote cite="https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html"> + <p>Multiple security issues in screen.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-46805</cvename> + <cvename>CVE-2025-46804</cvename> + <cvename>CVE-2025-46803</cvename> + <cvename>CVE-2025-46802</cvename> + <cvename>CVE-2025-23395</cvename> + <url>https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html</url> + </references> + <dates> + <discovery>2025-05-12</discovery> + <entry>2025-05-21</entry> + </dates> + </vuln> + + <vuln vid="07560111-34cc-11f0-af94-b42e991fc52e"> + <topic>firefox -- out-of-bounds read/write</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0.4,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.10.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1966614"> + <p>An attacker was able to perform an out-of-bounds read or + write on a JavaScript object by confusing array index sizes.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4918</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4918</url> + <cvename>CVE-2025-4919</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4919</url> + </references> + <dates> + <discovery>2025-05-17</discovery> + <entry>2025-05-19</entry> + </dates> + </vuln> + + <vuln vid="46594aa3-32f7-11f0-a116-8447094a420f"> + <topic>WeeChat -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>weechat</name> + <range><lt>4.6.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Weechat project reports:</p> + <blockquote cite="https://weechat.org/doc/weechat/security/"> + <p>Multiple integer and buffer overflows in WeeChat core.</p> + </blockquote> + </body> + </description> + <references> + <url>https://weechat.org/doc/weechat/security/</url> + </references> + <dates> + <discovery>2025-05-11</discovery> + <entry>2025-05-17</entry> + </dates> + </vuln> + + <vuln vid="79400d31-3166-11f0-8cb5-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>136.0.7103.113</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>136.0.7103.113</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html"> + <p>This update includes 4 security fixes:</p> + <ul> + <li>[415810136] High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser_ on 2025-05-05</li> + <li>[412578726] High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on 2025-04-22</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4664</cvename> + <cvename>CVE-2025-4609</cvename> + <url>https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html</url> + </references> + <dates> + <discovery>2025-05-14</discovery> + <entry>2025-05-15</entry> + </dates> + </vuln> + + <vuln vid="52efdd56-30bd-11f0-81be-b42e991fc52e"> + <topic>Mozilla -- memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.10</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105"> + <p>Memory safety bugs present in Firefox 137, Thunderbird 137, + Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs + showed evidence of memory corruption and we presume that + with enough effort some of these could have been exploited + to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4091</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4091</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-14</entry> + </dates> + </vuln> + + <vuln vid="4f17db64-30bd-11f0-81be-b42e991fc52e"> + <topic>Mozilla -- memory corruption</topic> + <affects> + <package> + <name>firefox-esr</name> + <range><lt>128.10</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1894100"> + <p>Memory safety bug present in Firefox ESR 128.9, and + Thunderbird 128.9. This bug showed evidence of memory + corruption and we presume that with enough effort this could + have been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4093</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4093</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-14</entry> + </dates> + </vuln> + + <vuln vid="6f10b49d-07b1-4be4-8abf-edf880b16ad2"> + <topic>vscode -- security feature bypass vulnerability</topic> + <affects> + <package> + <name>vscode</name> + <range><lt>1.100.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>VSCode developers report:</p> + <blockquote cite="https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm"> + <p>A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-21264</cvename> + <url>https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm</url> + <url>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264</url> + </references> + <dates> + <discovery>2025-05-13</discovery> + <entry>2025-05-14</entry> + </dates> + </vuln> + + <vuln vid="a96cd659-303e-11f0-94b5-54ee755069b5"> + <topic>libxslt -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libxslt</name> + <range><lt>1.1.43</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>[CVE-2024-55549] Fix UAF related to excluded namespaces</h1> + <blockquote cite="https://gitlab.gnome.org/GNOME/libxslt/-/issues/127"> + <p>xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.</p> + </blockquote> + <h1>[CVE-2025-24855] Fix use-after-free of XPath context node</h1> + <blockquote cite="https://gitlab.gnome.org/GNOME/libxslt/-/issues/128"> + <p>numbers.c in libxslt before 1.1.43 has a use-after-free because + , in nested XPath evaluations, an XPath context node can be + modified but never restored. This is related to + xsltNumberFormatGetValue, xsltEvalXPathPredicate, + xsltEvalXPathStringNs, and xsltComputeSortResultInternal.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-55549</cvename> + <cvename>CVE-2025-24855</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-55549</url> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-24855</url> + </references> + <dates> + <discovery>2025-03-13</discovery> + <entry>2025-05-13</entry> + </dates> + </vuln> + + <vuln vid="89c668d5-2f80-11f0-9632-641c67a117d8"> + <topic>www/varnish7 -- Request Smuggling Attack</topic> + <affects> + <package> + <name>varnish7</name> + <range><lt>7.7.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Varnish Development Team reports:</p> + <blockquote cite="https://varnish-cache.org/security/VSV00016.html"> + <p>A client-side desync vulnerability can be triggered in Varnish Cache + and Varnish Enterprise. This vulnerability can be triggered under + specific circumstances involving malformed HTTP/1 requests.</p> + <p>An attacker can abuse a flaw in Varnish's handling of chunked + transfer encoding which allows certain malformed HTTP/1 requests + to exploit improper framing of the message body to smuggle additional + requests. Specifically, Varnish incorrectly permits CRLF to be + skipped to delimit chunk boundaries.</p> + </blockquote> + </body> + </description> + <references> + <url>https://varnish-cache.org/security/VSV00016.html</url> + </references> + <dates> + <discovery>2025-05-12</discovery> + <entry>2025-05-12</entry> + </dates> + </vuln> + + <vuln vid="a8a1a8e7-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- memory corrupton</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367"> + <p>Memory safety bugs present in Firefox 137 and Thunderbird 137. + Some of these bugs showed evidence of memory corruption and + we presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4092</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4092</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="a59bd59e-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- insufficient character escaping</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198"> + <p>Due to insufficient escaping of special characters in the + "copy as cURL" feature, an attacker could trick + a user into using this command, potentially leading to local + code execution on the user's system.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4089</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4089</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="a4422500-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- Cross-Site Request Forgery</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1953521"> + <p>A security vulnerability in Thunderbird allowed malicious + sites to use redirects to send credentialed requests to + arbitrary endpoints on any site that had invoked the Storage + Access API. This enabled potential Cross-Site Request + Forgery attacks across origins.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4088</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4088</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="a2d5bd7b-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- XPath parsing undefined behavior</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.10,1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"> + <p>A vulnerability was identified in Thunderbird where XPath + parsing could trigger undefined behavior due to missing null + checks during attribute access. This could lead to + out-of-bounds read access and potentially, memory + corruption.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4087</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4087</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="9fa8c4a2-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- Information leak</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915280"> + <p>An attacker with control over a content process could + potentially leverage the privileged UITour actor to leak + sensitive information or escalate privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4085</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4085</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="9c37a02e-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- javescript content execution</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.10,1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1958350"> + <p>A process isolation vulnerability in Thunderbird stemmed + from improper handling of javascript: URIs, which could + allow content to execute in the top-level document's + process instead of the intended frame, potentially enabling + a sandbox escape.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4083</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4083</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + <vuln vid="6943cbf2-2d55-11f0-9471-2cf05da270f3"> <topic>Gitlab -- vulnerabilities</topic> <affects> @@ -4934,7 +5612,7 @@ <affects> <package> <name>asterisk18</name> - <range><lt>18.26.20</lt></range> + <range><lt>18.26.2</lt></range> </package> <package> <name>asterisk20</name> |