diff options
Diffstat (limited to 'security/vuxml/vuln/2025.xml')
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 140 |
1 files changed, 139 insertions, 1 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 108eb8d5a251..0a19623ed18f 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,141 @@ + <vuln vid="340dc4c1-895a-11f0-b6e5-4ccc6adda413"> + <topic>exiv2 -- Denial-of-service</topic> + <affects> + <package> + <name>exiv2</name> + <range><lt>0.28.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kevin Backhouse reports:</p> + <blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g"> + <p>A denial-of-service was found in Exiv2 version v0.28.5: a quadratic + algorithm in the ICC profile parsing code in jpegBase::readMetadata() + can cause Exiv2 to run for a long time. Exiv2 is a command-line utility + and C++ library for reading, writing, deleting, and modifying the + metadata of image files. The denial-of-service is triggered when Exiv2 + is used to read the metadata of a crafted jpg image file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-55304</cvename> + <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g</url> + </references> + <dates> + <discovery>2025-08-29</discovery> + <entry>2025-09-04</entry> + </dates> + </vuln> + + <vuln vid="84a77710-8958-11f0-b6e5-4ccc6adda413"> + <topic>exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()</topic> + <affects> + <package> + <name>exiv2</name> + <range><lt>0.28.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kevin Backhouse reports:</p> + <blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39"> + <p>An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. + Exiv2 is a command-line utility and C++ library for reading, writing, + deleting, and modifying the metadata of image files. The out-of-bounds + read is triggered when Exiv2 is used to write metadata into a crafted + image file. An attacker could potentially exploit the vulnerability to + cause a denial of service by crashing Exiv2, if they can trick the victim + into running Exiv2 on a crafted image file.</p> + <p>Note that this bug is only triggered when writing the metadata, which + is a less frequently used Exiv2 operation than reading the metadata. For + example, to trigger the bug in the Exiv2 command-line application, you + need to add an extra command-line argument such as delete.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-54080</cvename> + <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39</url> + </references> + <dates> + <discovery>2025-08-29</discovery> + <entry>2025-09-04</entry> + </dates> + </vuln> + + <vuln vid="0db8684f-8938-11f0-8325-bc2411f8eb0b"> + <topic>Django -- multiple vulnerabilities</topic> + <affects> + <package> + <name>py39-django42</name> + <name>py310-django42</name> + <name>py311-django42</name> + <range><lt>4.2.24</lt></range> + </package> + <package> + <name>py310-django51</name> + <name>py311-django51</name> + <range><lt>5.1.12</lt></range> + </package> + <package> + <name>py310-django52</name> + <name>py311-django52</name> + <range><lt>5.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Django reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2025/sep/03/security-releases/"> + <p>CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-57833</cvename> + <url>https://www.djangoproject.com/weblog/2025/sep/03/security-releases/</url> + </references> + <dates> + <discovery>2025-09-01</discovery> + <entry>2025-09-04</entry> + </dates> + </vuln> + + <vuln vid="9f9b0b37-88fa-11f0-90a2-6cc21735f730"> + <topic>Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin</topic> + <affects> + <package> + <name>shibboleth-sp</name> + <range><lt>3.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Internet2 reports:</p> + <blockquote cite="https://shibboleth.net/community/advisories/secadv_20250903.txt"> + <p>The Shibboleth Service Provider includes a storage API usable + for a number of different use cases such as the session cache, + replay cache, and relay state management. An ODBC extension + plugin is provided with some distributions of the software + (notably on Windows).</p> + <p>A SQL injection vulnerability was identified in some of the + queries issued by the plugin, and this can be creatively + exploited through specially crafted inputs to exfiltrate + information stored in the database used by the SP.</p> + </blockquote> + </body> + </description> + <references> + <url>https://shibboleth.net/community/advisories/secadv_20250903.txt</url> + </references> + <dates> + <discovery>2025-09-03</discovery> + <entry>2025-09-03</entry> + </dates> + </vuln> + <vuln vid="aaa060af-88d6-11f0-a294-b0416f0c4c67"> <topic>Vieb -- Remote Code Execution via Visiting Untrusted URLs</topic> <affects> @@ -2095,7 +2233,7 @@ <affects> <package> <name>libxslt</name> - <range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed --> + <range><lt>1.1.43_2</lt></range> <!-- adjust should libxslt ever be fixed --> </package> <package> <name>linux-c7-libxslt</name> |