diff options
Diffstat (limited to 'security/vuxml/vuln')
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 730 |
1 files changed, 730 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 479b1cbd8d4d..d587a9dae0e9 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,733 @@ + <vuln vid="d7b7e505-8486-11f0-9d03-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.3.0</ge><lt>18.3.1</lt></range> + <range><ge>18.2.0</ge><lt>18.2.5</lt></range> + <range><ge>8.15.0</ge><lt>18.1.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/"> + <p>Allocation of Resources Without Limits issue in import function impacts GitLab CE/EE</p> + <p>Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE</p> + <p>Allocation of Resources Without Limits issue in GraphQL impacts GitLab CE/EE</p> + <p>Code injection issue in GitLab repositories impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-3601</cvename> + <cvename>CVE-2025-2246</cvename> + <cvename>CVE-2025-4225</cvename> + <cvename>CVE-2025-5101</cvename> + <url>https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/</url> + </references> + <dates> + <discovery>2025-08-27</discovery> + <entry>2025-08-29</entry> + </dates> + </vuln> + + <vuln vid="f727fe60-8389-11f0-8438-001b217e4ee5"> + <topic>ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options</topic> + <affects> + <package> + <name>kea</name> + <range><ge>3.0.0</ge><lt>3.0.1</lt></range> + </package> + <package> + <name>kea-devel</name> + <range><ge>3.1.0</ge><lt>3.1.1</lt></range> + <range><ge>2.7.1</ge><le>2.7.9</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Internet Systems Consortium, Inc. reports:</p> + <blockquote cite="https://kb.isc.org/docs/"> + <p>We corrected an issue in `kea-dhcp4` that caused + the server to abort if a client sent a broadcast request with particular + options, and Kea failed to find an appropriate subnet for that client. + This addresses CVE-2025-40779 [#4055, #4048].</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-40779</cvename> + </references> + <dates> + <discovery>2025-08-27</discovery> + <entry>2025-08-27</entry> + </dates> + </vuln> + + <vuln vid="2a11aa1e-83c7-11f0-b6e5-4ccc6adda413"> + <topic>qt6-base -- DoS in QColorTransferGenericFunction</topic> + <affects> + <package> + <name>qt6-base</name> + <range><lt>6.9.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Andy Shaw reports:</p> + <blockquote cite="https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt"> + <p>When passing values outside of the expected range to QColorTransferGenericFunction + it can cause a denial of service, for example, this can happen when passing a + specifically crafted ICC profile to QColorSpace::fromICCProfile.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-5992</cvename> + <url>https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt</url> + </references> + <dates> + <discovery>2025-07-11</discovery> + <entry>2025-08-28</entry> + </dates> + </vuln> + + <vuln vid="edf83c10-83b8-11f0-b6e5-4ccc6adda413"> + <topic>qt6-webengine -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>qt6-pdf</name> + <name>qt6-webengine</name> + <range><lt>6.9.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Qt qtwebengine-chromium repo reports:</p> + <blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based"> + <p>Backports for 25 security bugs in Chromium:</p> + <ul> + <li>CVE-2025-5063: Use after free in Compositing</li> + <li>CVE-2025-5064: Inappropriate implementation in Background Fetch</li> + <li>CVE-2025-5065: Inappropriate implementation in FileSystemAccess API</li> + <li>CVE-2025-5068: Use after free in Blink</li> + <li>CVE-2025-5280: Out of bounds write in V8</li> + <li>CVE-2025-5281: Inappropriate implementation in BFCache</li> + <li>CVE-2025-5283: Use after free in libvpx</li> + <li>CVE-2025-5419: Out of bounds read and write in V8</li> + <li>CVE-2025-6191: Integer overflow in V8</li> + <li>CVE-2025-6192: Use after free in Profiler</li> + <li>CVE-2025-6554: Type Confusion in V8</li> + <li>CVE-2025-6556: Insufficient policy enforcement in Loader</li> + <li>CVE-2025-6557: Insufficient data validation in DevTools</li> + <li>CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU</li> + <li>CVE-2025-7656: Integer overflow in V8</li> + <li>CVE-2025-7657: Use after free in WebRTC</li> + <li>CVE-2025-8010: Type Confusion in V8</li> + <li>CVE-2025-8576: Use after free in Extensions</li> + <li>CVE-2025-8578: Use after free in Cast</li> + <li>CVE-2025-8580: Inappropriate implementation in Filesystems</li> + <li>CVE-2025-8582: Insufficient validation of untrusted input in DOM</li> + <li>CVE-2025-8879: Heap buffer overflow in libaom</li> + <li>CVE-2025-8880: Race in V8</li> + <li>CVE-2025-8881: Inappropriate implementation in File Picker</li> + <li>CVE-2025-8901: Out of bounds write in ANGLE</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-5063</cvename> + <cvename>CVE-2025-5064</cvename> + <cvename>CVE-2025-5065</cvename> + <cvename>CVE-2025-5068</cvename> + <cvename>CVE-2025-5280</cvename> + <cvename>CVE-2025-5281</cvename> + <cvename>CVE-2025-5283</cvename> + <cvename>CVE-2025-5419</cvename> + <cvename>CVE-2025-6191</cvename> + <cvename>CVE-2025-6192</cvename> + <cvename>CVE-2025-6554</cvename> + <cvename>CVE-2025-6556</cvename> + <cvename>CVE-2025-6557</cvename> + <cvename>CVE-2025-6558</cvename> + <cvename>CVE-2025-7656</cvename> + <cvename>CVE-2025-7657</cvename> + <cvename>CVE-2025-8010</cvename> + <cvename>CVE-2025-8576</cvename> + <cvename>CVE-2025-8578</cvename> + <cvename>CVE-2025-8580</cvename> + <cvename>CVE-2025-8582</cvename> + <cvename>CVE-2025-8879</cvename> + <cvename>CVE-2025-8880</cvename> + <cvename>CVE-2025-8881</cvename> + <cvename>CVE-2025-8901</cvename> + <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based</url> + </references> + <dates> + <discovery>2025-05-27</discovery> + <entry>2025-08-28</entry> + </dates> + </vuln> + + <vuln vid="6989312e-8366-11f0-9bc6-b42e991fc52e"> + <topic>SQLite -- application crash</topic> + <affects> + <package> + <name>sqlite3</name> + <range><lt>3.49.1</lt></range> + </package> + <package> + <name>linux_base-rl9-9.6</name> + <range><lt>9.6</lt></range> + </package> + <package> + <name>linux-c7-sqlite</name> + <range><lt>3.7.17_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cve@mitre.org reports:</p> + <blockquote cite="https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248"> + <p>In SQLite 3.49.0 before 3.49.1, certain argument values + to sqlite3_db_config (in the C-language API) can cause a + denial of service (application crash). An sz*nBig + multiplication is not cast to a 64-bit integer, and + consequently some memory allocations may be incorrect.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-29088</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-29088</url> + </references> + <dates> + <discovery>2025-04-10</discovery> + <entry>2025-08-27</entry> + </dates> + </vuln> + + <vuln vid="c323bab5-80dd-11f0-97c4-40b034429ecf"> + <topic>p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness</topic> + <affects> + <package> + <name>p5-Catalyst-Authentication-Credential-HTTP</name> + <range><lt>1.019</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>perl-catalyst project reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-40920"> + <p>Catalyst::Authentication::Credential::HTTP versions 1.018 + and earlier for Perl generate nonces using + the Perl Data::UUID library. * Data::UUID does not use a + strong cryptographic source for generating + UUIDs.* Data::UUID returns v3 UUIDs, which are generated + from known information and are unsuitable for + security, as per RFC 9562. * The nonces should be generated + from a strong cryptographic source, as per RFC 7616.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-40920</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-40920</url> + </references> + <dates> + <discovery>2025-08-11</discovery> + <entry>2025-08-24</entry> + </dates> + </vuln> + + <vuln vid="07335fb9-7eb1-11f0-ba14-b42e991fc52e"> + <topic>Mozilla -- memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>142</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072"> + <p>Memory safety bugs present in Firefox 141 and Thunderbird + 141. Some of these bugs showed evidence of memory corruption + and we presume that with enough effort some of these could + have been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9187</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9187</url> + </references> + <dates> + <discovery>2025-08-19</discovery> + <entry>2025-08-21</entry> + </dates> + </vuln> + + <vuln vid="feb359ef-7eb0-11f0-ba14-b42e991fc52e"> + <topic>Mozilla -- memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.14</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>140.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166"> + <p>Memory safety bugs present in Firefox ESR 115.26, Firefox + ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, + Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. + Some of these bugs showed evidence of memory corruption and + we presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9184</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9184</url> + <cvename>CVE-2025-9185</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9185</url> + </references> + <dates> + <discovery>2025-08-19</discovery> + <entry>2025-08-21</entry> + </dates> + </vuln> + + <vuln vid="fa7fd6d4-7eb0-11f0-ba14-b42e991fc52e"> + <topic>Firefox -- Spoofing in the Address Bar</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1976102"> + <p>Spoofing issue in the Address Bar component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9183</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9183</url> + </references> + <dates> + <discovery>2025-08-19</discovery> + <entry>2025-08-21</entry> + </dates> + </vuln> + + <vuln vid="f994cea5-7eb0-11f0-ba14-b42e991fc52e"> + <topic>Mozilla -- DoS in WebRender</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>142</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1975837"> + <p>'Denial-of-service due to out-of-memory in the + Graphics: WebRender component.'</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9182</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9182</url> + </references> + <dates> + <discovery>2025-08-19</discovery> + <entry>2025-08-21</entry> + </dates> + </vuln> + + <vuln vid="f7e8e9a3-7eb0-11f0-ba14-b42e991fc52e"> + <topic>Mozilla -- Uninitialized memory</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>140.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1977130"> + <p>Uninitialized memory in the JavaScript Engine component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9181</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9181</url> + </references> + <dates> + <discovery>2025-08-19</discovery> + <entry>2025-08-21</entry> + </dates> + </vuln> + + <vuln vid="f6219d24-7eb0-11f0-ba14-b42e991fc52e"> + <topic>Mozilla -- Same-origin policy bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>142</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979782"> + <p>'Same-origin policy bypass in the Graphics: Canvas2D + component.'</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9180</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9180</url> + </references> + <dates> + <discovery>2025-08-19</discovery> + <entry>2025-08-21</entry> + </dates> + </vuln> + + <vuln vid="f42ee983-7eb0-11f0-ba14-b42e991fc52e"> + <topic>Mozilla -- memory corruption in GMP</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>140.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979527"> + <p>An attacker was able to perform memory corruption in the GMP process + which processes encrypted media. This process is also heavily + sandboxed, but represents slightly different privileges from the + content process.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9179</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9179</url> + </references> + <dates> + <discovery>2025-08-19</discovery> + <entry>2025-08-21</entry> + </dates> + </vuln> + + <vuln vid="eb03714d-79f0-11f0-b4c1-ac5afc632ba3"> + <topic>nginx -- worker process memory disclosure</topic> + <affects> + <package> + <name>nginx-devel</name> + <range><lt>1.29.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>F5 reports:</p> + <blockquote cite="https://my.f5.com/manage/s/article/K000152786"> + <p>NGINX Open Source and NGINX Plus have a vulnerability in the + ngx_mail_smtp_module that might allow an unauthenticated attacker to + over-read NGINX SMTP authentication process memory; as a result, the + server side may leak arbitrary bytes sent in a request to the + authentication server. This issue happens during the NGINX SMTP + authentication process and requires the attacker to make preparations + against the target system to extract the leaked data. The issue + affects NGINX only if (1) it is built with the ngx_mail_smtp_module, + (2) the smtp_auth directive is configured with method "none," + and (3) the authentication server returns the "Auth-Wait" response + header.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-53859</cvename> + <url>https://www.cve.org/CVERecord?id=CVE-2025-53859</url> + </references> + <dates> + <discovery>2025-08-13</discovery> + <entry>2025-08-15</entry> + </dates> + </vuln> + + <vuln vid="a60e73e0-7942-11f0-b3f7-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>139.0.7258.127</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>139.0.7258.127</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html"> + <p>This update includes 6 security fixes:</p> + <ul> + <li>[432035817] High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15</li> + <li>[433533359] High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n) on 2025-07-23</li> + <li>[435139154] High CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep on 2025-07-30</li> + <li>[433800617] Medium CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz on 2025-07-23</li> + <li>[435623339] Medium CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq on 2025-08-01</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8579</cvename> + <cvename>CVE-2025-8580</cvename> + <cvename>CVE-2025-8901</cvename> + <cvename>CVE-2025-8881</cvename> + <cvename>CVE-2025-8882</cvename> + <url>https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html</url> + </references> + <dates> + <discovery>2025-08-12</discovery> + <entry>2025-08-14</entry> + </dates> + </vuln> + + <vuln vid="fc048b51-7909-11f0-90a2-6cc21735f730"> + <topic>PostgreSQL -- vulnerabilities</topic> + <affects> + <package> + <name>postgresql17-server</name> + <range><lt>17.6</lt></range> + </package> + <package> + <name>postgresql16-server</name> + <range><lt>16.10</lt></range> + </package> + <package> + <name>postgresql15-server</name> + <range><lt>14.14</lt></range> + </package> + <package> + <name>postgresql14-server</name> + <range><lt>14.19</lt></range> + </package> + <package> + <name>postgresql13-server</name> + <range><lt>13.22</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PostgreSQL project reports:</p> + <blockquote cite="https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/"> + <p>Tighten security checks in planner estimation functions.</p> + <p>Prevent pg_dump scripts from being used to attack the user running the restore.</p> + <p>Convert newlines to spaces in names included in comments in pg_dump output.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8713</cvename> + <cvename>CVE-2025-8714</cvename> + <cvename>CVE-2025-8715</cvename> + <url>https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/</url> + </references> + <dates> + <discovery>2025-08-11</discovery> + <entry>2025-08-14</entry> + </dates> + </vuln> + + <vuln vid="7bfe6f39-78be-11f0-9d03-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.2.0</ge><lt>18.2.2</lt></range> + <range><ge>18.1.0</ge><lt>18.1.4</lt></range> + <range><ge>8.14.0</ge><lt>18.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/"> + <p>Cross-site scripting issue in blob viewer impacts GitLab CE/EE</p> + <p>Cross-site scripting issue in labels impacts GitLab CE/EE</p> + <p>Cross-site scripting issue in Workitem impacts GitLab CE/EE</p> + <p>Improper Handling of Permissions issue in project API impacts GitLab CE/EE</p> + <p>Incorrect Privilege Assignment issue in delete issues operation impacts GitLab CE/EE</p> + <p>Allocation of Resources Without Limits issue in release name creation impacts GitLab CE/EE</p> + <p>Incorrect Authorization issue in jobs API impacts GitLab CE/EE</p> + <p>Authorization issue in Merge request approval policy impacts GitLab EE</p> + <p>Inefficient Regular Expression Complexity issue in wiki impacts GitLab CE/EE</p> + <p>Allocation of Resources Without Limits issue in Mattermost integration impacts GitLab CE/EE</p> + <p>Incorrect Permission Assignment issue in ID token impacts GitLab CE/EE</p> + <p>Insufficient Access Control issue in IP Restriction impacts GitLab EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-7734</cvename> + <cvename>CVE-2025-7739</cvename> + <cvename>CVE-2025-6186</cvename> + <cvename>CVE-2025-8094</cvename> + <cvename>CVE-2024-12303</cvename> + <cvename>CVE-2025-2614</cvename> + <cvename>CVE-2024-10219</cvename> + <cvename>CVE-2025-8770</cvename> + <cvename>CVE-2025-2937</cvename> + <cvename>CVE-2025-1477</cvename> + <cvename>CVE-2025-5819</cvename> + <cvename>CVE-2025-2498</cvename> + <url>https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/</url> + </references> + <dates> + <discovery>2025-08-13</discovery> + <entry>2025-08-14</entry> + </dates> + </vuln> + + <vuln vid="e2d49973-785a-11f0-a1c0-0050569f0b83"> + <topic>www/varnish7 -- Denial of Service in HTTP/2</topic> + <affects> + <package> + <name>varnish7</name> + <range><lt>7.7.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Varnish Development Team reports:</p> + <blockquote cite="https://varnish-cache.org/security/VSV00017.html#vsv00017"> + <p>A denial of service attack can be performed on Varnish Cache servers + that have the HTTP/2 protocol turned on. An attacker can create a + large number of streams and immediately reset them without ever + reaching the maximum number of concurrent streams allowed for the + session, causing the Varnish server to consume unnecessary + resources processing requests for which the response will not be + delivered.</p> + <p>This attack is a variant of the HTTP/2 Rapid Reset Attack, which was + partially handled as VSV00013.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8671</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8671</url> + </references> + <dates> + <discovery>2025-08-13</discovery> + <entry>2025-08-13</entry> + </dates> + </vuln> + + <vuln vid="defe9a20-781e-11f0-97c4-40b034429ecf"> + <topic>p5-Authen-SASL -- Insecure source of randomness</topic> + <affects> + <package> + <name>p5-Authen-SASL</name> + <range><lt>2.1900</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>p5-Authen-SASL project reports:</p> + <blockquote cite="https://github.com/advisories/GHSA-496q-8ph2-c4fj"> + <p>Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.</p> + <p>The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. + The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. + The built-in rand function is unsuitable for cryptographic usage.</p> + <p>According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server + to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. + It is RECOMMENDED that it contain at least 64 bits of entropy.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-40918</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-40918</url> + </references> + <dates> + <discovery>2025-07-16</discovery> + <entry>2025-08-13</entry> + </dates> + </vuln> + <vuln vid="15fd1321-768a-11f0-b3f7-a8a1599412c6"> <topic>chromium -- multiple security fixes</topic> <affects> |