path: root/security/vuxml/vuln/2025.xml

  <vuln vid="cd7f969e-6cb4-11f0-97c4-40b034429ecf">
    <topic>p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</topic>
    <affects>
      <package>
	<name>p5-Crypt-CBC</name>
	<range><lt>3.07</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Lib-Crypt-CBC project reports:</p>
	<blockquote cite="https://perldoc.perl.org/functions/rand">
	  <p>
	  Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default
	  source of entropy, which is not cryptographically secure, for cryptographic functions.
	  This issue affects operating systems where "/dev/urandom'" is unavailable.
	  In that case, Crypt::CBC will fallback to use the insecure rand() function.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2814</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-2814</url>
    </references>
    <dates>
      <discovery>2025-04-12</discovery>
      <entry>2025-07-29</entry>
    </dates>
  </vuln>

  <vuln vid="c37f29ba-6ae3-11f0-b4bf-ecf4bbefc954">
    <topic>viewvc -- Arbitrary server filesystem content</topic>
    <affects>
      <package>
	<name>viewvc</name>
	<range><ge>1.1.0</ge><le>1.1.30</le></range>
      </package>
      <package>
	<name>viewvc</name>
	<range><ge>1.2.0</ge><le>1.2.3</le></range>
      </package>
      <package>
	<name>viewvc-devel</name>
	<range><lt>1.3.0.20250316_1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cmpilato reports:</p>
	<blockquote cite="https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397">
	  <p>
	    The ViewVC standalone web server (standalone.py) is a script provided in the ViewVC
	    distribution for the purposes of quickly testing a ViewVC configuration. This script
	    can in particular configurations expose the contents of the host server's filesystem
	    though a directory traversal-style attack.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-54141</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-54141</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-25</entry>
    </dates>
  </vuln>

  <vuln vid="eed1a411-699b-11f0-91fe-000c295725e4">
    <topic>rubygem-resolv -- Possible denial of service</topic>
    <affects>
      <package>
	<name>rubygem-resolv</name>
	<range><lt>0.6.2</lt></range>
      </package>
      <package>
	<name>ruby</name>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.9,1</lt></range>
	<range><ge>3.3.0.p1,1</ge><lt>3.3.9,1</lt></range>
	<range><ge>3.4.0.p1,1</ge><lt>3.4.5,1</lt></range>
	<range><ge>3.5.0.p1,1</ge><lt>3.5.0.p2,1</lt></range>
      </package>
      <package>
	<name>ruby32</name>
	<range><lt>3.2.9,1</lt></range>
      </package>
      <package>
	<name>ruby33</name>
	<range><lt>3.3.9,1</lt></range>
      </package>
      <package>
	<name>ruby34</name>
	<range><lt>3.4.5,1</lt></range>
      </package>
      <package>
	<name>ruby35</name>
	<range><lt>3.5.0.p2,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Manu reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/">
	  <p>
	    The vulnerability is caused by an insufficient check on
	    the length of a decompressed domain name within a DNS
	    packet.
	  </p>
	  <p>
	    An attacker can craft a malicious DNS packet containing a
	    highly compressed domain name. When the resolv library
	    parses such a packet, the name decompression process
	    consumes a large amount of CPU resources, as the library
	    does not limit the resulting length of the name.
	  </p>
	  <p>
	    This resource consumption can cause the application thread
	    to become unresponsive, resulting in a Denial of Service
	    condition.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-24294</cvename>
      <url>https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/</url>
    </references>
    <dates>
      <discovery>2025-07-08</discovery>
      <entry>2025-07-25</entry>
    </dates>
  </vuln>

  <vuln vid="67c6461f-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116">
	  <p>Memory safety bugs present in Firefox 140 and
	  Thunderbird 140. Some of these bugs showed evidence of
	  memory corruption and we presume that with enough effort
	  some of these could have been exploited to run arbitrary
	  code.</p>
	  <p>Focus incorrectly truncated URLs towards the beginning instead of
	    around the origin.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8044</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8044</url>
      <cvename>CVE-2025-8043</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8043</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="62f1a68f-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975058%2C1975998%2C1975998">
	  <p>Memory safety bugs present in Firefox ESR 140.0,
	  Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140.
	  Some of these bugs showed evidence of memory corruption and
	  we presume that with enough effort some of these could have
	  been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8040</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8040</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="6088905c-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Persisted search terms in the URL bar</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1970997">
	  <p>In some cases search terms persisted in the URL bar even after
	navigating away from the search page.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8039</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8039</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="5d91def0-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Ignored paths while checking navigations</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1808979">
	  <p>Thunderbird ignored paths when checking the validity of
	  navigations in a frame.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8038</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8038</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="5abc2187-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- cookie shadowing</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1964767">
	  <p>Setting a nameless cookie with an equals sign in the
	  value shadowed other cookies. Even if the nameless cookie
	  was set over HTTP and the shadowed cookie included the
	  `Secure` attribute.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8037</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8037</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="58027367-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- CORS circumvention</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1960834">
	  <p>Thunderbird cached CORS preflight responses across IP
	  address changes. This allowed circumventing CORS with DNS
	  rebinding.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8036</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8036</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="55096bd3-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961">
	  <p>Memory safety bugs present in Firefox ESR 128.12,
	  Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR
	  140.0, Firefox 140 and Thunderbird 140. Some of these bugs
	  showed evidence of memory corruption and we presume that
	  with enough effort some of these could have been exploited
	  to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8035</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8035</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="4faa01cb-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.26</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422">
	  <p>Memory safety bugs present in Firefox ESR 115.25, Firefox
	  ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0,
	  Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some
	  of these bugs showed evidence of memory corruption and we
	  presume that with enough effort some of these could have
	  been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8034</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8034</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="4d03efe7-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- nullptr dereference</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.26</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1973990">
	  <p>The JavaScript engine did not handle closed generators
	  correctly and it was possible to resume them leading to a
	  nullptr deref.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8033</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8033</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="4a357f4b-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- XSLT document CSP bypass</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1974407">
	  <p>XSLT document loading did not correctly propagate the
	  source document which bypassed its CSP.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8032</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8032</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="477e9eb3-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- HTTP Basic Authentication credentials leak</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971719">
	  <p>The `username:password` part was not correctly stripped
	  from URLs in CSP reports potentially leaking HTTP Basic
	  Authentication credentials.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8031</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8031</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="44b3048b-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Insufficient input escaping</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968414">
	  <p>Insufficient escaping in the Copy as cURL feature could
	  potentially be used to trick a user into executing
	  unexpected code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8030</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8030</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="419bcf99-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- 'javascript:' URLs execution</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1928021">
	  <p>Thunderbird executed `javascript:` URLs when used in
	  `object` and `embed` tags.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8029</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8029</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="3e9406a7-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- Incorrect computation of branch address</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.26</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971581">
	  <p>On arm64, a WASM `br_table` instruction with a lot of
	  entries could lead to the label being too far from the
	  instruction causing truncation and incorrect computation of
	  the branch address.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8028</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8028</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="3c234220-685e-11f0-a12d-b42e991fc52e">
    <topic>Mozilla -- IonMonkey-JIT bad stack write</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>141.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.13</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.26</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>141.0</lt></range>
      </package>
      <package>
	<name>thunderbird-esr</name>
	<range><lt>140.1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968423">
	  <p>On 64-bit platforms IonMonkey-JIT only wrote 32 bits of
	  the 64-bit return value space on the stack. Baseline-JIT,
	  however, read the entire 64 bits.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-8027</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8027</url>
    </references>
    <dates>
      <discovery>2025-07-22</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="3d4393b2-68a5-11f0-b2b4-589cfc10832a">
    <topic>gdk-pixbuf2 -- a heap buffer overflow</topic>
    <affects>
      <package>
	<name>gdk-pixbuf2</name>
	<range><lt>2.42.12_2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://www.cve.org/CVERecord?id=CVE-2025-7345">
	  <p>A flaw exists in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment
	function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c).
	When processing maliciously crafted JPEG images, a heap buffer overflow can occur
	during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially
	causing application crashes or arbitrary code execution.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-7345</cvename>
      <url>https://www.cve.org/CVERecord?id=CVE-2025-7345</url>
    </references>
    <dates>
      <discovery>2025-07-24</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="b3948bf3-685e-11f0-bff5-6805ca2fa271">
    <topic>powerdns-recursor -- cache pollution</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><lt>5.2.4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://blog.powerdns.com/powerdns-security-advisory-2025-04">
	  <p>An attacker spoofing answers to ECS enabled requests
	  sent out by the Recursor has a chance of success higher
	  than non-ECS enabled queries.	The updated version include
	  various mitigations against spoofing attempts of ECS enabled
	  queries by chaining ECS enabled requests and enforcing
	  stricter validation of the received answers. The most strict
	  mitigation done when the new setting outgoing.edns_subnet_harden
	  (old style name edns-subnet-harden) is enabled.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-30192</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-30192</url>
   </references>
    <dates>
      <discovery>2025-07-21</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="5683b3a7-683d-11f0-966e-2cf05da270f3">
    <topic>Gitlab -- vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>18.2.0</ge><lt>18.2.1</lt></range>
	<range><ge>18.1.0</ge><lt>18.1.3</lt></range>
	<range><ge>15.0.0</ge><lt>18.0.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/">
	  <p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE</p>
	  <p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs</p>
	  <p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p>
	  <p>Improper Access Control issue impacts GitLab EE</p>
	  <p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p>
	  <p>Improper Access Control issue impacts GitLab CE/EE</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4700</cvename>
      <cvename>CVE-2025-4439</cvename>
      <cvename>CVE-2025-7001</cvename>
      <cvename>CVE-2025-4976</cvename>
      <cvename>CVE-2025-0765</cvename>
      <cvename>CVE-2025-1299</cvename>
      <url>https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/</url>
    </references>
    <dates>
      <discovery>2025-07-23</discovery>
      <entry>2025-07-24</entry>
    </dates>
  </vuln>

  <vuln vid="0f5bcba2-67fb-11f0-9ee5-b42e991fc52e">
    <topic>sqlite -- Integer Truncation on SQLite</topic>
    <affects>
      <package>
	<name>sqlite3</name>
	<range><lt>3.50.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve-coordination@google.com reports:</p>
	<blockquote cite="https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8">
	  <p>There exists a vulnerability in SQLite versions before
	  3.50.2 where the number of aggregate terms could exceed the
	  number of columns available. This could lead to a memory
	  corruption issue.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6965</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6965</url>
    </references>
    <dates>
      <discovery>2025-07-15</discovery>
      <entry>2025-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="80411ba2-6729-11f0-a5cb-8c164580114f">
    <topic>7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder</topic>
    <affects>
      <package>
	<name>7-zip</name>
	<range><lt>25.00</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/">
	  <p>7-Zip is a file archiver with a high compression ratio.  Zeroes
	written outside heap buffer in RAR5 handler may lead to memory
	corruption and denial of service in versions of 7-Zip prior to
	25.0.0.  Version 25.0.0 contains a fix for the issue.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-53816</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53816</url>
    </references>
    <dates>
      <discovery>2025-07-17</discovery>
      <entry>2025-07-22</entry>
    </dates>
  </vuln>

  <vuln vid="605a9d1e-6521-11f0-beb2-ac5afc632ba3">
    <topic>libwasmtime -- host panic with fd_renumber WASIp1 function</topic>
    <affects>
      <package>
	<name>libwasmtime</name>
	<range><ge>24.0.0</ge><lt>24.0.4</lt></range>
	<range><ge>33.0.0</ge><lt>33.0.2</lt></range>
	<range><ge>34.0.0</ge><lt>34.0.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>WasmTime development team reports:</p>
	<blockquote cite="https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc">
	  <p>A bug in Wasmtime's implementation of the WASIp1 set of import
	  functions can lead to a WebAssembly guest inducing a panic in the
	  host (embedder).</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-53901</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53901</url>
    </references>
    <dates>
      <discovery>2025-07-18</discovery>
      <entry>2025-07-20</entry>
    </dates>
  </vuln>

  <vuln vid="e27ee4fc-cdc9-45a1-8242-09898cdbdc91">
    <topic>unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack</topic>
    <affects>
      <package>
	<name>unbound</name>
	<range><gt>1.6.1</gt><lt>1.23.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>sep@nlnetlabs.nl reports:</p>
	<blockquote cite="https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt">
	  <p>A multi-vendor cache poisoning vulnerability named &apos;Rebirthday
	Attack&apos; has been discovered in caching resolvers that support
	EDNS Client Subnet (ECS).  Unbound is also vulnerable when compiled
	with ECS support, i.e., &apos;--enable-subnet&apos;, AND configured
	to send ECS information along with queries to upstream name servers,
	i.e., at least one of the &apos;send-client-subnet&apos;,
	&apos;client-subnet-zone&apos; or &apos;client-subnet-always-forward&apos;
	options is used.  Resolvers supporting ECS need to segregate outgoing
	queries to accommodate for different outgoing ECS information.  This
	re-opens up resolvers to a birthday paradox attack (Rebirthday
	Attack) that tries to match the DNS transaction ID in order to cache
	non-ECS poisonous replies.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5994</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5994</url>
    </references>
    <dates>
      <discovery>2025-07-16</discovery>
      <entry>2025-07-18</entry>
    </dates>
  </vuln>

  <vuln vid="aeac223e-60e1-11f0-8baa-8447094a420f">
    <topic>liboqs -- Secret-dependent branching in HQC</topic>
    <affects>
      <package>
	<name>liboqs</name>
	<range><lt>0.14.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenQuantumSafe project reports:</p>
	<blockquote cite="https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm">
	  <p>Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-52473</cvename>
      <url>https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm</url>
    </references>
    <dates>
      <discovery>2025-07-10</discovery>
      <entry>2025-07-14</entry>
    </dates>
  </vuln>

  <vuln vid="c3e1df74-5e73-11f0-95e5-74563cf9e4e9">
    <topic>GnuTLS -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gnutls</name>
	<range><lt>3.8.10</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Daiki Ueno  reports:</p>
	<blockquote cite="https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html">
	  <ul>
	    <li>libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
	      Spotted by oss-fuzz and reported by OpenAI Security Research Team,
	      and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
	      CVSS: medium] [CVE-2025-32989]</li>
	    <li>libgnutls: Fix double-free upon error when exporting otherName in SAN
	      Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
	      CVSS: low] [CVE-2025-32988]</li>
	    <li>certtool: Fix 1-byte write buffer overrun when parsing template
	      Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
	      CVSS: low] [CVE-2025-32990]</li>
	    <li>libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
	      Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
	      [CVE-2025-6395]</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-32989</cvename>
      <cvename>CVE-2025-32988</cvename>
      <cvename>CVE-2025-32990</cvename>
      <cvename>CVE-2025-6395</cvename>
      <url>https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html</url>
    </references>
    <dates>
      <discovery>2025-07-09</discovery>
      <entry>2025-07-14</entry>
    </dates>
  </vuln>

  <vuln vid="b0a3466f-5efc-11f0-ae84-99047d0a6bcc">
    <topic>libxslt -- unmaintained, with multiple unfixed vulnerabilities</topic>
    <affects>
      <package>
	<name>libxslt</name>
	<range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed -->
      </package>
      <package>
	<name>linux-c7-libxslt</name>
	<range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed -->
      </package>
      <package>
	<name>linux-rl9-libxslt</name>
	<range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed -->
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Alan Coopersmith reports:</p>
	<blockquote cite="https://www.openwall.com/lists/oss-security/2025/07/11/2">
	  <p>On 6/16/25 15:12, Alan Coopersmith wrote:</p>
	  <p><em>
	    BTW, users of libxml2 may also be using its sibling project, libxslt,
	    which currently has no active maintainer, but has three unfixed security issues
	    reported against it according to
	    <a href="https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt">
		https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</a>
	  </em></p>
	  <p>2 of the 3 have now been disclosed:</p>
	  <p>(CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes<br />
	    <a href="https://gitlab.gnome.org/GNOME/libxslt/-/issues/139">https://gitlab.gnome.org/GNOME/libxslt/-/issues/139</a>
	    <a href="https://project-zero.issues.chromium.org/issues/409761909">https://project-zero.issues.chromium.org/issues/409761909</a></p>
	  <p>(CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption<br />
	    <a href="https://gitlab.gnome.org/GNOME/libxslt/-/issues/140">https://gitlab.gnome.org/GNOME/libxslt/-/issues/140</a><br /><a href="https://project-zero.issues.chromium.org/issues/410569369">https://project-zero.issues.chromium.org/issues/410569369</a></p>
	  <p>Engineers from Apple &amp; Google have proposed patches in the GNOME gitlab issues,
	  but neither has had a fix applied to the git repo since there is currently no
	    maintainer for libxslt.</p>
	</blockquote>
	<p>Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see
	  <a href="https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt">
	    https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</a>
	</p>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-7424</cvename>
      <cvename>CVE-2025-7425</cvename>
      <url>https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</url>
      <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/139</url>
      <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/140</url>
      <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/144</url>
      <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/148</url>
      <url>https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988</url>
    </references>
    <dates>
      <discovery>2025-04-10</discovery>
      <entry>2025-07-12</entry>
    </dates>
  </vuln>

  <vuln vid="abbc8912-5efa-11f0-ae84-99047d0a6bcc">
    <topic>libxml2 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.14.5</lt></range>
      </package>
      <package>
	<name>linux-c7-libxml2</name>
	<range><lt>2.14.5</lt></range> <!-- needs update once fixed version appears -->
      </package>
      <package>
	<name>linux-rl9-libxml2</name>
	<range><lt>2.14.5</lt></range> <!-- needs update once fixed version appears -->
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Alan Coopersmith reports:</p>
	<blockquote cite="https://www.openwall.com/lists/oss-security/2025/06/16/6">
	  <p>As discussed in
	    <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913">https://gitlab.gnome.org/GNOME/libxml2/-/issues/913</a> the
	  security policy of libxml2 has been changed to disclose vulnerabilities
	  before fixes are available so that people other than the maintainer can
	    contribute to fixing security issues in this library.</p>
	  <p>As part of this, the following 5 CVE's have been disclosed recently:</p>
	  <p>(CVE-2025-49794) Heap use after free (UAF) leads to Denial of service (DoS)
	    <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/931">https://gitlab.gnome.org/GNOME/libxml2/-/issues/931</a> [...]</p>
	  <p>(CVE-2025-49795) Null pointer dereference leads to Denial of service (DoS)
	    <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/932">https://gitlab.gnome.org/GNOME/libxml2/-/issues/932</a> [...]</p>
	  <p>(CVE-2025-49796) Type confusion leads to Denial of service (DoS)
	    <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/933">https://gitlab.gnome.org/GNOME/libxml2/-/issues/933</a> [...]</p>
	  <p>For all three of the above, note that upstream is considering removing Schematron support completely, as discussed in
	    <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/935">https://gitlab.gnome.org/GNOME/libxml2/-/issues/935</a>.</p>
	  <p>(CVE-2025-6021) Integer Overflow Leading to Buffer Overflow in xmlBuildQName()
	    <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/926">https://gitlab.gnome.org/GNOME/libxml2/-/issues/926</a> [...]</p>
	  <p>(CVE-2025-6170) Stack-based Buffer Overflow in xmllint Shell
	    <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/941">https://gitlab.gnome.org/GNOME/libxml2/-/issues/941</a> [...]</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6021</cvename>
      <cvename>CVE-2025-6170</cvename>
      <cvename>CVE-2025-49794</cvename>
      <cvename>CVE-2025-49795</cvename>
      <cvename>CVE-2025-49795</cvename>
      <url>https://www.openwall.com/lists/oss-security/2025/06/16/6</url>
      <url>https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/913</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/931</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/932</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/933</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/935</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/926</url>
      <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/941</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-07-12</entry>
      <modified>2025-07-15</modified>
    </dates>
  </vuln>

  <vuln vid="61d74f80-5e9e-11f0-8baa-8447094a420f">
    <topic>mod_http2 -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mod_http2</name>
	<range><lt>2.0.33</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The mod_http2 project reports:</p>
	<blockquote cite="https://github.com/icing/mod_h2/releases/tag/v2.0.33">
	  <p>a client can increase memory consumption for a HTTP/2 connection
	    via repeated request header names,leading to denial of service</p>
	  <p>certain proxy configurations whith mod_proxy_http2 as the
	    backend, an assertion can be triggered by certain requests, leading
	    to denial of service</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-53020</cvename>
      <cvename>CVE-2025-49630</cvename>
      <url>https://github.com/icing/mod_h2/releases/tag/v2.0.33</url>
    </references>
    <dates>
      <discovery>2025-07-10</discovery>
      <entry>2025-07-11</entry>
    </dates>
  </vuln>

  <vuln vid="342f2a0a-5e9b-11f0-8baa-8447094a420f">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.64</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
	  <p>moderate: Apache HTTP Server: HTTP response splitting (CVE-2024-42516)</p>
	  <p>low: Apache HTTP Server: SSRF with mod_headers setting Content-Type header (CVE-2024-43204)</p>
	  <p>moderate: Apache HTTP Server: SSRF on Windows due to UNC paths (CVE-2024-43394)</p>
	  <p>low: Apache HTTP Server: mod_ssl error log variable escaping (CVE-2024-47252)</p>
	  <p>moderate: Apache HTTP Server: mod_ssl access control bypass with session resumption (CVE-2025-23048)</p>
	  <p>low: Apache HTTP Server: mod_proxy_http2 denial of service (CVE-2025-49630)</p>
	  <p>moderate: Apache HTTP Server: mod_ssl TLS upgrade attack (CVE-2025-49812)</p>
	  <p>moderate: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-42516</cvename>
      <cvename>CVE-2024-43204</cvename>
      <cvename>CVE-2024-43394</cvename>
      <cvename>CVE-2024-47252</cvename>
      <cvename>CVE-2025-23048</cvename>
      <cvename>CVE-2025-49630</cvename>
      <cvename>CVE-2025-49812</cvename>
      <cvename>CVE-2025-53020</cvename>
      <url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
    </references>
    <dates>
      <discovery>2025-07-10</discovery>
      <entry>2025-07-11</entry>
    </dates>
  </vuln>

  <vuln vid="ef87346f-5dd0-11f0-beb2-ac5afc632ba3">
    <topic>Apache Tomcat -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>tomcat110</name>
	<range><ge>11.0.0</ge><lt>11.0.9</lt></range>
      </package>
      <package>
	<name>tomcat101</name>
	<range><ge>10.1.0</ge><lt>10.1.43</lt></range>
      </package>
      <package>
	<name>tomcat9</name>
	<range><ge>9.0.0</ge><lt>9.0.107</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@apache.org reports:</p>
	<blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00710.html">
	  <p>A race condition on connection close could trigger a JVM crash when using the
	  APR/Native connector leading to a DoS.  This was particularly noticeable with client
	  initiated closes of HTTP/2 connections.</p>
	</blockquote>
	<blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00713.html">
	  <p>An uncontrolled resource consumption vulnerability if an HTTP/2 client did not
	  acknowledge the initial settings frame that reduces the maximum permitted
	  concurrent streams could result in a DoS.</p>
	</blockquote>
	<blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00714.html">
	  <p>For some unlikely configurations of multipart upload, an Integer Overflow
	  vulnerability could lead to a DoS via bypassing of size limits.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-52434</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52434</url>
      <cvename>CVE-2025-52520</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52520</url>
      <cvename>CVE-2025-53506</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53506</url>
    </references>
    <dates>
      <discovery>2025-07-10</discovery>
      <entry>2025-07-10</entry>
      <modified>2025-07-15</modified>
    </dates>
  </vuln>

  <vuln vid="20823cc0-5d45-11f0-966e-2cf05da270f3">
    <topic>Gitlab -- vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>18.1.0</ge><lt>18.1.2</lt></range>
	<range><ge>18.0.0</ge><lt>18.0.4</lt></range>
	<range><ge>13.3.0</ge><lt>17.11.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/">
	  <p>Cross-site scripting issue impacts GitLab CE/EE</p>
	  <p>Improper authorization issue impacts GitLab CE/EE</p>
	  <p>Improper authorization issue impacts GitLab EE</p>
	  <p>Improper authorization issue impacts GitLab EE</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6948</cvename>
      <cvename>CVE-2025-3396</cvename>
      <cvename>CVE-2025-4972</cvename>
      <cvename>CVE-2025-6168</cvename>
      <url>https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/</url>
    </references>
    <dates>
      <discovery>2025-07-09</discovery>
      <entry>2025-07-10</entry>
    </dates>
  </vuln>

  <vuln vid="2a4472ed-5c0d-11f0-b991-291fce777db8">
    <topic>git -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>git</name>
	<name>git-cvs</name>
	<name>git-gui</name>
	<name>git-p4</name>
	<name>git-svn</name>
	<range><lt>2.50.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Git development team reports:</p>
	<blockquote cite="https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g">
	  <p>CVE-2025-27613: Gitk:
	     When a user clones an untrusted repository and runs Gitk without
	     additional command arguments, any writable file can be created and
	     truncated. The option "Support per-file encoding" must have been
	     enabled. The operation "Show origin of this line" is affected as
	     well, regardless of the option being enabled or not.
	  </p>
	  <p>CVE-2025-27614: Gitk:
	    A Git repository can be crafted in such a way that a user who has
	    cloned the repository can be tricked into running any script
	    supplied by the attacker by invoking `gitk filename`, where
	    `filename` has a particular structure.
	  </p>
	  <p>CVE-2025-46835: Git GUI:
	    When a user clones an untrusted repository and is tricked into
	    editing a file located in a maliciously named directory in the
	    repository, then Git GUI can create and overwrite any writable
	    file.
	  </p>
	  <p>CVE-2025-48384: Git:
	    When reading a config value, Git strips any trailing carriage
	    return and line feed (CRLF). When writing a config entry, values
	    with a trailing CR are not quoted, causing the CR to be lost when
	    the config is later read.  When initializing a submodule, if the
	    submodule path contains a trailing CR, the altered path is read
	    resulting in the submodule being checked out to an incorrect
	    location. If a symlink exists that points the altered path to the
	    submodule hooks directory, and the submodule contains an executable
	    post-checkout hook, the script may be unintentionally executed
	    after checkout.
	  </p>
	  <p>CVE-2025-48385: Git:
	    When cloning a repository Git knows to optionally fetch a bundle
	    advertised by the remote server, which allows the server-side to
	    offload parts of the clone to a CDN. The Git client does not
	    perform sufficient validation of the advertised bundles, which
	    allows the remote side to perform protocol injection.
	    This protocol injection can cause the client to write the fetched
	    bundle to a location controlled by the adversary. The fetched
	    content is fully controlled by the server, which can in the worst
	    case lead to arbitrary code execution.
	  </p>
	  <p>CVE-2025-48386: Git:
	    The wincred credential helper uses a static buffer (`target`) as a
	    unique key for storing and comparing against internal storage. This
	    credential helper does not properly bounds check the available
	    space remaining in the buffer before appending to it with
	    `wcsncat()`, leading to potential buffer overflows.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27613</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613</url>
      <cvename>CVE-2025-27614</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614</url>
      <cvename>CVE-2025-46835</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835</url>
      <cvename>CVE-2025-48384</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384</url>
      <cvename>CVE-2025-48385</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385</url>
      <cvename>CVE-2025-48386</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48386</url>
    </references>
    <dates>
      <discovery>2025-04-11</discovery>
      <entry>2025-07-08</entry>
    </dates>
  </vuln>

  <vuln vid="79251dc8-5bc5-11f0-834f-b42e991fc52e">
    <topic>MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections</topic>
    <affects>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.23</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.20</lt></range>
      </package>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.9</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-106753">
	 <p>MongoDB Server&apos;s mongos component can become
	unresponsive to new connections due to incorrect handling of
	incomplete data. This affects MongoDB when configured with
	load balancer support.
	Required Configuration:
	This affects MongoDB sharded clusters when configured with load
	balancer support for mongos using HAProxy on specified ports.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6714</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6714</url>
    </references>
    <dates>
      <discovery>2025-07-07</discovery>
      <entry>2025-07-08</entry>
    </dates>
  </vuln>

  <vuln vid="77dc1fc4-5bc5-11f0-834f-b42e991fc52e">
    <topic>MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage</topic>
    <affects>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.22</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.20</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-106752">
	  <p>An unauthorized user may leverage a specially crafted
	  aggregation pipeline to access data without proper
	  authorization due to improper handling of the $mergeCursors
	  stage in MongoDB Server. This may lead to access to data
	  without further authorisation.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6713</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6713</url>
    </references>
    <dates>
      <discovery>2025-07-07</discovery>
      <entry>2025-07-08</entry>
    </dates>
  </vuln>

  <vuln vid="764204eb-5bc5-11f0-834f-b42e991fc52e">
    <topic>MongoDB -- may be susceptible to DoS due to Accumulated Memory Allocation</topic>
    <affects>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.10</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-106751">
	  <p>MongoDB Server may be susceptible to disruption caused by
	  high memory usage, potentially leading to server crash. This
	  condition is linked to inefficiencies in memory management
	  related to internal operations. In scenarios where certain
	  internal processes persist longer than anticipated, memory
	  consumption can increase, potentially impacting server
	  stability and availability.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6712</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6712</url>
    </references>
    <dates>
      <discovery>2025-07-07</discovery>
      <entry>2025-07-08</entry>
    </dates>
  </vuln>

  <vuln vid="72ddee1f-5bc5-11f0-834f-b42e991fc52e">
    <topic>MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs</topic>
    <affects>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.21</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.18</lt></range>
      </package>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-98720">
	  <p>An issue has been identified in MongoDB Server where
	  unredacted queries may inadvertently appear in server logs
	  when certain error conditions are encountered.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6711</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6711</url>
    </references>
    <dates>
      <discovery>2025-07-07</discovery>
      <entry>2025-07-08</entry>
    </dates>
  </vuln>

  <vuln vid="c0f3f54c-5bc4-11f0-834f-b42e991fc52e">
    <topic>ModSecurity -- empty XML tag causes segmentation fault</topic>
    <affects>
      <package>
	<name>ap24-mod_security</name>
	<range><lt>2.9.11</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/commit/ecd7b9736836eee391d25f35d5bd06a3ce35a45d">
	  <p>ModSecurity is an open source, cross platform web application
	firewall (WAF) engine for Apache, IIS and Nginx.  In versions 2.9.8
	to before 2.9.11, an empty XML tag can cause a segmentation fault.
	If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request
	type is application/xml, and at least one XML tag is empty (eg
	&lt;foo&gt;&lt;/foo&gt;), then a segmentation fault occurs.  This
	issue has been patched in version 2.9.11.  A workaround involves
	setting SecParseXmlIntoArgs to Off.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-52891</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52891</url>
    </references>
    <dates>
      <discovery>2025-07-02</discovery>
      <entry>2025-07-08</entry>
    </dates>
  </vuln>

  <vuln vid="7b3e7f71-5b30-11f0-b507-000c295725e4">
    <topic>redis,valkey -- DoS Vulnerability due to bad connection error handling</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>8.0.0</ge><lt>8.0.3</lt></range>
      </package>
      <package>
	<name>redis74</name>
	<range><ge>7.4.0</ge><lt>7.4.5</lt></range>
      </package>
      <package>
	<name>redis72</name>
	<range><ge>7.2.0</ge><lt>7.2.10</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><ge>6.2.0</ge><lt>6.2.19</lt></range>
      </package>
      <package>
	<name>valkey</name>
	<range><lt>8.1.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>@julienperriercornet reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq">
	  <p>
	     An unauthenticated connection can cause repeated IP
	     protocol errors, leading to client starvation and,
	     ultimately, a denial of service.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-48367</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq</url>
    </references>
    <dates>
      <discovery>2025-07-06</discovery>
      <entry>2025-07-07</entry>
    </dates>
  </vuln>

  <vuln vid="f11d0a69-5b2d-11f0-b507-000c295725e4">
    <topic>redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>8.0.0</ge><lt>8.0.3</lt></range>
      </package>
      <package>
	<name>redis74</name>
	<range><ge>7.4.0</ge><lt>7.4.5</lt></range>
      </package>
      <package>
	<name>redis72</name>
	<range><ge>7.2.0</ge><lt>7.2.10</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><ge>6.2.0</ge><lt>6.2.19</lt></range>
      </package>
      <package>
	<name>valkey</name>
	<range><lt>8.1.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Seunghyun Lee reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43">
	  <p>
	    An authenticated user may use a specially crafted string
	    to trigger a stack/heap out of bounds write on hyperloglog
	    operations, potentially leading to remote code execution.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-32023</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43</url>
    </references>
    <dates>
      <discovery>2025-07-06</discovery>
      <entry>2025-07-07</entry>
    </dates>
  </vuln>

  <vuln vid="4ea9cbc3-5b28-11f0-b507-000c295725e4">
    <topic>redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>8.0.0</ge><lt>8.0.2</lt></range>
      </package>
      <package>
	<name>redis74</name>
	<range><ge>7.4.0</ge><lt>7.4.4</lt></range>
      </package>
      <package>
	<name>redis72</name>
	<range><ge>7.2.0</ge><lt>7.2.9</lt></range>
      </package>
      <package>
	<name>valkey</name>
	<range><lt>8.1.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simcha Kosman &amp; CyberArk Labs reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm">
	  <p>A user can run the {redis,valkeyu}-check-aof cli and pass
	  a long file path to trigger a stack buffer overflow, which
	  may potentially lead to remote code execution.</p>
	  <p></p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27151</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm</url>
    </references>
    <dates>
      <discovery>2025-05-28</discovery>
      <entry>2025-07-07</entry>
    </dates>
  </vuln>

  <vuln vid="7642ba72-5abf-11f0-87ba-002590c1f29c">
    <topic>FreeBSD -- Use-after-free in multi-threaded xz decoder</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>14.2</ge><lt>14.2_4</lt></range>
	<range><ge>13.5</ge><lt>13.5_2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>A worker thread could free its input buffer after decoding,
	while the main thread might still be writing to it.  This leads to
	an use-after-free condition on heap memory.</p>
	<h1>Impact:</h1>
	<p>An attacker may use specifically crafted .xz file to cause
	multi-threaded xz decoder to crash, or potentially run arbitrary
	code under the credential the decoder was executed.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-31115</cvename>
      <freebsdsa>SA-25:06.xz</freebsdsa>
    </references>
    <dates>
      <discovery>2025-07-02</discovery>
      <entry>2025-07-06</entry>
    </dates>
  </vuln>

  <vuln vid="69bfe2a4-5a39-11f0-8792-4ccc6adda413">
    <topic>gstreamer1-plugins-bad -- stack buffer overflow in H.266 video parser</topic>
    <affects>
      <package>
	<name>gstreamer1-plugins-bad</name>
	<range><lt>1.26.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>GStreamer Security Center reports:</p>
	<blockquote cite="https://gstreamer.freedesktop.org/security/sa-2025-0007.html">
	  <p>It is possible for a malicious third party to trigger a buffer overflow that can
	   result in a crash of the application and possibly also allow code execution through
	   stack manipulation.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6663</cvename>
      <url>https://gstreamer.freedesktop.org/security/sa-2025-0007.html</url>
    </references>
    <dates>
      <discovery>2025-06-26</discovery>
      <entry>2025-07-06</entry>
    </dates>
  </vuln>

  <vuln vid="a55d2120-58cf-11f0-b4ad-b42e991fc52e">
    <topic>firefox -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>140.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764">
	<p>An attacker was able to bypass the `connect-src`
	  directive of a Content Security Policy by manipulating
	  subdocuments.  This would have also hidden the connections
	  from the Network tab in Devtools.</p>
	<p>When Multi-Account Containers was enabled, DNS requests
	could have bypassed a SOCKS proxy when the domain name was
	invalid or the SOCKS proxy was not responding.</p>
	<p>If a user visited a webpage with an invalid TLS
	certificate, and granted an exception, the webpage was able to
	provide a WebAuthn challenge that the user would be prompted
	to complete.  This is in violation of the WebAuthN spec which
	requires &quot;a secure transport established without
	errors&quot;.</p>
	<p>The exception page for the HTTPS-Only feature, displayed
	when a website is opened via HTTP, lacked an anti-clickjacking
	delay, potentially allowing an attacker to trick a user into
	granting an exception and loading a webpage over HTTP.</p>
	<p>If a user saved a response from the Network tab in Devtools
	using the Save As context menu option, that file may not have
	been saved with the `.download` file extension.
	This could have led to the user inadvertently running a
	malicious executable.</p>
	<p>Memory safety bugs present in Firefox 139 and Thunderbird
	139. Some of these bugs showed evidence of memory corruption
	and we presume that with enough effort some of these could
	have been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6427</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6427</url>
      <cvename>CVE-2025-6432</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6432</url>
      <cvename>CVE-2025-6433</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6433</url>
      <cvename>CVE-2025-6434</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6434</url>
      <cvename>CVE-2025-6435</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6435</url>
      <cvename>CVE-2025-6436</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6436</url>
    </references>
    <dates>
      <discovery>2025-06-24</discovery>
      <entry>2025-07-04</entry>
    </dates>
  </vuln>

  <vuln vid="9bad6f79-58cf-11f0-b4ad-b42e991fc52e">
    <topic>firefox -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>128.12.0,2</lt></range>
	<range><lt>140.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971140">
	<p>Firefox could have incorrectly parsed a URL and rewritten
	it to the youtube.com domain when parsing the URL specified
	in an `embed` tag. This could have bypassed website security
	checks that restricted which domains users were allowed to
	embed.</p>
	<p>When a file download is specified via the
	`Content-Disposition` header, that directive would be ignored
	if the file was included via a `&amp;lt;embed&amp;gt;` or
	`&amp;lt;object&amp;gt;` tag, potentially making a website
	vulnerable to a cross-site scripting attack.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6429</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6429</url>
      <cvename>CVE-2025-6430</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6430</url>
    </references>
    <dates>
      <discovery>2025-06-24</discovery>
      <entry>2025-07-04</entry>
    </dates>
  </vuln>

  <vuln vid="9320590b-58cf-11f0-b4ad-b42e991fc52e">
    <topic>Mozilla -- persistent UUID that identifies browser</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>140.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.25.0</lt></range>
	<range><lt>128.12</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>140.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.12</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1717672">
	  <p>An attacker who enumerated resources from the WebCompat extension
	could have obtained a persistent UUID that identified the browser,
	and persisted between containers and normal/private browsing mode,
	but not profiles.  This vulnerability affects Firefox &lt; 140,
	Firefox ESR &lt; 115.25, Firefox ESR &lt; 128.12, Thunderbird &lt;
	140, and Thunderbird &lt; 128.12.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6425</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6425</url>
    </references>
    <dates>
      <discovery>2025-06-24</discovery>
      <entry>2025-07-04</entry>
    </dates>
  </vuln>

  <vuln vid="d607b12c-5821-11f0-ab92-f02f7497ecda">
    <topic>php -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>php81</name>
	<range><lt>8.1.33</lt></range>
      </package>
      <package>
	<name>php82</name>
	<range><lt>8.2.29</lt></range>
      </package>
      <package>
	<name>php83</name>
	<range><lt>8.3.23</lt></range>
      </package>
      <package>
	<name>php84</name>
	<range><lt>8.4.10</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>php.net reports:</p>
    <blockquote cite="https://www.php.net/ChangeLog-8.php">
    <ul>
      <li>
      CVE-2025-1735: pgsql extension does not check for errors during escaping
      </li>
      <li>
      CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
      </li>
      <li>
      CVE-2025-1220: Null byte termination in hostnames
      </li>
    </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1735</cvename>
      <cvename>CVE-2025-6491</cvename>
      <cvename>CVE-2025-1220</cvename>
    </references>
    <dates>
      <discovery>2025-02-27</discovery>
      <entry>2025-07-03</entry>
    </dates>
  </vuln>

  <vuln vid="bab7386a-582f-11f0-97d0-b42e991fc52e">
    <topic>Mozilla -- exploitable crash</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>140.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.25.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>140.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1966423">
	  <p>A use-after-free in FontFaceSet resulted in a potentially
	  exploitable crash.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6424</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6424</url>
    </references>
    <dates>
      <discovery>2025-06-24</discovery>
      <entry>2025-07-03</entry>
    </dates>
  </vuln>

  <vuln vid="5c777f88-40ff-4e1e-884b-ad63dfb9bb15">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>138.0.7204.96</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>138.0.7204.96</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html">
	 <p>This update includes 1 security fix:</p>
	 <ul>
	    <li>[427663123] High CVE-2025-6554: Type Confusion in V8.</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-6554</cvename>
      <url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html</url>
    </references>
    <dates>
      <discovery>2025-06-30</discovery>
      <entry>2025-07-02</entry>
    </dates>
  </vuln>

  <vuln vid="9c91e1f8-f255-4b57-babe-2e385558f1dc">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>138.0.7204.49</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>138.0.7204.49</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html">
	 <p>This update includes 11 security fixes:</p>
	 <ul>
	    <li>[407328533] Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane (rebane2001) on 2025-03-30</li>
	    <li>[40062462] Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02</li>
	    <li>[406631048] Low CVE-2025-6557: Insufficient data validation in DevTools. Reported by Ameen Basha M K on 2025-03-27</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-6555</cvename>
      <cvename>CVE-2025-6556</cvename>
      <cvename>CVE-2025-6557</cvename>
      <url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html</url>
    </references>
    <dates>
      <discovery>2025-06-24</discovery>
      <entry>2025-07-02</entry>
    </dates>
  </vuln>

  <vuln vid="24f4b495-56a1-11f0-9621-93abbef07693">
    <topic>sudo -- privilege escalation vulnerability through host and chroot options</topic>
    <affects>
      <package>
	<name>sudo</name>
	<range><lt>1.9.17p1</lt></range>
      </package>
      <package>
	<name>sudo-sssd</name>
	<range><lt>1.9.17p1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit (CRU):</p>
	<blockquote cite="https://www.sudo.ws/releases/stable/">
	  <p>Sudo 1.9.17p1:</p>
	  <ul>
	    <li>
	      Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
	      when running a command or editing a file. This could enable a
	      local privilege escalation attack if the sudoers file allows the
	      user to run commands on a different host. For more information,
	      see Local Privilege Escalation via host option.
	    </li>
	    <li>
	      Fixed CVE-2025-32463. An attacker can leverage sudo's -R
	      (--chroot) option to run arbitrary commands as root, even if they
	      are not listed in the sudoers file. The chroot support has been
	      deprecated an will be removed entirely in a future release. For
	      more information, see Local Privilege Escalation via chroot
	      option.
	    </li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-32462</cvename>
      <cvename>CVE-2025-32463</cvename>
      <url>https://www.sudo.ws/releases/stable/</url>
      <url>https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host</url>
      <url>https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-07-01</entry>
    </dates>
  </vuln>

  <vuln vid="8df49466-5664-11f0-943a-18c04d5ea3dc">
    <topic>xorg server -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.18,1</lt></range>
      </package>
      <package>
	<name>xorg-nextserver</name>
	<range><lt>21.1.18,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>24.1.8,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html">
	  <ul>
	    <li>
	      CVE-2025-49176: Integer overflow in Big Requests Extension
	      <p>The Big Requests extension allows requests larger than the 16-bit length
	      limit.
	      It uses integers for the request length and checks for the size not to
	      exceed the maxBigRequestSize limit, but does so after translating the
	      length to integer by multiplying the given size in bytes by 4.
	      In doing so, it might overflow the integer size limit before actually
	      checking for the overflow, defeating the purpose of the test.</p>
	    </li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-49176</cvename>
      <url>https://lists.x.org/archives/xorg/2025-June/062055.html</url>
    </references>
    <dates>
      <discovery>2025-06-17</discovery>
      <entry>2025-07-01</entry>
    </dates>
  </vuln>

  <vuln vid="b14cabf7-5663-11f0-943a-18c04d5ea3dc">
    <topic>xorg server -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.17,1</lt></range>
      </package>
      <package>
	<name>xorg-nextserver</name>
	<range><lt>21.1.17,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>24.1.7,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html">
	  <ul>
	    <li>
	      CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors)
	      <p>The X Rendering extension allows creating animated cursors providing a
	      list of cursors.
	      By default, the Xserver assumes at least one cursor is provided while a
	      client may actually pass no cursor at all, which causes an out-of-bound
	      read creating the animated cursor and a crash of the Xserver.</p>
	    </li>
	    <li>
	      CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode)

	      <p>The handler of XFixesSetClientDisconnectMode does not check the client
	      request length.
	      A client could send a shorter request and read data from a former
	      request.</p>
	    </li>
	    <li>
	      CVE-2025-49178: Unprocessed client request via bytes to ignore

	      <p>When reading requests from the clients, the input buffer might be shared
	      and used between different clients.
	      If a given client sends a full request with non-zero bytes to ignore,
	      the bytes to ignore may still be non-zero even though the request is
	      full, in which case the buffer could be shared with another client who's
	      request will not be processed because of those bytes to ignore, leading
	      to a possible hang of the other client request.</p>
	    </li>
	    <li>
	      CVE-2025-49179: Integer overflow in X Record extension

	      <p>The RecordSanityCheckRegisterClients() function in the X Record extension
	      implementation of the Xserver checks for the request length, but does not
	      check for integer overflow.
	      A client might send a very large value for either the number of clients
	      or the number of protocol ranges that will cause an integer overflow in
	      the request length computation, defeating the check for request length.</p>
	    </li>
	    <li>
	      CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty)

	      <p>A client might send a request causing an integer overflow when computing
	      the total size to allocate in RRChangeProviderProperty().</p>
	    </li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-49175</cvename>
      <cvename>CVE-2025-49177</cvename>
      <cvename>CVE-2025-49178</cvename>
      <cvename>CVE-2025-49179</cvename>
      <cvename>CVE-2025-49180</cvename>
      <url>https://lists.x.org/archives/xorg/2025-June/062055.html</url>
    </references>
    <dates>
      <discovery>2025-06-17</discovery>
      <entry>2025-07-01</entry>
    </dates>
  </vuln>

  <vuln vid="6b1b8989-55b0-11f0-ac64-589cfc10a551">
    <topic>podman -- TLS connection used to pull VM images was not validated</topic>
    <affects>
      <package>
	<name>podman</name>
	<range><lt>5.5.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>RedHat, Inc. reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6032">
	  <p>A flaw was found in Podman.  The podman machine init command fails to verify the TLS
	  certificate when downloading the VM images from an OCI registry.  This issue results
	  in a Man In The Middle attack.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6032</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6032</url>
    </references>
    <dates>
      <discovery>2025-06-30</discovery>
      <entry>2025-06-30</entry>
    </dates>
  </vuln>

  <vuln vid="5e64770c-52aa-11f0-b522-b42e991fc52e">
    <topic>MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior</topic>
    <affects>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.21</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.17</lt></range>
      </package>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-106746">
	  <p>An authenticated user may trigger a use after free that may result
	in MongoDB Server crash and other unexpected behavior, even if the
	user does not have authorization to shut down a server.  The crash
	is triggered on affected versions by issuing an aggregation framework
	operation using a specific combination of rarely-used aggregation
	pipeline expressions.  This issue affects MongoDB Server v6.0 version
	prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and
	MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is
	enabled.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6706</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6706</url>
    </references>
    <dates>
      <discovery>2025-06-26</discovery>
      <entry>2025-06-26</entry>
    </dates>
  </vuln>

  <vuln vid="5cd2bd2b-52aa-11f0-b522-b42e991fc52e">
    <topic>MongoDB -- Race condition in privilege cache invalidation cycle</topic>
    <affects>
      <package>
	<name>mongodb50</name>
	<range><lt>5.0.31</lt></range>
      </package>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.24</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.21</lt></range>
      </package>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6707">
	  <p>Under certain conditions, an authenticated user request
	    may execute with stale privileges following an intentional
	    change by an authorized administrator.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6707</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6707</url>
    </references>
    <dates>
      <discovery>2025-06-26</discovery>
      <entry>2025-06-26</entry>
    </dates>
  </vuln>

  <vuln vid="5b87eef6-52aa-11f0-b522-b42e991fc52e">
    <topic>MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server&apos;s OIDC Authentication</topic>
    <affects>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.21</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.17</lt></range>
      </package>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6709">
	  <p>The MongoDB Server is susceptible to a denial of service
	    vulnerability due to improper handling of specific date
	    values in JSON input when using OIDC authentication.
	    This can be reproduced using the mongo shell to send a
	    malicious JSON payload leading to an invariant failure
	    and server crash. </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6709</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6709</url>
    </references>
    <dates>
      <discovery>2025-06-26</discovery>
      <entry>2025-06-26</entry>
    </dates>
  </vuln>

  <vuln vid="59ed4b19-52aa-11f0-b522-b42e991fc52e">
    <topic>MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB</topic>
    <affects>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.17</lt></range>
      </package>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-106749">
	  <p>MongoDB Server may be susceptible to stack overflow due to JSON
	parsing mechanism, where specifically crafted JSON inputs may induce
	unwarranted levels of recursion, resulting in excessive stack space
	consumption.  Such inputs can lead to a stack overflow that causes
	the server to crash which could occur pre-authorisation.  This issue
	affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB
	Server v8.0 versions prior to 8.0.5.
	The same issue affects MongoDB Server v6.0 versions prior to 6.0.21,
	but an attacker can only induce denial of service after authenticating.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-6710</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6710</url>
    </references>
    <dates>
      <discovery>2025-06-26</discovery>
      <entry>2025-06-26</entry>
    </dates>
  </vuln>

  <vuln vid="e26608ff-5266-11f0-b522-b42e991fc52e">
    <topic>kanboard -- Password Reset Poisoning via Host Header Injection</topic>
    <affects>
      <package>
	<name>kanboard</name>
	<range><lt>1.2.45</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>GitHub Security Advisories reports:</p>
	<blockquote cite="null">
	<p>
	Kanboard allows password reset emails to be sent with URLs
	derived from the unvalidated Host header when the
	application_url configuration is unset (default behavior).
	This allows an attacker to craft a malicious password
	reset link that leaks the token to an attacker-controlled
	domain. If a victim (including an administrator) clicks
	the poisoned link, their account can be taken over. This
	affects all users who initiate a password reset while
	application_url is not set.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-52560</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52560</url>
    </references>
    <dates>
      <discovery>2025-06-26</discovery>
      <entry>2025-06-26</entry>
    </dates>
  </vuln>

  <vuln vid="d45dabd9-5232-11f0-9ca4-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>18.1.0</ge><lt>18.1.1</lt></range>
	<range><ge>18.0.0</ge><lt>18.0.3</lt></range>
	<range><ge>16.10.0</ge><lt>17.11.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/">
	  <p>Denial of Service impacts GitLab CE/EE</p>
	  <p>Missing Authentication issue impacts GitLab CE/EE</p>
	  <p>Improper access control issue impacts GitLab CE/EE</p>
	  <p>Elevation of Privilege impacts GitLab CE/EE</p>
	  <p>Improper access control issue impacts GitLab EE</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3279</cvename>
      <cvename>CVE-2025-1754</cvename>
      <cvename>CVE-2025-5315</cvename>
      <cvename>CVE-2025-2938</cvename>
      <cvename>CVE-2025-5846</cvename>
      <url>https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/</url>
    </references>
    <dates>
      <discovery>2025-06-25</discovery>
      <entry>2025-06-26</entry>
    </dates>
  </vuln>

  <vuln vid="03ba1cdd-4faf-11f0-af06-00a098b42aeb">
    <topic>cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability</topic>
    <affects>
      <package>
	<name>openh264</name>
	<range><lt>2.5.1,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cisco reports:</p>
	<blockquote cite="https://github.com/cisco/openh264/releases/tag/2.5.1">
	  <p>A vulnerability in the decoding functions
	of OpenH264 codec library could allow a remote, unauthenticated
	attacker to trigger a heap overflow.  This vulnerability is due to
	a race condition between a Sequence Parameter Set (SPS) memory
	allocation and a subsequent non Instantaneous Decoder Refresh
	(non-IDR) Network Abstraction Layer (NAL) unit memory usage.  An
	attacker could exploit this vulnerability by crafting a malicious
	bitstream and tricking a victim user into processing an arbitrary
	video containing the malicious bistream.  An exploit could allow
	the attacker to cause an unexpected crash in the victim's user
	decoding client and, possibly, perform arbitrary commands on the
	victim's host by abusing the heap overflow.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27091</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27091</url>
    </references>
    <dates>
      <discovery>2025-02-20</discovery>
      <entry>2025-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="6c6c1507-4da5-11f0-afcc-f02f7432cf97">
    <topic>clamav -- ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><ge>1.2.0,1</ge><lt>1.4.3,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cisco reports:</p>
	<blockquote cite="https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html">
	  <p>A vulnerability in Universal Disk Format (UDF) processing of ClamAV
	could allow an unauthenticated, remote attacker to cause a denial
	of service (DoS) condition on an affected device.

	This vulnerability is due to a memory overread during UDF file
	scanning.  An attacker could exploit this vulnerability by submitting
	a crafted file containing UDF content to be scanned by ClamAV on
	an affected device.  A successful exploit could allow the attacker
	to terminate the ClamAV scanning process, resulting in a DoS condition
	on the affected software.  For a description of this vulnerability,
	see the .</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-20234</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-20234</url>
    </references>
    <dates>
      <discovery>2025-06-18</discovery>
      <entry>2025-06-20</entry>
    </dates>
  </vuln>

  <vuln vid="3dcc0812-4da5-11f0-afcc-f02f7432cf97">
    <topic>clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>1.4.3,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cisco reports:</p>
	<blockquote cite="https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html">
	  <p>A vulnerability in the PDF scanning processes of ClamAV could allow
	an unauthenticated, remote attacker to cause a buffer overflow
	condition, cause a denial of service (DoS) condition, or execute
	arbitrary code on an affected device.

	This vulnerability exists because memory buffers are allocated
	incorrectly when PDF files are processed.  An attacker could exploit
	this vulnerability by submitting a crafted PDF file to be scanned
	by ClamAV on an affected device.  A successful exploit could allow
	the attacker to trigger a buffer overflow, likely resulting in the
	termination of the ClamAV scanning process and a DoS condition on
	the affected software.  Although unproven, there is also a possibility
	that an attacker could leverage the buffer overflow to execute
	arbitrary code with the privileges of the ClamAV process.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-20260</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-20260</url>
    </references>
    <dates>
      <discovery>2025-06-18</discovery>
      <entry>2025-06-20</entry>
    </dates>
  </vuln>

  <vuln vid="333b4663-4cde-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>137.0.7151.119</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>137.0.7151.119</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html">
	 <p>This update includes 3 security fixes:</p>
	 <ul>
	    <li>[420697404] High CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27</li>
	    <li>[421471016] High CVE-2025-6192: Use after free in Profiler. Reported by Chaoyuan Peng (@ret2happy) on 2025-05-31</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-6191</cvename>
      <cvename>CVE-2025-6192</cvename>
      <url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html</url>
    </references>
    <dates>
      <discovery>2025-06-17</discovery>
      <entry>2025-06-19</entry>
    </dates>
  </vuln>

  <vuln vid="fc2d2fb8-4c83-11f0-8deb-f8f21e52f724">
    <topic>Navidrome -- SQL Injection via role parameter</topic>
    <affects>
      <package>
	<name>navidrome</name>
	<range><gt>0.55.0</gt><lt>0.56.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Deluan reports:</p>
	<blockquote cite="https://github.com/navidrome/navidrome/security/advisories/GHSA-5wgp-vjxm-3x2r">
	  <p>This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-48949</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-48949</url>
    </references>
    <dates>
      <discovery>2025-05-29</discovery>
      <entry>2025-06-18</entry>
    </dates>
  </vuln>

  <vuln vid="6548cb01-4c33-11f0-8a97-6c3be5272acd">
    <topic>Grafana -- DingDing contact points exposed in Grafana Alerting</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>10.4.19+security-01</lt></range>
	<range><ge>11.0.0</ge><lt>11.2.10+security-01</lt></range>
	<range><ge>11.3.0</ge><lt>11.3.7+security-01</lt></range>
	<range><ge>11.4.0</ge><lt>11.4.5+security-01</lt></range>
	<range><ge>11.5.0</ge><lt>11.5.5+security-01</lt></range>
	<range><ge>11.6.0</ge><lt>11.6.2+security-01</lt></range>
	<range><ge>12.0.0</ge><lt>12.0.1+security-01</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/">
	  <p>An incident occurred where the DingDing alerting integration URL
	  was inadvertently exposed to viewers due to a setting oversight,
	  which we learned about through a <a href="https://grafana.com/blog/2023/05/04/introducing-the-grafana-labs-bug-bounty-program/">bug bounty report</a>.</p>
	  <p>The CVSS 3.0 score for this vulnerability is 4.3 (Medium).</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3415</cvename>
      <url>https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/</url>
    </references>
    <dates>
      <discovery>2025-04-05</discovery>
      <entry>2025-06-18</entry>
    </dates>
  </vuln>

  <vuln vid="ee046f5d-37a8-11f0-baaa-6c3be5272acd">
    <topic>Grafana -- User deletion issue</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>5.4.0</ge><lt>10.4.18+security-01</lt></range>
	<range><ge>11.0.0</ge><lt>11.2.9+security-01</lt></range>
	<range><ge>11.3.0</ge><lt>11.3.6+security-01</lt></range>
	<range><ge>11.4.0</ge><lt>11.4.4+security-01</lt></range>
	<range><ge>11.5.0</ge><lt>11.5.4+security-01</lt></range>
	<range><ge>11.6.0</ge><lt>11.6.1+security-01</lt></range>
	<range><ge>12.0.0</ge><lt>12.0.0+security-01</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/">
	  <p>On April 15, we discovered a vulnerability that stems from the user
	  deletion logic associated with organization administrators.
	  An organization admin could remove any user from the specific
	  organization they manage. Additionally, they have the power to delete
	  users entirely from the system if they have no other org membership.
	  This leads to two situations:</p>
	  <ol>
	    <li>They can delete a server admin if the organization
	    the Organization Admin manages is the server admin’s final
	    organizational membership.</li>
	    <li>They can delete any user (regardless of whether they are a server
	    admin or not) if that user currently belongs to no organizations.</li>
	  </ol>
	  <p>These two situations allow an organization manager to disrupt
	  instance-wide activity by continually deleting server administrators
	  if there is only one organization or if the server administrators are
	  not part of any organization.</p>
	  <p>The CVSS score for this vulnerability is 5.5 Medium.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3580</cvename>
      <url>https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/</url>
    </references>
    <dates>
      <discovery>2025-04-15</discovery>
      <entry>2025-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="b704d4b8-4b87-11f0-9605-b42e991fc52e">
    <topic>Firefox -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>139.0.4,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1970095">
	  <p>CVE-2025-49709: Certain canvas operations could have lead
	  to memory corruption.</p>
	  <p>CVE-2025-49710: An integer overflow was present in
	  `OrderedHashTable` used by the JavaScript engine.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-49709</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-49709</url>
      <cvename>CVE-2025-49710</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-49710</url>
    </references>
    <dates>
      <discovery>2025-06-11</discovery>
      <entry>2025-06-17</entry>
    </dates>
  </vuln>

  <vuln vid="e3d6d485-c93c-4ada-90b3-09f1c454fb8a">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>137.0.7151.103</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>137.0.7151.103</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[$8000][420150619] High CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25</li>
	    <li>[NA][422313191] High CVE-2025-5959: Type Confusion in V8. Reported by Seunghyun Lee as part of TyphoonPWN 2025 on 2025-06-04</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-5958</cvename>
      <cvename>CVE-2025-5959</cvename>
      <url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html</url>
    </references>
    <dates>
      <discovery>2025-06-10</discovery>
      <entry>2025-06-17</entry>
    </dates>
  </vuln>

  <vuln vid="4323e86c-2422-4fd7-8c8f-ec71c81ea7dd">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>137.0.7151.68</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>137.0.7151.68</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html">
	 <p>This update includes 3 security fixes:</p>
	 <ul>
	    <li>[420636529] High CVE-2025-5419: Out of bounds read and write in V8. Reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28 by a configuration change pushed out to Stable across all Chrome platforms.</li>
	    <li>[409059706] Medium CVE-2025-5068: Use after free in Blink. Reported by Walkman on 2025-04-07</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-5419</cvename>
      <cvename>CVE-2025-5068</cvename>
      <url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2025-06-02</discovery>
      <entry>2025-06-17</entry>
    </dates>
  </vuln>

  <vuln vid="201cccc1-4a01-11f0-b0f8-b42e991fc52e">
    <topic>Mozilla -- control access bypass</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.10</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1917536">
	  <p>Thunderbird&apos;s update mechanism allowed a medium-integrity user
	process to interfere with the SYSTEM-level updater by manipulating
	the file-locking behavior.  By injecting code into the user-privileged
	process, an attacker could bypass intended access controls, allowing
	SYSTEM-level file operations on paths controlled by a non-privileged
	user and enabling privilege escalation.  This vulnerability affects
	Firefox &lt; 138, Firefox ESR &lt; 128.10, Firefox ESR &lt; 115.23,
	Thunderbird &lt; 138, and Thunderbird &lt; 128.10.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2817</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-2817</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-06-15</entry>
    </dates>
  </vuln>

  <vuln vid="805ad2e0-49da-11f0-87e8-bcaec55be5e5">
    <topic>webmin -- CGI Command Injection Remote Code Execution</topic>
    <affects>
      <package>
	<name>webmin</name>
	<range><le>2.105</le></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Webmin reports:</p>
	<blockquote cite="https://webmin.com/security/">
	  <p>A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12828</cvename>
      <url>https://webmin.com/security/</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-12828</url>
    </references>
    <dates>
      <discovery>2024-12-30</discovery>
      <entry>2025-06-15</entry>
    </dates>
  </vuln>

  <vuln vid="9449f018-84a3-490d-959f-38c05fbc77a7">
    <topic>Yelp -- arbitrary file read</topic>
    <affects>
      <package>
	<name>yelp-xsl</name>
	<range><lt>42.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>secalert@redhat.com reports:</p>
	<blockquote cite="https://access.redhat.com/errata/RHSA-2025:4450">
	  <p>A flaw was found in Yelp.  The Gnome user help application allows
	the help document to execute arbitrary scripts.  This vulnerability
	allows malicious users to input help documents, which may exfiltrate
	user files to an external environment.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3155</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3155</url>
    </references>
    <dates>
      <discovery>2025-04-03</discovery>
      <entry>2025-06-14</entry>
    </dates>
  </vuln>

  <vuln vid="0e200a73-289a-489e-b405-40b997911036">
    <topic>Yelp -- arbitrary file read</topic>
    <affects>
      <package>
	<name>yelp</name>
	<range><lt>42.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>secalert@redhat.com reports:</p>
	<blockquote cite="https://access.redhat.com/errata/RHSA-2025:4450">
	  <p>A flaw was found in Yelp.  The Gnome user help application allows
	the help document to execute arbitrary scripts.  This vulnerability
	allows malicious users to input help documents, which may exfiltrate
	user files to an external environment.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3155</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3155</url>
    </references>
    <dates>
      <discovery>2025-04-03</discovery>
      <entry>2025-06-14</entry>
    </dates>
  </vuln>

  <vuln vid="ae028662-475e-11f0-9ca4-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>18.0.0</ge><lt>18.0.2</lt></range>
	<range><ge>17.11.0</ge><lt>17.11.4</lt></range>
	<range><ge>2.1.0</ge><lt>17.10.8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/">
	  <p>HTML injection impacts GitLab CE/EE</p>
	  <p>Cross-site scripting issue impacts GitLab CE/EE</p>
	  <p>Missing authorization issue impacts GitLab Ultimate EE</p>
	  <p>Denial of Service impacts GitLab CE/EE</p>
	  <p>Denial of Service via unbounded Webhook token names impacts GitLab CE/EE</p>
	  <p>Denial of Service via unbounded Board Names impacts GitLab CE/EE</p>
	  <p>Information disclosure issue impacts GitLab CE/EE</p>
	  <p>Denial of Service (DoS) via uncontrolled HTTP Response Processing impacts GitLab CE/EE</p>
	  <p>Information disclosure via authorization bypass impacts GitLab CE/EE</p>
	  <p>Sensitive information disclosure via Group IP restriction bypass</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4278</cvename>
      <cvename>CVE-2025-2254</cvename>
      <cvename>CVE-2025-5121</cvename>
      <cvename>CVE-2025-0673</cvename>
      <cvename>CVE-2025-1516</cvename>
      <cvename>CVE-2025-1478</cvename>
      <cvename>CVE-2024-9512</cvename>
      <cvename>CVE-2025-5996</cvename>
      <cvename>CVE-2025-5195</cvename>
      <cvename>CVE-2025-5982</cvename>
      <url>https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/</url>
    </references>
    <dates>
      <discovery>2025-06-11</discovery>
      <entry>2025-06-12</entry>
    </dates>
  </vuln>

  <vuln vid="2a220a73-4759-11f0-a44a-6cc21735f730">
    <topic>PostgreSQL JDBC library -- Improper Authentication</topic>
    <affects>
      <package>
	<name>postgresql-jdbc</name>
	<range><lt>42.7.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL JDBC Driver project reports:</p>
	<blockquote cite="https://jdbc.postgresql.org/changelogs/2025-06-11-42">
	<p>
	Client Allows Fallback to Insecure Authentication Despite
	channelBinding=require configuration. Fix channel binding
	required handling to reject non-SASL authentication Previously,
	when channel binding was set to "require", the driver
	would silently ignore this requirement for non-SASL
	authentication methods. This could lead to a false sense of
	security when channel binding was explicitly requested but not
	actually enforced. The fix ensures that when channel binding is
	set to "require", the driver will reject connections that use
	non-SASL authentication methods or when SASL authentication has
	not completed properly.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-49146</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-49146</url>
    </references>
    <dates>
      <discovery>2025-06-12</discovery>
      <entry>2025-06-12</entry>
    </dates>
  </vuln>

  <vuln vid="fa1d42c8-42fe-11f0-a9fa-b42e991fc52e">
    <topic>ModSecurity -- possible DoS vulnerability</topic>
    <affects>
      <package>
	<name>ap24-mod_security</name>
	<range><lt>2.9.10</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e">
	<p>
		ModSecurity is an open source, cross platform web
		application firewall (WAF) engine for Apache, IIS
		and Nginx. Versions prior to 2.9.10 contain a denial of
		service vulnerability similar to
		GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg`
		(and `sanitizeArg` - this is the same action but an
		alias) is vulnerable to adding an excessive number
		of arguments, thereby leading to denial of service.
		Version 2.9.10 fixes the issue. As a workaround, avoid
		using rules that contain the `sanitiseArg` (or
		`sanitizeArg`) action.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-48866</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-48866</url>
    </references>
    <dates>
      <discovery>2025-06-02</discovery>
      <entry>2025-06-06</entry>
    </dates>
  </vuln>

  <vuln vid="ecea70d2-42fe-11f0-a9fa-b42e991fc52e">
    <topic>ModSecurity -- possible DoS vulnerability</topic>
    <affects>
      <package>
	<name>ap24-mod_security</name>
	<range><lt>2.9.8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/pull/3389">
	  <p>ModSecurity is an open source, cross platform web
	  application firewall (WAF) engine for Apache, IIS and Nginx.
	  Versions up to and including 2.9.8 are vulnerable to denial
	  of service in one special case (in stable released versions):
	  when the payload&apos;s content type is `application/json`,
	  and there is at least one rule which does a
	  `sanitiseMatchedBytes` action.  A patch is available at
	  pull request 3389 and expected to be part of version 2.9.9.
	  No known workarounds are available.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-47947</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-47947</url>
    </references>
    <dates>
      <discovery>2025-05-21</discovery>
      <entry>2025-06-06</entry>
    </dates>
  </vuln>

  <vuln vid="63268efe-4222-11f0-976e-b42e991fc52e">
    <topic>Mozilla -- clickjacking vulnerability</topic>
    <affects>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.11.0</lt></range>
      </package>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1954137">
	  <p>A clickjacking vulnerability could have been used to trick a user
	into leaking saved payment card details to a malicious page.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5267</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5267</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-06-05</entry>
    </dates>
  </vuln>

  <vuln vid="61be5684-4222-11f0-976e-b42e991fc52e">
    <topic>Mozilla -- XS-leak attack</topic>
    <affects>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.11.0</lt></range>
      </package>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1965628">
	  <p>Script elements loading cross-origin resources generated load and
	error events which leaked information enabling XS-Leaks attacks.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5266</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5266</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-06-05</entry>
    </dates>
  </vuln>

  <vuln vid="5ec0b4e5-4222-11f0-976e-b42e991fc52e">
    <topic>Mozilla -- local code execution</topic>
    <affects>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.24.0</lt></range>
      </package>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1950001">
	  <p>Due to insufficient escaping of the newline character in the Copy
	as cURL feature, an attacker could trick a user into using this
	command, potentially leading to local code execution on the user&apos;s
	system.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5264</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5264</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-06-05</entry>
    </dates>
  </vuln>

  <vuln vid="5d1e56dc-4222-11f0-976e-b42e991fc52e">
    <topic>Mozilla -- cross-origin leak attack</topic>
    <affects>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.24.0</lt></range>
      </package>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1960745">
	  <p>Error handling for script execution was incorrectly isolated from
	web content, which could have allowed cross-origin leak attacks.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5263</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5263</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-06-05</entry>
    </dates>
  </vuln>

  <vuln vid="5759c6e2-410a-11f0-a945-b42e991fc52e">
    <topic>Chrome -- Out of bounds read</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>137.0.7151.68</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>chrome-cve-admin@google.com reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html">
	  <p>Out of bounds read and write in V8 in Google Chrome prior
	  to 137.0.7151.68 allowed a remote attacker to potentially
	  exploit heap corruption via a crafted HTML page.
	  (Chromium security severity: High)</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5419</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5419</url>
    </references>
    <dates>
      <discovery>2025-06-03</discovery>
      <entry>2025-06-04</entry>
    </dates>
  </vuln>

  <vuln vid="8c94ae2a-06f5-4383-9a7f-1211cb0dd476">
    <topic>electron{34,35,36} -- Out of bounds read and write in V8</topic>
    <affects>
      <package>
	<name>electron34</name>
	<range><lt>34.5.8</lt></range>
      </package>
      <package>
	<name>electron35</name>
	<range><lt>35.5.1</lt></range>
      </package>
      <package>
	<name>electron36</name>
	<range><lt>36.4.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v35.5.1">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-5419.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5419</cvename>
      <url>https://github.com/advisories/GHSA-x828-wp24-7h9m</url>
    </references>
    <dates>
      <discovery>2025-06-04</discovery>
      <entry>2025-06-04</entry>
      <modified>2025-06-04</modified>
    </dates>
  </vuln>

  <vuln vid="0d6094a2-4095-11f0-8c92-00d861a0e66d">
    <topic>Post-Auth Remote Code Execution found in Roundcube Webmail</topic>
    <affects>
      <package>
	<name>roundcube-php81</name>
	<range><lt>1.6.11</lt></range>
      </package>
      <package>
	<name>roundcube-php82</name>
	<range><lt>1.6.11</lt></range>
      </package>
      <package>
	<name>roundcube-php83</name>
	<range><lt>1.6.11</lt></range>
      </package>
      <package>
	<name>roundcube-php84</name>
	<range><lt>1.6.11</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Roundcube Webmail reports:</p>
	<blockquote cite="https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10">
	  <p>Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-49113</cvename>
      <url>https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10</url>
    </references>
    <dates>
      <discovery>2025-06-01</discovery>
      <entry>2025-06-03</entry>
    </dates>
  </vuln>

  <vuln vid="dc99c67a-3fc9-11f0-a39d-b42e991fc52e">
    <topic>Gimp -- GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability</topic>
    <affects>
      <package>
	<name>gimp</name>
	<range><lt>3.0.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>zdi-disclosures@trendmicro.com reports:</p>
	<blockquote cite="https://www.zerodayinitiative.com/advisories/ZDI-25-204/">
	  <p>GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution
	Vulnerability.  This vulnerability allows remote attackers to execute
	arbitrary code on affected installations of GIMP.  User interaction
	is required to exploit this vulnerability in that the target must
	visit a malicious page or open a malicious file.
	The specific flaw exists within the parsing of FLI files.  The issue
	results from the lack of proper validation of user-supplied data,
	which can result in a write past the end of an allocated buffer.
	An attacker can leverage this vulnerability to execute code in the
	context of the current process.  Was ZDI-CAN-25100.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2761</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-2761</url>
    </references>
    <dates>
      <discovery>2025-04-23</discovery>
      <entry>2025-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="da0a4374-3fc9-11f0-a39d-b42e991fc52e">
    <topic>Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability</topic>
    <affects>
      <package>
	<name>gimp</name>
	<range><lt>3.0.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>zdi-disclosures@trendmicro.com reports:</p>
	<blockquote cite="https://www.zerodayinitiative.com/advisories/ZDI-25-203/">
	  <p>GIMP XWD File Parsing Integer Overflow Remote Code Execution
	Vulnerability.  This vulnerability allows remote attackers to execute
	arbitrary code on affected installations of GIMP.  User interaction
	is required to exploit this vulnerability in that the target must
	visit a malicious page or open a malicious file.
	The specific flaw exists within the parsing of XWD files.  The issue
	results from the lack of proper validation of user-supplied data,
	which can result in an integer overflow before allocating a buffer.
	An attacker can leverage this vulnerability to execute code in the
	context of the current process.  Was ZDI-CAN-25082.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2760</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-2760</url>
    </references>
    <dates>
      <discovery>2025-04-23</discovery>
      <entry>2025-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="533b4470-3f25-11f0-b440-f02f7432cf97">
    <topic>curl -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><ge>8.5.0</ge><lt>8.14.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>curl security team reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <p>CVE-2025-5025: No QUIC certificate pinning with wolfSSL</p>
	  <p>CVE-2025-4947: QUIC certificate check skip with wolfSSL</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-5025</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5025</url>
      <cvename>CVE-2025-4947</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4947</url>
    </references>
    <dates>
      <discovery>2025-05-28</discovery>
      <entry>2025-06-01</entry>
    </dates>
  </vuln>

  <vuln vid="2926c487-3e53-11f0-95d4-00a098b42aeb">
    <topic>libxml2 -- Out-of-bounds memory access</topic>
    <affects>
      <package>
	<name>py39-libxml2</name>
	<name>py310-libxml2</name>
	<name>py311-libxml2</name>
	<name>py312-libxml2</name>
	<range><lt>2.11.9_3</lt></range>
	<range><ge>2.12.0</ge><lt>2.13.8</lt></range>
	<range><ge>2.14.0</ge><lt>2.14.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://gitlab.gnome.org/GNOME/libxml2/-/issues/889">
	  <p>In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds
	memory access can occur in the Python API (Python bindings) because
	of an incorrect return value.  This occurs in xmlPythonFileRead and
	xmlPythonFileReadRaw because of a difference between bytes and
	characters.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-32414</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-32414</url>
    </references>
    <dates>
      <discovery>2025-04-08</discovery>
      <entry>2025-05-31</entry>
    </dates>
  </vuln>

  <vuln vid="fdd02be0-3e50-11f0-95d4-00a098b42aeb">
    <topic>libxml2 -- Stack-based Buffer Overflow</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.11.9_1</lt></range>
	<range><ge>2.12.0</ge><lt>2.12.10</lt></range>
	<range><ge>2.13.0</ge><lt>2.13.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://gitlab.gnome.org/GNOME/libxml2/-/issues/847">
	  <p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based
	buffer overflow in xmlSnprintfElements in valid.c.  To exploit this,
	DTD validation must occur for an untrusted document or untrusted
	DTD.  NOTE: this is similar to CVE-2017-9047.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-24928</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-24928</url>
    </references>
    <dates>
      <discovery>2025-02-18</discovery>
      <entry>2025-05-31</entry>
    </dates>
  </vuln>

  <vuln vid="bd2af307-3e50-11f0-95d4-00a098b42aeb">
    <topic>libxml2 -- Use After Free</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.11.9_1</lt></range>
	<range><ge>2.12.0</ge><lt>2.12.10</lt></range>
	<range><ge>2.13.0</ge><lt>2.13.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://gitlab.gnome.org/GNOME/libxml2/-/issues/828">
	  <p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free
	in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in
	xmlschemas.c.  To exploit this, a crafted XML document must be
	validated against an XML schema with certain identity constraints,
	or a crafted XML schema must be used.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-56171</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-56171</url>
    </references>
    <dates>
      <discovery>2025-02-18</discovery>
      <entry>2025-05-31</entry>
    </dates>
  </vuln>

  <vuln vid="25acd603-3dde-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>137.0.7151.55</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>137.0.7151.55</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html">
	 <p>This update includes 11 security fixes:</p>
	 <ul>
	    <li>[411573532] High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18</li>
	    <li>[417169470] High CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car] on 2025-05-12</li>
	    <li>[40058068] Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer  on 2021-11-29</li>
	    <li>[40059071] Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. Reported by NDevTK on 2022-03-11</li>
	    <li>[356658477] Medium CVE-2025-5066: Inappropriate implementation in Messages. Reported by Mohit Raj (shadow2639)  on 2024-07-31</li>
	    <li>[417215501] Medium CVE-2025-5281: Inappropriate implementation in BFCache. Reported by Jesper van den Ende (Pelican Party Studios) on 2025-05-12</li>
	    <li>[419467315] Medium CVE-2025-5283: Use after free in libvpx. Reported by Mozilla on 2025-05-22</li>
	    <li>[40075024] Low CVE-2025-5067: Inappropriate implementation in Tab Strip. Reported by Khalil Zhani on 2023-10-17</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-5063</cvename>
      <cvename>CVE-2025-5280</cvename>
      <cvename>CVE-2025-5064</cvename>
      <cvename>CVE-2025-5065</cvename>
      <cvename>CVE-2025-5066</cvename>
      <cvename>CVE-2025-5281</cvename>
      <cvename>CVE-2025-5283</cvename>
      <cvename>CVE-2025-5067</cvename>
      <url>https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-31</entry>
    </dates>
  </vuln>

  <vuln vid="4864aec7-3d80-11f0-9a55-b42e991fc52e">
    <topic>Chrome -- Heap corruption exploitation</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>137.0.7151.55</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>chrome-cve-admin@google.com reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html">
	  <p>Use after free in Compositing in Google Chrome prior to
	  137.0.7151.55 allowed a remote attacker to potentially
	  exploit heap corruption via a crafted HTML page.
	  (Chromium security severity: High)</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5063</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5063</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="a6e1b7ee-3d7c-11f0-9a55-b42e991fc52e">
    <topic>Mozilla -- memory corruption</topic>
    <affects>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.11.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.11.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1924108">
	  <p>Memory safety bug present in Firefox ESR 128.10, and
	  Thunderbird 128.10.
	  This bug showed evidence of memory corruption and we presume
	  that with enough effort this could have been exploited to run
	  arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5269</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5269</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="a5b553e5-3d7c-11f0-9a55-b42e991fc52e">
    <topic>Mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.11</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.11</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634">
	  <p>Memory safety bugs present in Firefox 138, Thunderbird
	  138, Firefox ESR 128.10, and Thunderbird 128.10.
	  Some of these bugs showed evidence of memory corruption and
	  we presume that with enough effort some of these could have
	  been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5268</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5268</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="a470ac63-3d7c-11f0-9a55-b42e991fc52e">
    <topic>Firefox -- unencrypted SNI</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1910298">
	  <p>In certain cases, SNI could have been sent unencrypted
	  even when encrypted DNS was enabled.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5270</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5270</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="a3291f81-3d7c-11f0-9a55-b42e991fc52e">
    <topic>Firefox -- content injection attack</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1920348">
	  <p>Previewing a response in Devtools ignored CSP headers,
	  which could have allowed content injection attacks.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5271</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5271</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="a14dbea7-3d7c-11f0-9a55-b42e991fc52e">
    <topic>Mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>139.0,2</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>129.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1726254%2C1742738%2C1960121">
	  <p>Memory safety bugs present in Firefox 138 and Thunderbird
	  138. Some of these bugs showed evidence of memory corruption
	  and we presume that with enough effort some of these could
	  have been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-5272</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5272</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="a372abb0-3d3c-11f0-86e7-b42e991fc52e">
    <topic>ModSecurity -- Possible DoS Vulnerability</topic>
    <affects>
      <package>
	<name>ap24-mod_security</name>
	<range><lt>2.9.8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/owasp-modsecurity/ModSecurity/pull/3389">
	  <p>ModSecurity is an open source, cross platform web application
	firewall (WAF) engine for Apache, IIS and Nginx.  Versions up to
	and including 2.9.8 are vulnerable to denial of service in one
	special case (in stable released versions): when the payload&apos;s
	content type is `application/json`, and there is at least one rule
	which does a `sanitiseMatchedBytes` action.  A patch is available
	at pull request 3389 and expected to be part of version 2.9.9.  No
	known workarounds are available.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-47947</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-47947</url>
    </references>
    <dates>
      <discovery>2025-05-21</discovery>
      <entry>2025-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="67dd7a9e-3cd8-11f0-b601-5404a68ad561">
    <topic>traefik -- Path traversal vulnerability</topic>
    <affects>
      <package>
	<name>traefik</name>
	<range><lt>3.4.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The traefik project reports:</p>
	<blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5">
	  <p>There is a potential vulnerability in Traefik managing the requests
	  using a PathPrefix, Path or PathRegex matcher. When Traefik is configured
	  to route the requests to a backend using a matcher based on the path, if
	  the URL contains a URL encoded string in its path, it's possible to target
	  a backend, exposed using another router, by-passing the middlewares chain.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-47952</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-47952</url>
    </references>
    <dates>
      <discovery>2025-05-27</discovery>
      <entry>2025-05-29</entry>
    </dates>
  </vuln>

  <vuln vid="c36decbe-3c84-11f0-8d29-b42e991fc52e">
    <topic>glpi-project -- GLPI multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>glpi</name>
	<range><lt>10.0.18</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.18">
	<p>
	  CVE-2024-11955: A vulnerability was found in GLPI up to
	  10.0.17. It has been declared as problematic. Affected by
	  this vulnerability is an unknown functionality of the file
	  /index.php.
	  The manipulation of the argument redirect leads to
	  open redirect. The attack can be launched remotely.
	  The exploit has been disclosed to the public and
	  may be used. Upgrading to version 10.0.18 is able to
	  address this issue.
	  It is recommended to upgrade the affected component.
	</p>
	<p>
	  CVE-2025-23024: Starting in version 0.72 and prior to
	  version 10.0.18, an anonymous user can disable all the
	  active plugins. Version 10.0.18 contains a patch.
	  As a workaround, one may delete the `install/update.php`
	  file.
	</p>
	<p>
	  CVE-2025-23046: Prior to version 10.0.18, a low privileged
	  user can enable debug mode and access sensitive information.
	  Version 10.0.18 contains a patch.
	  As a workaround, one may delete the `install/update.php`
	  file.
	</p>
	<p>
	  CVE-2025-25192: Starting in version 9.5.0 and prior to
	  version 10.0.18, if a &quot;Mail servers&quot;
	  authentication provider is configured to use an Oauth
	  connection provided by the OauthIMAP plugin, anyone can
	  connect to GLPI using a user name on which an Oauth
	  authorization has already been established.
	  Version 10.0.18 contains a patch. As a
	  workaround, one may disable any &quot;Mail
	  servers&quot; authentication provider configured to
	  use an Oauth connection provided by the OauthIMAP
	  plugin.
	</p>
	<p>
	  CVE-2025-21626: Starting in version 0.71 and prior to
	  version 10.0.18, an anonymous user can fetch sensitive
	  information from the `status.php` endpoint.
	  Version 10.0.18 contains a fix for the issue.
	  Some workarounds are available. One may delete the
	  `status.php` file, restrict its access, or
	  remove any sensitive values from the `name` field of
	  the active LDAP directories, mail servers authentication
	  providers and mail receivers.
	</p>
	<p>
	  CVE-2025-21627: In versions prior to 10.0.18, a malicious
	  link can be crafted to perform a reflected XSS attack on the
	  search page. If the anonymous ticket creation is enabled,
	  this attack can be performed by an unauthenticated
	  user. Version 10.0.18 contains a fix for the issue.
	</p>
	<p>
	  CVE-2025-21619: An administrator user can perfom a SQL
	  injection through the rules configuration forms.
	  This vulnerability is fixed in 10.0.18.
	</p>
	<p>
	  CVE-2025-24799: An unauthenticated user can perform a SQL
	  injection through the inventory endpoint.
	  This vulnerability is fixed in 10.0.18.
	</p>
	<p>
	  CVE-2025-24801: An authenticated user can upload and force
	  the execution of *.php files located on the GLPI server.
	  This vulnerability is fixed in 10.0.18.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-11955</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-11955</url>
      <cvename>CVE-2025-23024</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-23024</url>
      <cvename>CVE-2025-23046</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-23046</url>
      <cvename>CVE-2025-25192</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-25192</url>
      <cvename>CVE-2025-21626</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-21626</url>
      <cvename>CVE-2025-21627</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-21627</url>
      <cvename>CVE-2025-21619</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-21619</url>
      <cvename>CVE-2025-24799</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-24799</url>
      <cvename>CVE-2025-24801</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-24801</url>
    </references>
    <dates>
      <discovery>2025-02-25</discovery>
      <entry>2025-05-29</entry>
    </dates>
  </vuln>

  <vuln vid="47ef0ac6-38fc-4b35-850b-c794f04619fe">
    <topic>electron{34,35} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron34</name>
	<range><lt>34.5.7</lt></range>
      </package>
      <package>
	<name>electron35</name>
	<range><lt>35.5.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v34.5.7">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-4609.</li>
	    <li>Security: backported fix for CVE-2025-4664.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4609</cvename>
      <cvename>CVE-2025-4664</cvename>
      <url>https://github.com/advisories/GHSA-vxhm-55mv-5fhx</url>
    </references>
    <dates>
      <discovery>2025-05-29</discovery>
      <entry>2025-05-29</entry>
    </dates>
  </vuln>

  <vuln vid="34744aab-3bf7-11f0-b81c-001b217e4ee5">
    <topic>ISC KEA -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>kea</name>
	<range><lt>2.6.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Internet Systems Consortium, Inc. reports:</p>
	<blockquote cite="https://kb.isc.org/docs/">
	<ul>
	    <li>Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801</li>
	    <li>Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802</li>
	    <li>Insecure file permissions can result in confidential information leakage https://kb.isc.org/docs/cve-2025-32803</li>
	</ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-32801</cvename>
      <cvename>CVE-2025-32802</cvename>
      <cvename>CVE-2025-32803</cvename>
    </references>
    <dates>
      <discovery>2025-05-28</discovery>
      <entry>2025-05-28</entry>
    </dates>
  </vuln>

  <vuln vid="45eb98d6-3b13-11f0-97f7-b42e991fc52e">
    <topic>grafana -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>10.4.18+security-01</lt></range>
	<range><ge>11.0.0</ge><lt>11.2.9+security-01</lt></range>
	<range><ge>11.3.0</ge><lt>11.3.6+security-01</lt></range>
	<range><ge>11.4.0</ge><lt>11.4.4+security-01</lt></range>
	<range><ge>11.5.0</ge><lt>11.5.4+security-01</lt></range>
	<range><ge>11.6.0</ge><lt>11.6.1+security-01</lt></range>
	<range><ge>12.0.0</ge><lt>12.0.0+security-01</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@grafana.com reports:</p>
	<blockquote cite="https://grafana.com/security/security-advisories/cve-2025-4123/">
	  <p>A cross-site scripting (XSS) vulnerability exists in Grafana caused
	by combining a client path traversal and open redirect.  This allows
	attackers to redirect users to a website that hosts a frontend
	plugin that will execute arbitrary JavaScript.  This vulnerability
	does not require editor permissions and if anonymous access is
	enabled, the XSS will work.  If the Grafana Image Renderer plugin
	is installed, it is possible to exploit the open redirect to achieve
	a full read SSRF.

	The default Content-Security-Policy (CSP) in Grafana will block the
	XSS though the `connect-src` directive.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4123</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4123</url>
    </references>
    <dates>
      <discovery>2025-04-26</discovery>
      <entry>2025-05-27</entry>
    </dates>
  </vuln>

  <vuln vid="e587b52d-38ac-11f0-b7b6-dcfe074bd614">
    <topic>cpython -- Use-after-free in &quot;unicode_escape&quot; decoder with error handler</topic>
    <affects>
      <package>
	<name>python39</name>
	<range><lt>3.9.22_1</lt></range>
      </package>
      <package>
	<name>python310</name>
	<range><lt>3.10.17_1</lt></range>
      </package>
      <package>
	<name>python311</name>
	<range><lt>3.11.12_1</lt></range>
      </package>
      <package>
	<name>python312</name>
	<range><lt>3.12.10_1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@python.org reports:</p>
	<blockquote cite="https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142">
	  <p>There is an issue in CPython when using
	`bytes.decode(&quot;unicode_escape&quot;,
	error=&quot;ignore|replace&quot;)`.  If you are not using the
	&quot;unicode_escape&quot; encoding or an error handler your
	usage is not affected.  To work-around this issue you may stop
	using the error= handler and instead wrap the bytes.decode()
	call in a try-except catching the DecodeError.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4516</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4516</url>
    </references>
    <dates>
      <discovery>2025-05-15</discovery>
      <entry>2025-05-24</entry>
    </dates>
  </vuln>

  <vuln vid="5baa64d6-37ee-11f0-a116-8447094a420f">
    <topic>OpenSSL -- Inverted security logic in x509 app</topic>
    <affects>
      <package>
	<name>openssl35</name>
	<range><lt>3.5.0_1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://openssl-library.org/news/secadv/20250522.txt">
	  <p>The x509 application adds trusted use instead of rejected use (low)</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4575</cvename>
      <url>https://openssl-library.org/news/secadv/20250522.txt</url>
    </references>
    <dates>
      <discovery>2025-05-23</discovery>
      <entry>2025-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="6529e5e7-36d5-11f0-8f57-b42e991fc52e">
    <topic>Firefox -- memory corruption due to race condition</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>137.0.2,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1951554">
	  <p>A race condition existed in nsHttpTransaction that could
	  have been exploited to cause memory corruption, potentially
	  leading to an exploitable condition.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3608</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3608</url>
    </references>
    <dates>
      <discovery>2025-04-15</discovery>
      <entry>2025-05-22</entry>
    </dates>
  </vuln>

  <vuln vid="a1a1b0c2-3791-11f0-8600-2cf05da270f3">
    <topic>Gitlab -- vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>18.0.0</ge><lt>18.0.1</lt></range>
	<range><ge>17.11.0</ge><lt>17.11.3</lt></range>
	<range><ge>10.2.0</ge><lt>17.10.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/">
	  <p>Unprotected large blob endpoint in GitLab allows Denial of Service</p>
	  <p>Improper XPath validation allows modified SAML response to bypass 2FA requirement</p>
	  <p>A Discord webhook integration may cause DoS</p>
	  <p>Unbounded Kubernetes cluster tokens may lead to DoS</p>
	  <p>Unvalidated notes position may lead to Denial of Service</p>
	  <p>Hidden/masked variables may get exposed in the UI</p>
	  <p>Two-factor authentication requirement bypass</p>
	  <p>View full email addresses that should be partially obscured</p>
	  <p>Branch name confusion in confidential MRs</p>
	  <p>Unauthorized access to job data via a GraphQL query</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0993</cvename>
      <cvename>CVE-2024-12093</cvename>
      <cvename>CVE-2024-7803</cvename>
      <cvename>CVE-2025-3111</cvename>
      <cvename>CVE-2025-2853</cvename>
      <cvename>CVE-2025-4979</cvename>
      <cvename>CVE-2025-0605</cvename>
      <cvename>CVE-2025-0679</cvename>
      <cvename>CVE-2024-9163</cvename>
      <cvename>CVE-2025-1110</cvename>
      <url>https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/</url>
    </references>
    <dates>
      <discovery>2025-05-21</discovery>
      <entry>2025-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="4abd86c1-366d-11f0-9c0c-000c29ffbb6c">
    <topic>screen -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>screen</name>
	<range><lt>5.0.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The screen project reports:</p>
	<blockquote cite="https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html">
	  <p>Multiple security issues in screen.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-46805</cvename>
      <cvename>CVE-2025-46804</cvename>
      <cvename>CVE-2025-46803</cvename>
      <cvename>CVE-2025-46802</cvename>
      <cvename>CVE-2025-23395</cvename>
      <url>https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html</url>
    </references>
    <dates>
      <discovery>2025-05-12</discovery>
      <entry>2025-05-21</entry>
    </dates>
  </vuln>

  <vuln vid="07560111-34cc-11f0-af94-b42e991fc52e">
    <topic>firefox -- out-of-bounds read/write</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0.4,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.10.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1966614">
	  <p>An attacker was able to perform an out-of-bounds read or
	  write on a JavaScript object by confusing array index sizes.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4918</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4918</url>
      <cvename>CVE-2025-4919</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4919</url>
    </references>
    <dates>
      <discovery>2025-05-17</discovery>
      <entry>2025-05-19</entry>
    </dates>
  </vuln>

  <vuln vid="46594aa3-32f7-11f0-a116-8447094a420f">
    <topic>WeeChat -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>weechat</name>
	<range><lt>4.6.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Weechat project reports:</p>
	<blockquote cite="https://weechat.org/doc/weechat/security/">
	  <p>Multiple integer and buffer overflows in WeeChat core.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://weechat.org/doc/weechat/security/</url>
    </references>
    <dates>
      <discovery>2025-05-11</discovery>
      <entry>2025-05-17</entry>
    </dates>
  </vuln>

  <vuln vid="79400d31-3166-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>136.0.7103.113</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>136.0.7103.113</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html">
	 <p>This update includes 4 security fixes:</p>
	 <ul>
	    <li>[415810136] High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser_ on 2025-05-05</li>
	    <li>[412578726] High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on 2025-04-22</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-4664</cvename>
      <cvename>CVE-2025-4609</cvename>
      <url>https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2025-05-14</discovery>
      <entry>2025-05-15</entry>
    </dates>
  </vuln>

  <vuln vid="52efdd56-30bd-11f0-81be-b42e991fc52e">
    <topic>Mozilla -- memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.10</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>138.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105">
	  <p>Memory safety bugs present in Firefox 137, Thunderbird 137,
	  Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs
	  showed evidence of memory corruption and we presume that
	  with enough effort some of these could have been exploited
	  to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4091</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4091</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-14</entry>
    </dates>
  </vuln>

  <vuln vid="4f17db64-30bd-11f0-81be-b42e991fc52e">
    <topic>Mozilla -- memory corruption</topic>
    <affects>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.10</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.10</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1894100">
	  <p>Memory safety bug present in Firefox ESR 128.9, and
	  Thunderbird 128.9. This bug showed evidence of memory
	  corruption and we presume that with enough effort this could
	  have been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4093</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4093</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-14</entry>
    </dates>
  </vuln>

  <vuln vid="6f10b49d-07b1-4be4-8abf-edf880b16ad2">
    <topic>vscode -- security feature bypass vulnerability</topic>
    <affects>
      <package>
	<name>vscode</name>
	<range><lt>1.100.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>VSCode developers report:</p>
	<blockquote cite="https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm">
	  <p>A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-21264</cvename>
      <url>https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm</url>
      <url>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264</url>
    </references>
    <dates>
      <discovery>2025-05-13</discovery>
      <entry>2025-05-14</entry>
    </dates>
  </vuln>

  <vuln vid="a96cd659-303e-11f0-94b5-54ee755069b5">
    <topic>libxslt -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libxslt</name>
	<range><lt>1.1.43</lt></range>
      </package>
    </affects>
    <description>
    <body xmlns="http://www.w3.org/1999/xhtml">
    <h1>[CVE-2024-55549] Fix UAF related to excluded namespaces</h1>
    <blockquote cite="https://gitlab.gnome.org/GNOME/libxslt/-/issues/127">
    <p>xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.</p>
    </blockquote>
    <h1>[CVE-2025-24855] Fix use-after-free of XPath context node</h1>
    <blockquote cite="https://gitlab.gnome.org/GNOME/libxslt/-/issues/128">
      <p>numbers.c in libxslt before 1.1.43 has a use-after-free because
	, in nested XPath evaluations, an XPath context node can be
	modified but never restored. This is related to
	xsltNumberFormatGetValue, xsltEvalXPathPredicate,
	xsltEvalXPathStringNs, and xsltComputeSortResultInternal.</p>
    </blockquote>
    </body>
    </description>
    <references>
      <cvename>CVE-2024-55549</cvename>
      <cvename>CVE-2025-24855</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-55549</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-24855</url>
    </references>
    <dates>
      <discovery>2025-03-13</discovery>
      <entry>2025-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="89c668d5-2f80-11f0-9632-641c67a117d8">
    <topic>www/varnish7 -- Request Smuggling Attack</topic>
    <affects>
      <package>
	<name>varnish7</name>
	<range><lt>7.7.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Varnish Development Team reports:</p>
	<blockquote cite="https://varnish-cache.org/security/VSV00016.html">
	<p>A client-side desync vulnerability can be triggered in Varnish Cache
	   and Varnish Enterprise. This vulnerability can be triggered under
	   specific circumstances involving malformed HTTP/1 requests.</p>
	<p>An attacker can abuse a flaw in Varnish's handling of chunked
	   transfer encoding which allows certain malformed HTTP/1 requests
	   to exploit improper framing of the message body to smuggle additional
	   requests. Specifically, Varnish incorrectly permits CRLF to be
	   skipped to delimit chunk boundaries.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://varnish-cache.org/security/VSV00016.html</url>
    </references>
    <dates>
      <discovery>2025-05-12</discovery>
      <entry>2025-05-12</entry>
    </dates>
  </vuln>

  <vuln vid="a8a1a8e7-2e85-11f0-a989-b42e991fc52e">
    <topic>Mozilla -- memory corruption</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>138.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367">
	  <p>Memory safety bugs present in Firefox 137 and Thunderbird 137.
	  Some of these bugs showed evidence of memory corruption and
	  we presume that with enough effort some of these could have
	  been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4092</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4092</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="a59bd59e-2e85-11f0-a989-b42e991fc52e">
    <topic>Mozilla -- insufficient character escaping</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>138.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198">
	  <p>Due to insufficient escaping of special characters in the
	    &quot;copy as cURL&quot; feature, an attacker could trick
	  a user into using this command, potentially leading to local
	  code execution on the user&apos;s system.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4089</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4089</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="a4422500-2e85-11f0-a989-b42e991fc52e">
    <topic>Mozilla -- Cross-Site Request Forgery</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>138.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1953521">
	  <p>A security vulnerability in Thunderbird allowed malicious
	  sites to use redirects to send credentialed requests to
	  arbitrary endpoints on any site that had invoked the Storage
	  Access API.  This enabled potential Cross-Site Request
	  Forgery attacks across origins.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4088</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4088</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="a2d5bd7b-2e85-11f0-a989-b42e991fc52e">
    <topic>Mozilla -- XPath parsing undefined behavior</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.10,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>138</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1952465">
	  <p>A vulnerability was identified in Thunderbird where XPath
	  parsing could trigger undefined behavior due to missing null
	  checks during attribute access. This could lead to
	  out-of-bounds read access and potentially, memory
	  corruption.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4087</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4087</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="9fa8c4a2-2e85-11f0-a989-b42e991fc52e">
    <topic>Mozilla -- Information leak</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>138.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915280">
	  <p>An attacker with control over a content process could
	  potentially leverage the privileged UITour actor to leak
	  sensitive information or escalate privileges.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4085</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4085</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="9c37a02e-2e85-11f0-a989-b42e991fc52e">
    <topic>Mozilla -- javascript content execution</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>138.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.10,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>138.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1958350">
	  <p>A process isolation vulnerability in Thunderbird stemmed
	  from improper handling of javascript: URIs, which could
	  allow content to execute in the top-level document&apos;s
	  process instead of the intended frame, potentially enabling
	  a sandbox escape.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4083</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4083</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="6943cbf2-2d55-11f0-9471-2cf05da270f3">
    <topic>Gitlab -- vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.11.0</ge><lt>17.11.2</lt></range>
	<range><ge>17.10.0</ge><lt>17.10.6</lt></range>
	<range><ge>12.0.0</ge><lt>17.9.8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/">
	  <p>Partial Bypass for Device OAuth flow using Cross Window Forgery</p>
	  <p>Denial of service by abusing Github import API</p>
	  <p>Group IP restriction bypass allows disclosing issue title of restricted project</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0549</cvename>
      <cvename>CVE-2024-8973</cvename>
      <cvename>CVE-2025-1278</cvename>
      <url>https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/</url>
    </references>
    <dates>
      <discovery>2025-05-07</discovery>
      <entry>2025-05-10</entry>
    </dates>
  </vuln>

  <vuln vid="78b8e808-2c45-11f0-9a65-6cc21735f730">
    <topic>PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation</topic>
    <affects>
      <package>
	<name>postgresql17-client</name>
	<range><lt>17.5</lt></range>
      </package>
      <package>
	<name>postgresql16-client</name>
	<range><lt>16.9</lt></range>
      </package>
      <package>
	<name>postgresql15-client</name>
	<range><lt>15.13</lt></range>
      </package>
      <package>
	<name>postgresql14-client</name>
	<range><lt>14.18</lt></range>
      </package>
      <package>
	<name>postgresql13-client</name>
	<range><lt>13.21</lt></range>
      </package>
      <package>
	<name>postgresql17-server</name>
	<range><lt>17.5</lt></range>
      </package>
      <package>
	<name>postgresql16-server</name>
	<range><lt>16.9</lt></range>
      </package>
      <package>
	<name>postgresql15-server</name>
	<range><lt>15.13</lt></range>
      </package>
      <package>
	<name>postgresql14-server</name>
	<range><lt>14.18</lt></range>
      </package>
      <package>
	<name>postgresql13-server</name>
	<range><lt>13.21</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2025-4207/">
	  <p>
	    A buffer over-read in PostgreSQL GB18030 encoding
	    validation allows a database input provider to achieve
	    temporary denial of service on platforms where a 1-byte
	    over-read can elicit process termination. This affects
	    the database server and also libpq. Versions before
	    PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are
	    affected.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-4207</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2025-4207/</url>
    </references>
    <dates>
      <discovery>2025-05-08</discovery>
      <entry>2025-05-08</entry>
    </dates>
  </vuln>

  <vuln vid="db221414-2b0d-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>136.0.7103.92</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>136.0.7103.92</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[412057896] Medium CVE-2025-4372: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-04-20</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-4372</cvename>
      <url>https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2025-05-06</discovery>
      <entry>2025-05-07</entry>
    </dates>
  </vuln>

  <vuln vid="e195e915-2a43-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>136.0.7103.59</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>136.0.7103.59</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html">
	 <p>This update includes 8 security fixes:</p>
	 <ul>
	    <li>[409911705] High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11</li>
	    <li>[409342999] Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09</li>
	    <li>[404000989] Medium CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-16</li>
	    <li>[401927528] Low CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-4096</cvename>
      <cvename>CVE-2025-4050</cvename>
      <cvename>CVE-2025-4051</cvename>
      <cvename>CVE-2025-4052</cvename>
      <url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-06</entry>
    </dates>
  </vuln>

  <vuln vid="5f868a5f-2943-11f0-bb22-f02f7432cf97">
    <topic>fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams</topic>
    <affects>
      <package>
	<name>fcgi</name>
	<range><lt>2.4.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://github.com/FastCGI-Archives/fcgi2/issues/67">
	<p>FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer
	overflow (and resultant heap-based buffer overflow) via
	crafted nameLen or valueLen values in data to the IPC socket.
	This occurs in ReadParams in fcgiapp.c.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-23016</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-23016</url>
      <url>https://github.com/FastCGI-Archives/fcgi2/issues/67</url>
    </references>
    <dates>
      <discovery>2025-01-10</discovery>
      <entry>2025-05-04</entry>
    </dates>
  </vuln>

  <vuln vid="7e7a32e7-2901-11f0-ab20-b42e991fc52e">
    <topic>dnsdist -- Denial of service via crafted DoH exchange</topic>
    <affects>
      <package>
	<name>null</name>
	<range><lt>null</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@open-xchange.com reports:</p>
	<blockquote cite="https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html">
	<p>
	When DNSdist is configured to provide DoH via the
	nghttp2provider, an attacker can cause a denial of service by
	crafting a DoH exchange that triggers an illegal memory
	access (double-free) and crash of DNSdist, causing a denial
	of service. The remedy is: upgrade to the patched 1.9.9
	version. A workaround is to temporarily switch to the h2o
	provider until DNSdist has been upgraded to a fixed version.
	We would like to thank Charles Howes for bringing this issue
	to our attention.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-30194</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-30194</url>
    </references>
    <dates>
      <discovery>2025-04-29</discovery>
      <entry>2025-05-04</entry>
    </dates>
  </vuln>

  <vuln vid="d70d5e0a-1f5e-11f0-9c67-6805ca2fa271">
    <topic>powerdns-recursor -- denial of service</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><eq>5.2.0</eq></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://blog.powerdns.com/2025/04/07/powerdns-recursor-5-2-1-released">
	  <p>PowerDNS Security Advisory 2025-01: A crafted zone can
	  lead to an illegal memory access in the Recursor</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-30195</cvename>
      <url>https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html</url>
    </references>
    <dates>
      <discovery>2025-04-07</discovery>
      <entry>2025-04-22</entry>
    </dates>
  </vuln>

  <vuln vid="409206f6-25e6-11f0-9360-b42e991fc52e">
    <topic>sqlite -- integer overflow</topic>
    <affects>
      <package>
	<name>sqlite</name>
	<range><lt>3.49.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a">
	<p>
	In SQLite 3.44.0 through 3.49.0 before 3.49.1, the
	concat_ws() SQL function can cause memory to be written
	beyond the end of a malloc-allocated buffer. If the
	separator argument is attacker-controlled and has a large
	string (e.g., 2MB or more), an integer overflow occurs in
	calculating the size of the result buffer, and thus malloc
	may not allocate enough memory.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-29087</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-29087</url>
    </references>
    <dates>
      <discovery>2025-04-07</discovery>
      <entry>2025-04-30</entry>
    </dates>
  </vuln>

  <vuln vid="df126e23-24fa-11f0-ab92-f02f7497ecda">
    <topic>h11 accepts some malformed Chunked-Encoding bodies</topic>
    <affects>
      <package>
    <name>py39-h11</name>
    <name>py310-h11</name>
    <name>py311-h11</name>
    <name>py312-h11</name>
    <range><lt>0.16.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
    <p>h11 reports:</p>
    <blockquote cite="https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj">
      <p>h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-43859</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-43859</url>
    </references>
    <dates>
      <discovery>2025-04-24</discovery>
      <entry>2025-04-29</entry>
    </dates>
  </vuln>

  <vuln vid="310f5923-211c-11f0-8ca6-6c3be5272acd">
    <topic>Grafana -- Authorization bypass in data source proxy API</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>10.4.17+security-01</lt></range>
	<range><ge>11.0.0</ge><lt>11.2.8+security-01</lt></range>
	<range><ge>11.3.0</ge><lt>11.3.5+security-01</lt></range>
	<range><ge>11.4.0</ge><lt>11.4.3+security-01</lt></range>
	<range><ge>11.5.0</ge><lt>11.5.3+security-01</lt></range>
	<range><ge>11.6.0</ge><lt>11.6.0+security-01</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/">
	  <p>This vulnerability, which was discovered while reviewing a pull
	  request from an external contributor, effects Grafana’s data source
	  proxy API and allows authorization checks to be bypassed by adding
	  an extra slash character (/) in the URL path. Among Grafana-maintained
	  data sources, the vulnerability only affects the read paths
	  of Prometheus (all flavors) and Alertmanager when configured with
	  basic authorization.</p>
	  <p>The CVSS score for this vulnerability is
	  <a href="https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N">5.0 MEDIUM</a>.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3454</cvename>
      <url>https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/</url>
    </references>
    <dates>
      <discovery>2025-03-25</discovery>
      <entry>2025-04-24</entry>
    </dates>
  </vuln>

  <vuln vid="6adfda5a-2118-11f0-8ca6-6c3be5272acd">
    <topic>Grafana -- Bypass Viewer and Editor permissions</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>11.6.0</ge><lt>11.6.0+security-01</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/">
	  <p>During the development of a new feature in Grafana 11.6.x,
	  a security vulnerability was introduced that allows for Viewers
	  and Editors to bypass dashboard-specific permissions. As a result,
	  users with the Viewer role could view all the dashboards within their
	  org and users with the Editor role could view, edit, and delete all
	  the dashboards in their org.</p>
	  <p><em>Note: Organization isolation boundaries still apply, which
	  means viewers and editors in one organization cannot view or edit
	  dashboards in another org. Also this vulnerability does not allow
	  users to query data via data sources they don’t have access to.</em>
	  </p>
	  <p>The CVSS score for this vulnerability is
	  <a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L&amp;version=3.1">8.3 HIGH</a>.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3260</cvename>
      <url>https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/</url>
    </references>
    <dates>
      <discovery>2025-04-04</discovery>
      <entry>2025-04-24</entry>
    </dates>
  </vuln>

  <vuln vid="f8b7af82-2116-11f0-8ca6-6c3be5272acd">
    <topic>Grafana -- DOM XSS vulnerability</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>11.1.0</ge><lt>11.2.8+security-01</lt></range>
	<range><ge>11.3.0</ge><lt>11.3.5+security-01</lt></range>
	<range><ge>11.4.0</ge><lt>11.4.3+security-01</lt></range>
	<range><ge>11.5.0</ge><lt>11.5.3+security-01</lt></range>
	<range><ge>11.6.0</ge><lt>11.6.0+security-01</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/">
	  <p>An external security researcher responsibly reported a security
	  vulnerability in Grafana’s built-in
	  <a href="https://grafana.com/docs/grafana/latest/panels-visualizations/visualizations/xy-chart/">XY chart plugin</a>
	  that is vulnerable to a
	  <a href="https://grafana.com/blog/2023/07/11/trusted-types-how-we-mitigate-xss-threats-in-grafana-10/#what-is-dom-xss">DOM XSS vulnerability</a>.</p>
	  <p>The CVSS score for this vulnerability is
	  <a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L&amp;version=3.1">6.8 MEDIUM</a>.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2703</cvename>
      <url>https://grafana.com/security/security-advisories/cve-2025-2703/</url>
    </references>
    <dates>
      <discovery>2025-03-14</discovery>
      <entry>2025-04-24</entry>
    </dates>
  </vuln>

  <vuln vid="af8d043f-20df-11f0-b9c5-000c295725e4">
    <topic>redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.4.3</lt></range>
      </package>
      <package>
	<name>redis72</name>
	<range><lt>7.2.8</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.18</lt></range>
      </package>
      <package>
	<name>valkey</name>
	<range><lt>8.1.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Axel Mierczuk reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff">
	  <p>
	    By default, the Redis configuration does not limit the
	    output buffer of normal clients (see
	    client-output-buffer-limit). Therefore, the output buffer
	    can grow unlimitedly over time. As a result, the service
	    is exhausted and the memory is unavailable.
	  </p>
	  <p>
	    When password authentication is enabled on the Redis
	    server, but no password is provided, the client can still
	    cause the output buffer to grow from "NOAUTH" responses
	    until the system will run out of memory.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-21605</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff</url>
    </references>
    <dates>
      <discovery>2025-04-23</discovery>
      <entry>2025-04-24</entry>
    </dates>
  </vuln>

  <vuln vid="11b71871-20ba-11f0-9471-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.11.0</ge><lt>17.11.1</lt></range>
	<range><ge>17.10.0</ge><lt>17.10.5</lt></range>
	<range><ge>16.6.0</ge><lt>17.9.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/">
	  <p>Cross Site Scripting (XSS) in Maven Dependency Proxy through CSP directives</p>
	  <p>Cross Site Scripting (XSS) in Maven dependency proxy through cache headers</p>
	  <p>Network Error Logging (NEL) Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring</p>
	  <p>Denial of service (DOS) via issue preview</p>
	  <p>Unauthorized access to branch names when Repository assets are disabled in the project</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1763</cvename>
      <cvename>CVE-2025-2443</cvename>
      <cvename>CVE-2025-1908</cvename>
      <cvename>CVE-2025-0639</cvename>
      <cvename>CVE-2024-12244</cvename>
      <url>https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/</url>
    </references>
    <dates>
      <discovery>2025-04-23</discovery>
      <entry>2025-04-24</entry>
    </dates>
  </vuln>

  <vuln vid="194f79c3-1ffe-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>135.0.7049.114</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>135.0.7049.114</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_22.html">
	 <p>This update includes 1 security fix.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_22.html</url>
    </references>
    <dates>
      <discovery>2025-04-22</discovery>
      <entry>2025-04-23</entry>
    </dates>
  </vuln>

  <vuln vid="5ca2cafa-1f24-11f0-ab07-f8f21e52f724">
    <topic>Navidrome -- Authentication bypass in Subsonic API</topic>
    <affects>
      <package>
	<name>navidrome</name>
	<range><gt>0.52.0</gt><lt>0.54.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Deluan reports:</p>
	<blockquote cite="https://github.com/navidrome/navidrome/security/advisories/GHSA-c3p4-vm8f-386p">
	  <p>In certain Subsonic API endpoints, authentication can be
	bypassed by using a non-existent username combined with an
	empty (salted) password hash. This allows read-only access to
	the server’s resources, though attempts at write operations
	fail with a “permission denied” error.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27112</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27112</url>
    </references>
    <dates>
      <discovery>2025-02-25</discovery>
      <entry>2025-04-22</entry>
    </dates>
  </vuln>

  <vuln vid="06269ae8-1e0d-11f0-ad0b-b42e991fc52e">
    <topic>Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE</topic>
    <affects>
      <package>
	<name>erlang</name>
	<range><lt>26.2.5.11</lt></range>
      </package>
      <package>
	<name>erlang-runtime21</name>
	<range><lt>25.3.2.20</lt></range>
      </package>
      <package>
	<name>erlang-runtime22</name>
	<range><lt>25.3.2.20</lt></range>
      </package>
      <package>
	<name>erlang-runtime23</name>
	<range><lt>25.3.2.20</lt></range>
      </package>
      <package>
	<name>erlang-runtime24</name>
	<range><lt>25.3.2.20</lt></range>
      </package>
      <package>
	<name>erlang-runtime25</name>
	<range><lt>25.3.2.20</lt></range>
      </package>
      <package>
	<name>erlang-runtime26</name>
	<range><lt>26.2.5.11</lt></range>
      </package>
      <package>
	<name>erlang-runtime27</name>
	<range><lt>27.3.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12">
	<p>
	Erlang/OTP is a set of libraries for the Erlang
	programming language. Prior to versions OTP-27.3.3,
	OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow
	an attacker to perform unauthenticated remote code
	execution (RCE). By exploiting a flaw in SSH protocol
	message handling, a malicious actor could gain
	unauthorized access to affected systems and execute
	arbitrary commands without valid credentials. This issue
	is patched in versions OTP-27.3.3, OTP-26.2.5.11, and
	OTP-25.3.2.20. A temporary workaround involves disabling
	the SSH server or to prevent access via firewall rules.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-32433</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-32433</url>
    </references>
    <dates>
      <discovery>2025-04-16</discovery>
      <entry>2025-04-20</entry>
    </dates>
  </vuln>

  <vuln vid="1b8d502e-1cfd-11f0-944d-901b0e9408dc">
    <topic>ejabberd -- mod_muc_occupantid: Fix handling multiple occupant-id</topic>
    <affects>
      <package>
	<name>ejabberd</name>
	<range><lt>25.04</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>ejabberd team reports:</p>
	<blockquote cite="https://www.process-one.net/blog/ejabberd-25-04/#occupantid">
	  <p>Fixed issue with handling of user provided occupant-id in
	  messages and presences sent to muc room. Server was
	  replacing just first instance of occupant-id with its own
	  version, leaving other ones untouched. That would mean that
	  depending on order in which clients send occupant-id, they
	  could see value provided by sender, and that could be used
	  to spoof as different sender.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://www.process-one.net/blog/ejabberd-25-04/#occupantid</url>
    </references>
    <dates>
      <discovery>2025-04-16</discovery>
      <entry>2025-04-19</entry>
    </dates>
  </vuln>

  <vuln vid="bf5d29ea-1a93-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>135.0.7049.95</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>135.0.7049.95</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[409619251] Critical CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09</li>
	    <li>[405292639] High CVE-2025-3620: Use after free in USB. Reported by @retsew0x01 on 2025-03-21</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-3619</cvename>
      <cvename>CVE-2025-3620</cvename>
      <url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html</url>
    </references>
    <dates>
      <discovery>2025-04-15</discovery>
      <entry>2025-04-16</entry>
    </dates>
  </vuln>

  <vuln vid="030778d5-19cc-11f0-8cb5-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>135.0.7049.84</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>135.0.7049.84</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[405140652] High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe (@svn-dys) on 2025-03-21</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-3066</cvename>
      <url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html</url>
    </references>
    <dates>
      <discovery>2025-04-08</discovery>
      <entry>2025-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="e9b8e519-0d50-11f0-86d8-901b0e934d69">
    <topic>py-matrix-synapse -- federation denial of service via malformed events</topic>
    <affects>
      <package>
	<name>py38-matrix-synapse</name>
	<name>py39-matrix-synapse</name>
	<name>py310-matrix-synapse</name>
	<name>py311-matrix-synapse</name>
	<range><lt>1.127.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>element-hq/synapse developers report:</p>
	<blockquote cite="https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6">
	  <p>A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-30355</cvename>
      <url>https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6</url>
    </references>
    <dates>
      <discovery>2025-03-26</discovery>
      <entry>2025-03-26</entry>
    </dates>
  </vuln>

  <vuln vid="45276ea6-1653-4240-9986-ccfc6fec7ece">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.504</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.492.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2025-04-02/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-3512 / CVE-2025-31720</h5>
	  <p>Missing permission check allows retrieving agent configurations</p>
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-3513 / CVE-2025-31721</h5>
	  <p>Missing permission check allows retrieving secrets from agent configurations</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-31720</cvename>
      <cvename>CVE-2025-31721</cvename>
      <url>https://www.jenkins.io/security/advisory/2025-04-02/</url>
    </references>
    <dates>
      <discovery>2025-04-02</discovery>
      <entry>2025-04-11</entry>
    </dates>
  </vuln>

  <vuln vid="ed602f8b-15c2-11f0-b4e4-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.10.0</ge><lt>17.10.4</lt></range>
	<range><ge>17.9.0</ge><lt>17.9.6</lt></range>
	<range><ge>7.7.0</ge><lt>17.8.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/04/09/patch-release-gitlab-17-10-4-released/">
	  <p>Denial of service via CI pipelines</p>
	  <p>Unintentionally authorizing sensitive actions on users behalf</p>
	  <p>IP Restriction Bypass through GraphQL Subscription</p>
	  <p>Unauthorized users can list the number of confidential issues</p>
	  <p>Debugging Information Disclosed</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1677</cvename>
      <cvename>CVE-2025-0362</cvename>
      <cvename>CVE-2025-2408</cvename>
      <cvename>CVE-2024-11129</cvename>
      <cvename>CVE-2025-2469</cvename>
      <url>https://about.gitlab.com/releases/2025/04/09/patch-release-gitlab-17-10-4-released/</url>
    </references>
    <dates>
      <discovery>2025-04-09</discovery>
      <entry>2025-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="8f71ad3b-14f5-11f0-87ba-002590c1f29c">
    <topic>expat: improper restriction of xml entity expansion depth</topic>
    <affects>
      <package>
	<name>expat</name>
	<range><lt>2.7.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>secalert@redhat.com reports:</p>
	<blockquote cite="https://access.redhat.com/errata/RHSA-2025:3531">
	  <p>A stack overflow vulnerability exists in the libexpat library due
	  to the way it handles recursive entity expansion in XML documents.
	  When parsing an XML document with deeply nested entity references,
	  libexpat can be forced to recurse indefinitely, exhausting the stack
	  space and causing a crash.  This issue could lead to denial of
	  service (DoS) or, in some cases, exploitable memory corruption,
	  depending on the environment and library usage.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-8176</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-8176</url>
    </references>
    <dates>
      <discovery>2025-03-14</discovery>
      <entry>2025-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="34c51a2b-13c8-11f0-a5bd-b42e991fc52e">
    <topic>Mozilla -- memory corruption</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>137.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>137.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>137.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1894100%2C1934086%2C1950360">
	  <p>Memory safety bugs present in Firefox 136 and Thunderbird 136.
	  Some of these bugs showed evidence of memory corruption and
	  we presume that with enough effort some of these could have
	  been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3034</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3034</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="315f568e-13c8-11f0-a5bd-b42e991fc52e">
    <topic>Mozilla -- privilege escalation attack</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>137.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>137.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>137.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1949987">
	  <p>Leaking of file descriptors from the fork server to web
	    content processes could allow for privilege escalation
	    attacks.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3032</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3032</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="2fc74cae-13c8-11f0-a5bd-b42e991fc52e">
    <topic>Mozilla -- stack memory read</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>137.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>137.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>137.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1947141">
	  <p>An attacker could read 32 bits of values spilled onto the stack in
	a JIT compiled function.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3031</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3031</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="2e0ff31b-13c8-11f0-a5bd-b42e991fc52e">
    <topic>Mozilla -- Memory corruption</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>137.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.9.0</lt></range>
      </package>
      <package>
	<name>firefox</name>
	<range><lt>137.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494">
	  <p>Memory safety bugs present in Firefox 136, Thunderbird
	  136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these
	  bugs showed evidence of memory corruption and we presume
	  that with enough effort some of these could have been
	  exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3030</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3030</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="2c0180a5-13c8-11f0-a5bd-b42e991fc52e">
    <topic>Mozilla -- URL spoofing attack</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>137.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.9</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>137.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>137.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1952213">
	  <p>A crafted URL containing specific Unicode characters
	  could have hidden the true origin of the page, resulting in
	  a potential spoofing attack.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3029</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3029</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="28e5f7be-13c8-11f0-a5bd-b42e991fc52e">
    <topic>Mozilla -- use-after-free error</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>137.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.22</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>137.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>137.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1941002">
	  <p>JavaScript code running while transforming a document
	  with the XSLTProcessor could lead to a use-after-free.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3028</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3028</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="789bcfb6-1224-11f0-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>135.0.7049.52</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>135.0.7049.52</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html">
	 <p>This update includes 13 security fixes:</p>
	 <ul>
	    <li>[376491759] Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31</li>
	    <li>[401823929] Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09</li>
	    <li>[40060076] Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26</li>
	    <li>[40086360] Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01</li>
	    <li>[40051596] Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23</li>
	    <li>[362545037] Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27</li>
	    <li>[388680893] Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09</li>
	    <li>[392818696] Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-3067</cvename>
      <cvename>CVE-2025-3068</cvename>
      <cvename>CVE-2025-3069</cvename>
      <cvename>CVE-2025-3070</cvename>
      <cvename>CVE-2025-3071</cvename>
      <cvename>CVE-2025-3072</cvename>
      <cvename>CVE-2025-3073</cvename>
      <cvename>CVE-2025-3074</cvename>
      <url>https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-05</entry>
    </dates>
  </vuln>

  <vuln vid="1205eccf-116d-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- Memory corruption bug</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.6.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>134.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783">
	  <p>Memory safety bugs present in Firefox 133, Thunderbird 133,
	  Firefox ESR 128.5, and Thunderbird 128.5.  Some of these
	  bugs showed evidence of memory corruption and we presume
	  that with enough effort some of these could have been
	  exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0243</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0243</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="f9d7b6ae-116c-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>134.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2C1910021%2C1919803%2C1931576%2C1931948%2C1932173">
	  <p>Memory safety bugs present in Firefox 133 and Thunderbird 133.
	  Some of these bugs showed evidence of memory corruption and
	  we presume that with enough effort some of these could have
	  been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0247</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0247</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="f7d80111-116c-11f0-8b2c-b42e991fc52e">
    <topic>firefox -- authentication bypass</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1895342">
	  <p>Under certain circumstances, a user opt-in setting that
	  Focus should require authentication before use could have
	  been be bypassed.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0245</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0245</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="f508f81e-116c-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.19</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>134.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169">
	  <p>Memory safety bugs present in Firefox 133, Thunderbird 133,
	  Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18,
	  and Thunderbird 128.5.  Some of these bugs showed evidence
	  of memory corruption and we presume that with enough effort
	  some of these could have been exploited to run arbitrary
	  code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0242</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0242</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="f38dd0f1-116c-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- DoS via segmentation fault</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.6.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>134.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1933023">
	  <p>When segmenting specially crafted text, segmentation
	  would corrupt memory leading to a potentially exploitable
	  crash.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0241</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0241</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="f1f92cd3-116c-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- use-after-free while parsing JSON</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.6.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>134.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1929623">
	  <p>Parsing a JavaScript module as JSON could, under some
	  circumstances, cause cross-compartment access, which may
	  result in a use-after-free.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0240</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0240</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="f02e3c59-116c-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- redirection to insecure site</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.6.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>134.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1929156">
	  <p>When using Alt-Svc, ALPN did not properly validate
	    certificates when the original server is redirecting to an
	    insecure site.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0239</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0239</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="ee407762-116c-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- use-after-free after failed memory allocation</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.6.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915535">
	  <p>Assuming a controlled failed memory allocation, an
	  attacker could have caused a use-after-free, leading to a
	  potentially exploitable crash.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0238</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0238</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="ea51e89a-116c-11f0-8b2c-b42e991fc52e">
    <topic>Mozilla -- privilege escalation attack</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>134.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>134.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.6.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915257">
	  <p>The WebChannel API, which is used to transport various
	  information across processes, did not check the sending
	  principal but rather accepted the principal being sent.
	  This could have led to privilege escalation attacks.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0237</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-0237</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="37c368f1-10a2-11f0-8195-b42e991fc52e">
    <topic>mozilla -- memory corruption</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>136.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>136.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>136.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281">
	  <p>Memory safety bugs present in Firefox 135 and Thunderbird
	  135. Some of these bugs showed evidence of memory corruption
	  and we presume that with enough effort some of these could
	  have been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1943</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1943</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="b31a4e74-109d-11f0-8195-b42e991fc52e">
    <topic>mozilla -- memory corruption</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>136.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>136.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.8,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>136.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111">
	<p>CVE-2025-1938: Memory safety bugs present in Firefox 135,
	Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7.
	Some of these bugs showed evidence of memory corruption and
	we presume that with enough effort some of these could have
	been exploited to run arbitrary code.</p>
	<p>CVE-2025-1935: A web page could trick a user into setting
	that site as the default handler for a custom URL protocol.</p>
	<p>CVE-2025-1934: It was possible to interrupt the processing
	of a RegExp bailout and run additional JavaScript, potentially
	triggering garbage collection when the engine was not
	expecting it.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1938</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1938</url>
      <cvename>CVE-2025-1935</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1935</url>
      <cvename>CVE-2025-1934</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1934</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="aeb2ca87-109d-11f0-8195-b42e991fc52e">
    <topic>mozilla -- Memory safety bugs</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>136.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>136.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.21,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>136.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716">
	<p>Memory safety bugs present in Firefox 135, Thunderbird 135,
	Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7.
	Some of these bugs showed evidence of memory corruption and
	we presume that with enough effort some of these could have
	been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1937</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1937</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="acf902f6-109d-11f0-8195-b42e991fc52e">
    <topic>mozilla -- use-after-free in WebTransport connection</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>136.0,2</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>136.0</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.21,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>136.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1944126">
	  <p>It was possible to cause a use-after-free in the content
	  process side of a WebTransport connection, leading to a
	  potentially exploitable crash.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1931</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1931</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="a93a1d2a-109d-11f0-8195-b42e991fc52e">
    <topic>mozilla -- 64 bit JIT WASM read on left over memory</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>136.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.21,1</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>136.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>136.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1946004">
	 <p>On 64-bit CPUs, when the JIT compiles WASM i32 return
	 values they can pick up bits from left over memory.
	 This can potentially cause them to be treated as a different
	 type.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1933</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1933</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="350b3389-107f-11f0-8195-b42e991fc52e">
    <topic>MongoDB -- crash due to improper validation of explain command</topic>
    <affects>
      <package>
	<name>mongodb50</name>
	<range><lt>5.0.31</lt></range>
      </package>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.20</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.16</lt></range>
      </package>
      <package>
	<name>mongodb80</name>
	<range><lt>8.0.4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-103153">
	  <p>When run on commands with certain arguments set, explain may fail
	to validate these arguments before using them.  This can lead to
	crashes in router servers.  This affects MongoDB Server v5.0 prior
	to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0
	prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3084</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3084</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="32f5e57f-107f-11f0-8195-b42e991fc52e">
    <topic>MongoDB -- Malformed wire protocol messages may cause mongos to crash</topic>
    <affects>
      <package>
	<name>mongodb50</name>
	<range><lt>5.0.31</lt></range>
      </package>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.20</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.16</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-103152">
	  <p>Specifically crafted MongoDB wire protocol messages can cause mongos
	to crash during command validation.  This can occur without using
	an authenticated connection.  This issue affects MongoDB v5.0
	versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and
	MongoDB v7.0 versions prior to 7.0.16</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3083</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3083</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="30418b26-107f-11f0-8195-b42e991fc52e">
    <topic>MongoDB -- Unauthorized access to underlying data</topic>
    <affects>
      <package>
	<name>mongodb50</name>
	<range><lt>5.0.31</lt></range>
      </package>
      <package>
	<name>mongodb60</name>
	<range><lt>6.0.20</lt></range>
      </package>
      <package>
	<name>mongodb70</name>
	<range><lt>7.0.16</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cna@mongodb.com reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-103151">
	  <p>A user authorized to access a view may be able to alter the intended
	collation, allowing them to access to a different or unintended
	view of underlying data.  This issue affects MongoDB Server v5.0
	version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20,
	MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3
	versions prior to 7.3.4.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-3082</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3082</url>
    </references>
    <dates>
      <discovery>2025-04-01</discovery>
      <entry>2025-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="2cad4541-0f5b-11f0-89f8-411aefea0df9">
    <topic>openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2</topic>
    <affects>
      <package>
	<name>openvpn</name>
	<range><ge>2.6.1</ge><lt>2.6.14</lt></range>
      </package>
      <package>
	<name>openvpn-devel</name>
	<range><lt>g20250402,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gert Doering reports:</p>
	<blockquote cite="https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614">
	  <p>OpenVPN servers between 2.6.1 and 2.6.13 using
	    --tls-crypt-v2 can be made to abort with an ASSERT() message by
	    sending a particular combination of authenticated and malformed packets.</p>
	  <p>To trigger the bug, a valid tls-crypt-v2 client key is needed, or
	    network observation of a handshake with a valid tls-crypt-v2 client key</p>
	  <p>No crypto integrity is violated, no data is leaked, and no remote
	    code execution is possible.</p>
	  <p>This bug does not affect OpenVPN clients.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2704</cvename>
      <url>https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614</url>
    </references>
    <dates>
      <discovery>2025-03-26</discovery>
      <entry>2025-04-02</entry>
    </dates>
  </vuln>

  <vuln vid="300f86de-0e4d-11f0-ae40-b42e991fc52e">
    <topic>gitea -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.23.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@golang.org reports:</p>
	<blockquote cite="https://go.dev/cl/654697">
	<p>Matching of hosts against proxy patterns can improperly treat an
	IPv6 zone ID as a hostname component.  For example, when the NO_PROXY
	environment variable is set to &quot;*.example.com&quot;, a request
	to &quot;[::1%25.example.com]:80` will incorrectly match and not
	be proxied.</p>
	<p>go-redis is the official Redis client library for the Go programming
	language.  Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially
	responds out of order when `CLIENT SETINFO` times out during
	connection establishment.  This can happen when the client is
	configured to transmit its identity, there are network connectivity
	issues, or the client was configured with aggressive timeouts.  The
	problem occurs for multiple use cases.  For sticky connections, you
	receive persistent out-of-order responses for the lifetime of the
	connection.  All commands in the pipeline receive incorrect responses.
	When used with the default ConnPool once a connection is returned
	after use with ConnPool#Put the read buffer will be checked and the
	connection will be marked as bad due to the unread data.  This means
	that at most one out-of-order response before the connection is
	discarded.  This issue is fixed in 9.5.5, 9.6.3, and 9.7.3.  You
	can prevent the vulnerability by setting the flag DisableIndentity
	to true when constructing the client instance.</p>
	<p>golang-jwt is a Go implementation of JSON Web Tokens.  Prior to
	5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a
	call to strings.Split) its argument (which is untrusted data) on
	periods.  As a result, in the face of a malicious request whose
	Authorization header consists of Bearer followed by many period
	characters, a call to that function incurs allocations to the tune
	of O(n) bytes (where n stands for the length of the function&apos;s
	argument), with a constant factor of about 16.  This issue is fixed
	in 5.2.2 and 4.5.2.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-22870</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-22870</url>
      <cvename>CVE-2025-29923</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-29923</url>
      <cvename>CVE-2025-30204</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-30204</url>
    </references>
    <dates>
      <discovery>2025-03-12</discovery>
      <entry>2025-03-31</entry>
    </dates>
  </vuln>

  <vuln vid="1a67144d-0d86-11f0-8542-b42e991fc52e">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>136.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.8,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>136.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.8</lt></range>
      </package>
      <package>
	<name>librewolf</name>
	<range><lt>136.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1945392">
	  <p>An inconsistent comparator in xslt/txNodeSorter could have resulted
	in potentially exploitable out-of-bounds access.  Only affected
	version 122 and later.  This vulnerability affects Firefox &lt;
	136, Firefox ESR &lt; 128.8, Thunderbird &lt; 136, and Thunderbird
	&lt; 128.8.</p>
	  <p>Under certain circumstances, a user opt-in setting that Focus should
	require authentication before use could have been be bypassed
	(distinct from CVE-2025-0245).  This vulnerability affects Firefox
	&lt; 136.</p>
	  <p>When String.toUpperCase() caused a string to get longer it was
	possible for uninitialized memory to be incorporated into the result
	string This vulnerability affects Firefox &lt; 136 and Thunderbird
	&lt; 136.</p>
	  <p>Websites redirecting to a non-HTTP scheme URL could allow a website
	address to be spoofed for a malicious page This vulnerability affects
	Firefox for iOS &lt; 136.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1932</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1932</url>
      <cvename>CVE-2025-1941</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1941</url>
      <cvename>CVE-2025-1942</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1942</url>
      <cvename>CVE-2025-27424</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27424</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-03-30</entry>
    </dates>
  </vuln>

  <vuln vid="1d53db32-0d60-11f0-8542-b42e991fc52e">
    <topic>suricata -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>suricata</name>
	<range><lt>7.0.9</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Suricate team reports:</p>
	<blockquote cite="https://forum.suricata.io/t/suricata-7-0-9-released/5495">
	  <p>Multiple vulnerabilities</p>
	</blockquote>
	<ul>
	<li>
	CVE-2025-29915: Severity HIGH. The AF_PACKET defrag option
	is enabled by default and allows AF_PACKET to re-assemble
	fragmented packets before reaching Suricata. However the
	default packet size in Suricata is based on the network
	interface MTU which leads to Suricata seeing truncated
	packets.
	</li>
	<li>
	CVE-2025-29916: Severity Moderate. Datasets declared in
	rules have an option to specify the `hashsize` to use.
	This size setting isn't properly limited, so the hash
	table allocation can be large. Untrusted rules can lead to
	large memory allocations, potentially leading to denial of
	service due to resource starvation
	</li>
	<li>
	CVE-2025-29917: Severity HIGH. The bytes setting in the
	decode_base64 keyword is not properly limited. Due to
	this, signatures using the keyword and setting can cause
	large memory allocations of up to 4 GiB per thread.
	</li>
	<li>
	CVE-2025-29918: Severity HIGH. A PCRE rule can be written
	that leads to an infinite loop when negated PCRE is used.
	Packet processing thread becomes stuck in infinite loop
	limiting visibility and availability in inline mode.
	</li>
	</ul>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-29915</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29915</url>
      <cvename>CVE-2025-29916</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29916</url>
      <cvename>CVE-2025-29917</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29917</url>
      <cvename>CVE-2025-29918</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29918</url>
    </references>
    <dates>
      <discovery>2025-03-12</discovery>
      <entry>2025-03-30</entry>
    </dates>
  </vuln>

  <vuln vid="7cb6642c-0c5a-11f0-8688-4ccc6adda413">
    <topic>qt6-webengine -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>qt6-pdf</name>
	<name>qt6-webengine</name>
	<range><lt>6.8.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Qt qtwebengine-chromium repo reports:</p>
	<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based">
	  <p>Backports for 11 security bugs in Chromium:</p>
	  <ul>
	    <li>CVE-2024-11477: 7-Zip Zstd decompression integer underflow</li>
	    <li>CVE-2025-0762: Use after free in DevTools</li>
	    <li>CVE-2025-0996: Inappropriate implementation in Browser UI</li>
	    <li>CVE-2025-0998: Out of bounds memory access in V8</li>
	    <li>CVE-2025-0999: Heap buffer overflow in V8</li>
	    <li>CVE-2025-1006: Use after free in Network</li>
	    <li>CVE-2025-1426: Heap buffer overflow in GPU</li>
	    <li>CVE-2025-1918: Out of bounds read in Pdfium</li>
	    <li>CVE-2025-1919: Out of bounds read in Media</li>
	    <li>CVE-2025-1921: Inappropriate implementation in Media</li>
	    <li>CVE-2025-2036: Use after free in Inspector</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-11477</cvename>
      <cvename>CVE-2025-0762</cvename>
      <cvename>CVE-2025-0996</cvename>
      <cvename>CVE-2025-0998</cvename>
      <cvename>CVE-2025-0999</cvename>
      <cvename>CVE-2025-1006</cvename>
      <cvename>CVE-2025-1426</cvename>
      <cvename>CVE-2025-1918</cvename>
      <cvename>CVE-2025-1919</cvename>
      <cvename>CVE-2025-1921</cvename>
      <cvename>CVE-2025-2036</cvename>
      <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based</url>
    </references>
    <dates>
      <discovery>2025-02-20</discovery>
      <entry>2025-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="01a7e1e1-d249-4dd8-9a4a-ef95b5747afb">
    <topic>electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo</topic>
    <affects>
      <package>
	<name>electron33</name>
	<range><lt>33.4.8</lt></range>
      </package>
      <package>
	<name>electron34</name>
	<range><lt>34.4.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v33.4.8">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-2783.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2783</cvename>
      <url>https://github.com/advisories/GHSA-hfqm-jfc6-rh2f</url>
    </references>
    <dates>
      <discovery>2025-03-27</discovery>
      <entry>2025-03-28</entry>
    </dates>
  </vuln>

  <vuln vid="1daa2814-0a6c-11f0-b4e4-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.10.0</ge><lt>17.10.1</lt></range>
	<range><ge>17.9.0</ge><lt>17.9.3</lt></range>
	<range><ge>12.10.0</ge><lt>17.8.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/">
	  <p>Cross-site Scripting (XSS) through merge-request error messages</p>
	  <p>Cross-site Scripting (XSS) through improper rendering of certain file types</p>
	  <p>Admin Privileges Persists After Role is Revoked</p>
	  <p>External user can access internal projects</p>
	  <p>Prompt injection in Amazon Q integration may allow unauthorized actions</p>
	  <p>Uncontrolled Resource Consumption via a maliciously crafted terraform file in merge request</p>
	  <p>Maintainer can inject shell code in Harbor project name configuration when using helper scripts</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-2255</cvename>
      <cvename>CVE-2025-0811</cvename>
      <cvename>CVE-2025-2242</cvename>
      <cvename>CVE-2024-12619</cvename>
      <cvename>CVE-2024-10307</cvename>
      <cvename>CVE-2024-9773</cvename>
      <url>https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/</url>
    </references>
    <dates>
      <discovery>2025-03-26</discovery>
      <entry>2025-03-26</entry>
    </dates>
  </vuln>

  <vuln vid="964aa5da-f094-47fe-9ebd-2142f9157440">
    <topic>electron{33,34} -- Type Confusion in V8</topic>
    <affects>
      <package>
	<name>electron33</name>
	<range><lt>33.4.6</lt></range>
      </package>
      <package>
	<name>electron34</name>
	<range><lt>34.3.4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v33.4.6">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-1920.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1920</cvename>
      <url>https://github.com/advisories/GHSA-fhwv-7gx3-h767</url>
    </references>
    <dates>
      <discovery>2025-03-20</discovery>
      <entry>2025-03-25</entry>
    </dates>
  </vuln>

  <vuln vid="a58fdfef-07c6-11f0-8688-4ccc6adda413">
    <topic>qt5-webengine -- Use after free in Compositing</topic>
    <affects>
      <package>
	<name>qt5-webengine</name>
	<range><lt>5.15.18p7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Qt qtwebengine-chromium repo reports:</p>
	<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based">
	  <p>Backports for 1 security bug in Chromium:</p>
	  <ul>
	    <li>CVE-2024-12694: Use after free in Compositing</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12694</cvename>
      <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url>
    </references>
    <dates>
      <discovery>2025-02-14</discovery>
      <entry>2025-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="26f6733d-06a9-11f0-ba0b-641c67a117d8">
    <topic>www/varnish7 -- client-side desync vulnerability</topic>
    <affects>
      <package>
	<name>varnish7</name>
	<range><lt>7.6.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Varnish Development Team reports:</p>
	<blockquote cite="https://varnish-cache.org/security/VSV00015.html#vsv00015">
	<p>A client-side desync vulnerability can be triggered in Varnish Cache
	   and Varnish Enterprise. This vulnerability can be triggered under
	   specific circumstances involving malformed HTTP/1 requests.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-30346</cvename>
      <url>https://varnish-cache.org/security/VSV00015.html#vsv00015</url>
    </references>
    <dates>
      <discovery>2024-12-17</discovery>
      <entry>2025-03-22</entry>
    </dates>
  </vuln>

  <vuln vid="9456d4e9-055f-11f0-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>134.0.6998.117</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>134.0.6998.117</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[401029609] Critical CVE-2025-2476: Use after free in Lens. Reported by SungKwon Lee of Enki Whitehat on 2025-03-05</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-2476</cvename>
      <url>https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html</url>
    </references>
    <dates>
      <discovery>2025-03-19</discovery>
      <entry>2025-03-20</entry>
    </dates>
  </vuln>

  <vuln vid="2ac2ddc2-0051-11f0-8673-f02f7432cf97">
  <topic>php -- Multiple vulnerabilities</topic>
  <affects>
    <package>
      <name>php81</name>
      <range>
	<lt>8.1.32</lt>
      </range>
    </package>
    <package>
      <name>php82</name>
      <range>
	<lt>8.2.28</lt>
      </range>
    </package>
    <package>
      <name>php83</name>
      <range>
	<lt>8.3.19</lt>
      </range>
    </package>
    <package>
      <name>php84</name>
      <range>
	<lt>8.4.5</lt>
      </range>
    </package>
  </affects>
  <description>
    <body xmlns="http://www.w3.org/1999/xhtml">
      <p>php.net reports:</p>
      <blockquote cite="https://www.php.net/ChangeLog-8.php">
	<ul>
	  <li>
	    CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free).
	  </li>
	  <li>
	    CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource).
	  </li>
	  <li>
	    CVE-2025-1736: Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header).
	  </li>
	  <li>
	    CVE-2025-1861: Streams: Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes).
	  </li>
	  <li>
	    CVE-2025-1734: Streams: Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon).
	  </li>
	  <li>
	    CVE-2025-1217: Streams: Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers).
	  </li>
	</ul>
      </blockquote>
    </body>
  </description>
  <references>
    <cvename>CVE-2024-11235</cvename>
    <cvename>CVE-2025-1219</cvename>
    <cvename>CVE-2025-1736</cvename>
    <cvename>CVE-2025-1861</cvename>
    <cvename>CVE-2025-1734</cvename>
    <cvename>CVE-2025-1217</cvename>
    <url>https://www.php.net/ChangeLog-8.php</url>
  </references>
  <dates>
    <discovery>2025-03-13</discovery>
    <entry>2025-03-13</entry>
  </dates>
  </vuln>

  <vuln vid="0b43fac4-005d-11f0-a540-6cc21735f730">
    <topic>shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages</topic>
    <affects>
      <package>
	<name>opensaml</name>
	<range><lt>3.3.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Shibboleth Project reports:</p>
	<blockquote cite="https://shibboleth.net/community/advisories/secadv_20250313.txt">
	  <p>
	    An updated version of the OpenSAML C++ library is available
	    which corrects a parameter manipulation vulnerability when using
	    SAML bindings that rely on non-XML signatures. The Shibboleth
	    Service Provider is impacted by this issue, and it manifests as
	    a critical security issue in that context.
	  </p>
	  <p>
	    Parameter manipulation allows the forging of signed SAML messages
	  </p>
	  <p>
	    A number of vulnerabilities in the OpenSAML library used by the
	    Shibboleth Service Provider allowed for creative manipulation of
	    parameters combined with reuse of the contents of older requests
	    to fool the library's signature verification of non-XML based
	    signed messages.
	  </p>
	  <p>
	    Most uses of that feature involve very low or
	    low impact use cases without critical security implications;
	    however, there are two scenarios that are much more critical,
	    one affecting the SP and one affecting some implementers who
	    have implemented their own code on top of our OpenSAML library
	    and done so improperly.
	  </p>
	  <p>
	    The SP's support for the HTTP-POST-SimpleSign SAML binding for
	    Single Sign-On responses is its critical vulnerability, and it
	    is enabled by default (regardless of what one's published SAML
	    metadata may advertise).
	  </p>
	  <p>
	    The other critical case involves a mistake that
	    does *not* impact the Shibboleth SP, allowing SSO to occur over
	    the HTTP-Redirect binding contrary to the plain language of the
	    SAML Browser SSO profile. The SP does not support this, but
	    other implementers may have done so.
	  </p>
	  <p>
	    Prior to updating, it is possible to mitigate the POST-SimpleSign
	    vulnerability by editing the protocols.xml configuration file and
	    removing this line:
	    <code>&lt;Binding id="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
		path="/SAML2/POST-SimpleSign" /&gt;</code>
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://shibboleth.net/community/advisories/secadv_20250313.txt</url>
    </references>
    <dates>
      <discovery>2025-03-13</discovery>
      <entry>2025-03-13</entry>
    </dates>
  </vuln>

  <vuln vid="a435609c-ffd5-11ef-b4e4-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.9.0</ge><lt>17.9.2</lt></range>
	<range><ge>17.8.0</ge><lt>17.8.5</lt></range>
	<range><ge>11.5</ge><lt>17.7.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/">
	  <p>CVE-2025-25291 and CVE-2025-25292 (third party gem ruby-saml)</p>
	  <p>CVE-2025-27407 (third party gem graphql)</p>
	  <p>Denial of Service Due to Inefficient Processing of Untrusted Input</p>
	  <p>Credentials disclosed when repository mirroring fails</p>
	  <p>Denial of Service Vulnerability in GitLab Approval Rules due to Unbounded Field</p>
	  <p>Internal Notes in Merge Requests Are Emailed to Non-Members Upon Review Submission</p>
	  <p>Maintainer can inject shell code in Google integrations</p>
	  <p>Guest with custom Admin group member permissions can approve the users invitation despite user caps</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-25291</cvename>
      <cvename>CVE-2025-25292</cvename>
      <cvename>CVE-2025-27407</cvename>
      <cvename>CVE-2024-13054</cvename>
      <cvename>CVE-2024-12380</cvename>
      <cvename>CVE-2025-1257</cvename>
      <cvename>CVE-2025-0652</cvename>
      <cvename>CVE-2024-8402</cvename>
      <cvename>CVE-2024-7296</cvename>
      <url>https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/</url>
    </references>
    <dates>
      <discovery>2025-03-12</discovery>
      <entry>2025-03-13</entry>
    </dates>
  </vuln>

  <vuln vid="9cf03c96-ffa5-11ef-bb15-002590af0794">
    <topic>vim -- potential data loss with zip.vim and specially crafted zip files</topic>
    <affects>
      <package>
	<name>vim</name>
	<range><lt>9.1.1198</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Vim reports:</p>
	<blockquote cite="https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf">
	  <p>See https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-29768</cvename>
      <url>https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf</url>
    </references>
    <dates>
      <discovery>2025-03-12</discovery>
      <entry>2025-03-12</entry>
    </dates>
  </vuln>

  <vuln vid="a02a6d94-fe53-11ef-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>134.0.6998.88</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>134.0.6998.88</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html">
	 <p>This update includes 5 security fixes:</p>
	 <ul>
	    <li>[398065918] High CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o. on 2025-02-21</li>
	    <li>[400052777] High CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2025-03-02</li>
	    <li>[401059730] High CVE-TBD: Out of bounds write in GPU. Reported on 2025-03-05</li>
	    <li>[395032416] Medium CVE-2025-2136: Use after free in Inspector. Reported by Sakana.S on 2025-02-10</li>
	    <li>[398999390] Medium CVE-2025-2137: Out of bounds read in V8. Reported by zeroxiaobai@ on 2025-02-25</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-1920</cvename>
      <cvename>CVE-2025-2135</cvename>
      <cvename>CVE-2025-2136</cvename>
      <cvename>CVE-2025-2137</cvename>
      <url>https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html</url>
    </references>
    <dates>
      <discovery>2025-03-10</discovery>
      <entry>2025-03-11</entry>
    </dates>
  </vuln>

  <vuln vid="a86f9189-fdd9-11ef-91ff-b42e991fc52e">
    <topic>libreoffice -- Macro URL arbitrary script execution</topic>
    <affects>
      <package>
	<name>libreoffice</name>
	<range><ge>24.8</ge><lt>24.8.5</lt></range>
	<range><ge>25.2</ge><lt>25.2.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@documentfoundation.org reports:</p>
	<blockquote cite="https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080">
	  <p>LibreOffice supports Office URI Schemes to enable browser integration
	of LibreOffice with MS SharePoint server.  An additional scheme
	&apos;vnd.libreoffice.command&apos; specific to LibreOffice was
	added.  In the affected versions of LibreOffice a link in a browser
	using that scheme could be constructed with an embedded inner URL
	that when passed to LibreOffice could call internal macros with
	arbitrary arguments.  This issue affects LibreOffice: from 24.8
	before &lt; 24.8.5, from 25.2 before &lt; 25.2.1.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1080</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1080</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="2ec7816d-fdb7-11ef-91ff-b42e991fc52e">
    <topic>vim -- Improper Input Validation in Vim</topic>
    <affects>
      <package>
	<name>vim</name>
	<range><lt>9.1.1164</lt></range>
      </package>
      <package>
	<name>vim-gtk2</name>
	<range><lt>9.1.1164</lt></range>
      </package>
      <package>
	<name>vim-gtk3</name>
	<range><lt>9.1.1164</lt></range>
      </package>
      <package>
	<name>vim-motif</name>
	<range><lt>9.1.1164</lt></range>
      </package>
      <package>
	<name>vim-tiny</name>
	<range><lt>9.1.1164</lt></range>
      </package>
      <package>
	<name>vim-x11</name>
	<range><lt>9.1.1164</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29">
	  <p>Vim is distributed with the tar.vim plugin, that allows
	  easy editing and viewing of (compressed or uncompressed) tar
	  files.  Starting with 9.1.0858, the tar.vim plugin uses the
	  &quot;:read&quot; ex command line to append below the
	  cursor position, however the is not sanitized and is taken
	  literally from the tar archive.  This allows to execute
	  shellcommands via special crafted tar archives. Whether
	  this really happens, depends on the shell being used
	  (&apos;shell&apos; option, which is set using $SHELL).
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27423</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27423</url>
    </references>
    <dates>
      <discovery>2025-03-03</discovery>
      <entry>2025-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="6ba9e26e-c9c6-49f7-ae43-47e5864f0b66">
    <topic>electron33 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron33</name>
	<range><lt>33.4.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron develpers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v33.4.3">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-0445.</li>
	    <li>Security: backported fix for CVE-2025-0995.</li>
	    <li>Security: backported fix for CVE-2025-0998.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0445</cvename>
      <url>https://github.com/advisories/GHSA-q4fq-38gr-ccp3</url>
      <cvename>CVE-2025-0995</cvename>
      <url>https://github.com/advisories/GHSA-377p-4737-hx6m</url>
      <cvename>CVE-2025-0998</cvename>
      <url>https://github.com/advisories/GHSA-4v9x-qxmv-4h58</url>
    </references>
    <dates>
      <discovery>2025-03-06</discovery>
      <entry>2025-03-08</entry>
    </dates>
  </vuln>

  <vuln vid="6e27040b-61b7-4989-9471-dfb10c3cd76e">
    <topic>electron32 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron32</name>
	<range><lt>32.3.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v32.3.3">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-0445.</li>
	    <li>Security: backported fix for CVE-2025-0998.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0445</cvename>
      <url>https://github.com/advisories/GHSA-q4fq-38gr-ccp3</url>
      <cvename>CVE-2025-0998</cvename>
      <url>https://github.com/advisories/GHSA-4v9x-qxmv-4h58</url>
    </references>
    <dates>
      <discovery>2025-03-03</discovery>
      <entry>2025-03-07</entry>
    </dates>
  </vuln>

  <vuln vid="3299cbfd-fa6e-11ef-929d-b0416f0c4c67">
    <topic>Jinja2 -- Sandbox breakout through attr filter selecting format method</topic>
    <affects>
      <package>
	<name>py38-Jinja2</name>
	<name>py39-Jinja2</name>
	<name>py310-Jinja2</name>
	<name>py311-Jinja2</name>
	<range><lt>3.1.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403">
	  <p>Jinja is an extensible templating engine.  Prior to 3.1.6, an
	oversight in how the Jinja sandboxed environment interacts with the
	|attr filter allows an attacker that controls the content of a
	template to execute arbitrary Python code.  To exploit the
	vulnerability, an attacker needs to control the content of a template.
	Whether that is the case depends on the type of application using
	Jinja.  This vulnerability impacts users of applications which
	execute untrusted templates.  Jinja&apos;s sandbox does catch calls
	to str.format and ensures they don&apos;t escape the sandbox.
	However, it&apos;s possible to use the |attr filter to get a reference
	to a string&apos;s plain format method, bypassing the sandbox.
	After the fix, the |attr filter no longer bypasses the environment&apos;s
	attribute lookup.  This vulnerability is fixed in 3.1.6.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27516</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27516</url>
    </references>
    <dates>
      <discovery>2025-03-05</discovery>
      <entry>2025-03-06</entry>
    </dates>
  </vuln>

  <vuln vid="f4297478-fa62-11ef-b597-001fc69cd6dc">
    <topic>xorg server -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.16,1</lt></range>
      </package>
      <package>
	<name>xorg-nextserver</name>
	<range><lt>21.1.16,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>24.1.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html">
	  <ul>
	    <li>
	      CVE-2025-26594: Use-after-free of the root cursor

	      <p>The root cursor is referenced in the xserver as a global variable. If
	      a client manages to free the root cursor, the internal reference points
	      to freed memory and causes a use-after-free.</p>
	    </li>
	    <li>
	      CVE-2025-26595: Buffer overflow in XkbVModMaskText()

	      <p>The code in XkbVModMaskText() allocates a fixed sized buffer on the
	      stack and copies the names of the virtual modifiers to that buffer.
	      The code however fails to check the bounds of the buffer correctly and
	      would copy the data regardless of the size, which may lead to a buffer
	      overflow.</p>
	    </li>
	    <li>
	      CVE-2025-26596: Heap overflow in XkbWriteKeySyms()

	      <p>The computation of the length in XkbSizeKeySyms() differs from what is
	      actually written in XkbWriteKeySyms(), which may lead to a heap based
	      buffer overflow.</p>
	    </li>
	    <li>
	      CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()

	      <p>If XkbChangeTypesOfKey() is called with 0 group, it will resize the key
	      symbols table to 0 but leave the key actions unchanged.
	      If later, the same function is called with a non-zero value of groups,
	      this will cause a buffer overflow because the key actions are of the wrong
	      size.</p>
	    </li>
	    <li>
	      CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()

	      <p>The function GetBarrierDevice() searches for the pointer device based on
	      its device id and returns the matching value, or supposedly NULL if no
	      match was found.
	      However the code will return the last element of the list if no matching
	      device id was found which can lead to out of bounds memory access.</p>
	    </li>
	    <li>
	      CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()

	      <p>The function compCheckRedirect() may fail if it cannot allocate the backing
	      pixmap. In that case, compRedirectWindow() will return a BadAlloc error
	      without the validation of the window tree marked just before, which leaves
	      the validate data partly initialized, and the use of an uninitialized pointer
	      later.</p>
	    </li>
	    <li>
	      CVE-2025-26600: Use-after-free in PlayReleasedEvents()

	      <p>When a device is removed while still frozen, the events queued for that
	      device remain while the device itself is freed and replaying the events
	      will cause a use after free.</p>
	    </li>
	    <li>
	      CVE-2025-26601: Use-after-free in SyncInitTrigger()

	      <p>When changing an alarm, the values of the change mask are evaluated one
	      after the other, changing the trigger values as requested and eventually,
	      SyncInitTrigger() is called.
	      If one of the changes triggers an error, the function will return early,
	      not adding the new sync object.
	      This can be used to cause a use after free when the alarm eventually
	      triggers.</p>
	    </li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-26594</cvename>
      <cvename>CVE-2025-26595</cvename>
      <cvename>CVE-2025-26596</cvename>
      <cvename>CVE-2025-26597</cvename>
      <cvename>CVE-2025-26598</cvename>
      <cvename>CVE-2025-26599</cvename>
      <cvename>CVE-2025-26600</cvename>
      <cvename>CVE-2025-26601</cvename>
      <url>https://lists.x.org/archives/xorg-announce/2025-February/003584.html</url>
    </references>
    <dates>
      <discovery>2025-02-25</discovery>
      <entry>2025-03-06</entry>
    </dates>
  </vuln>

  <vuln vid="d8bd20ae-fa48-11ef-ab7a-ace2d30de67a">
    <topic>caldera -- Remote Code Execution</topic>
    <affects>
      <package>
	<name>caldera</name>
	<range><lt>5.2.0</lt></range>
      </package>
      <package>
	<name>caldera4</name>
	<range><le>4.2.0</le></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE Caldera contributor report:</p>
	<blockquote cite="https://github.com/mitre/caldera/pull/3129">
	  <p>In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e,
 a Remote Code Execution (RCE) vulnerability was found in the dynamic
 agent (implant) compilation functionality of the server. This allows
 remote attackers to execute arbitrary code on the server that Caldera
 is running on via a crafted web request to the Caldera server API used
 for compiling and downloading of Caldera's Sandcat or Manx agent
 (implants). This web request can use the gcc -extldflags linker flag
 with sub-commands.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27364</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27364</url>
    </references>
    <dates>
      <discovery>2025-02-16</discovery>
      <entry>2025-03-06</entry>
    </dates>
  </vuln>

  <vuln vid="cb98d018-f9f5-11ef-a398-00e081b7aa2d">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.500</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.492.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2025-03-05/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-3495 / CVE-2025-27622</h5>
	  <p>Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission</p>
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-3496 / CVE-2025-27623</h5>
	  <p>Encrypted values of secrets stored in view configuration revealed to users with View/Read permission</p>
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-3498 / CVE-2025-27624</h5>
	  <p>CSRF vulnerability</p>
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-3501 / CVE-2025-27625</h5>
	  <p>Open redirect vulnerability</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27622</cvename>
      <cvename>CVE-2025-27623</cvename>
      <cvename>CVE-2025-27624</cvename>
      <cvename>CVE-2025-27625</cvename>
      <url>https://www.jenkins.io/security/advisory/2025-03-05/</url>
    </references>
    <dates>
      <discovery>2025-03-05</discovery>
      <entry>2025-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="475d1968-f99d-11ef-b382-b0416f0c4c67">
    <topic>Spotipy -- Spotipy&apos;s cache file, containing spotify auth token, is created with overly broad permissions</topic>
    <affects>
      <package>
	<name>py38-spotipy</name>
	<name>py39-spotipy</name>
	<name>py310-spotipy</name>
	<name>py311-spotipy</name>
	<range><lt>2.25.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cache_handler.py#L93-L98">
	  <p>Spotipy is a lightweight Python library for the Spotify Web API.
	The `CacheHandler` class creates a cache file to store the auth
	token.  Prior to version 2.25.1, the file created has `rw-r--r--`
	(644) permissions by default, when it could be locked down to
	`rw-------` (600) permissions.  This leads to overly broad exposure
	of the spotify auth token.  If this token can be read by an attacker
	(another user on the machine, or a process running as another user),
	it can be used to perform administrative actions on the Spotify
	account, depending on the scope granted to the token.  Version
	2.25.1 tightens the cache file permissions.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-27154</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27154</url>
    </references>
    <dates>
      <discovery>2025-02-27</discovery>
      <entry>2025-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="9c62d3f0-f997-11ef-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>134.0.6998.35</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>134.0.6998.35</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html">
	 <p>This update includes 14 security fixes:</p>
	 <ul>
	    <li>[397731718] High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13) on 2025-02-20</li>
	    <li>[391114799] Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Reported by Topi Lassila on 2025-01-20</li>
	    <li>[376493203] Medium CVE-2025-1916: Use after free in Profiles. Reported by parkminchan, SSD Labs Korea on 2024-10-31</li>
	    <li>[329476341] Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Reported by Khalil Zhani on 2024-03-14</li>
	    <li>[388557904] Medium CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine on 2025-01-09</li>
	    <li>[392375312] Medium CVE-2025-1919: Out of bounds read in Media. Reported by @Bl1nnnk and @Pisanbao on 2025-01-26</li>
	    <li>[387583503] Medium CVE-2025-1921: Inappropriate Implementation in Media Stream. Reported by Kaiido on 2025-01-04</li>
	    <li>[384033062] Low CVE-2025-1922: Inappropriate Implementation in Selection. Reported by Alesandro Ortiz on 2024-12-14</li>
	    <li>[382540635] Low CVE-2025-1923: Inappropriate Implementation in Permission Prompts. Reported by Khalil Zhani on 2024-12-06</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-1914</cvename>
      <cvename>CVE-2025-1915</cvename>
      <cvename>CVE-2025-1916</cvename>
      <cvename>CVE-2025-1917</cvename>
      <cvename>CVE-2025-1918</cvename>
      <cvename>CVE-2025-1919</cvename>
      <cvename>CVE-2025-1921</cvename>
      <cvename>CVE-2025-1922</cvename>
      <cvename>CVE-2025-1923</cvename>
      <url>https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2025-03-04</discovery>
      <entry>2025-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="f4f3e001-402b-4d6d-8efa-ab11fcf8de2b">
    <topic>electron{32,33} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron32</name>
	<range><lt>32.3.2</lt></range>
      </package>
      <package>
	<name>electron33</name>
	<range><lt>33.4.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v32.3.2">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-0611.</li>
	    <li>Security: backported fix for CVE-2025-0612.</li>
	    <li>Security: backported fix for CVE-2025-0999.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0611</cvename>
      <url>https://github.com/advisories/GHSA-83vc-v46q-mv3w</url>
      <cvename>CVE-2025-0612</cvename>
      <url>https://github.com/advisories/GHSA-c6xg-jh94-mf2w</url>
      <cvename>CVE-2025-0999</cvename>
      <url>https://github.com/advisories/GHSA-f2jv-hxph-r5wm</url>
    </references>
    <dates>
      <discovery>2025-02-27</discovery>
      <entry>2025-03-04</entry>
    </dates>
  </vuln>

  <vuln vid="6af5e3a3-f85a-11ef-95b9-589cfc10a551">
    <topic>unit -- potential security issue</topic>
    <affects>
      <package>
	<name>unit</name>
	<name>unit-java</name>
	<range><ge>1.11.0</ge><lt>1.34.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html">
	  <p>Unit 1.34.2 fixes two issues in the Java language module websocket code.</p>
	    <ol>
	    <li>It addresses a potential security issue where we could get a negative
	    payload length that could cause the Java language module process(es) to
	    enter an infinite loop and consume excess CPU. This was a bug carried
	    over from the initial Java websocket code import. It has been re-issued
	    a CVE number (CVE-2025-1695).</li>
	    <li>It addresses an issue whereby decoded payload lengths would be limited
	    to 32 bits.</li>
	    </ol>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1695</cvename>
      <url>https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html</url>
    </references>
    <dates>
      <discovery>2025-03-03</discovery>
      <entry>2025-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="398d1ec1-f7e6-11ef-bb15-002590af0794">
    <topic>vim -- Potential code execution</topic>
    <affects>
      <package>
	<name>vim</name>
	<name>vim-gtk2</name>
	<name>vim-gtk3</name>
	<name>vim-motif</name>
	<name>vim-x11</name>
	<name>vim-tiny</name>
	<range><lt>9.1.1164</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>vim reports:</p>
	<blockquote cite="https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3">
	  <h1>Summary</h1>
	  <p>Potential code execution with tar.vim and special crafted tar files</p>
	  <h1>Description</h1>
	  <p>Vim is distributed with the tar.vim plugin, that allows easy
	  editing and viewing of (compressed or uncompressed) tar files.</p>
	  <p>Since commit 129a844 (Nov 11, 2024 runtime(tar): Update tar.vim to
	  support permissions), the tar.vim plugin uses the ":read " ex command
	  line to append below the cursor position, however the is not sanitized
	  and is taken literaly from the tar archive. This allows to execute
	  shell commands via special crafted tar archives. Whether this really
	  happens, depends on the shell being used ('shell' option, which is set
	  using $SHELL).</p>
	  <h1>Impact</h1>
	  <p>Impact is high but a user must be convinced to edit such a file
	  using Vim which will reveal the filename, so a careful user may suspect
	  some strange things going on.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3</url>
    </references>
    <dates>
      <discovery>2025-03-02</discovery>
      <entry>2025-03-02</entry>
    </dates>
  </vuln>

  <vuln vid="8fb9101e-f58a-11ef-b4e4-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.9.0</ge><lt>17.9.1</lt></range>
	<range><ge>17.8.0</ge><lt>17.8.4</lt></range>
	<range><ge>15.10.0</ge><lt>17.7.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/">
	  <p>XSS in k8s proxy endpoint</p>
	  <p>XSS Maven Dependency Proxy</p>
	  <p>HTML injection leads to XSS on self hosted instances</p>
	  <p>Improper Authorisation Check Allows Guest User to Read Security Policy</p>
	  <p>Planner role can read code review analytics in private projects</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0475</cvename>
      <cvename>CVE-2025-0555</cvename>
      <cvename>CVE-2024-8186</cvename>
      <cvename>CVE-2024-10925</cvename>
      <cvename>CVE-2025-0307</cvename>
      <url>https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/</url>
    </references>
    <dates>
      <discovery>2025-02-26</discovery>
      <entry>2025-02-28</entry>
    </dates>
  </vuln>

  <vuln vid="a4cb7f9b-f506-11ef-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>133.0.6943.141</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>133.0.6943.141</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html">
	 <p>This update includes 1 security fix.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html</url>
    </references>
    <dates>
      <discovery>2025-02-25</discovery>
      <entry>2025-02-27</entry>
    </dates>
  </vuln>

  <vuln vid="6ae77556-f31d-11ef-a695-4ccc6adda413">
    <topic>exiv2 -- Use after free in TiffSubIfd</topic>
    <affects>
      <package>
	<name>exiv2</name>
	<range><ge>0.28.0</ge><lt>0.28.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Kevin Backhouse reports:</p>
	<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7">
	  <p>A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4.
	  Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a
	  command-line utility and C++ library for reading, writing, deleting, and
	  modifying the metadata of image files. The heap overflow is triggered when
	  Exiv2 is used to write metadata into a crafted image file. An attacker
	  could potentially exploit the vulnerability to gain code execution, if
	  they can trick the victim into running Exiv2 on a crafted image file.</p>
	  <p>Note that this bug is only triggered when writing the metadata, which
	  is a less frequently used Exiv2 operation than reading the metadata. For
	  example, to trigger the bug in the Exiv2 command-line application, you
	  need to add an extra command-line argument such as fixiso.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-26623</cvename>
      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7</url>
    </references>
    <dates>
      <discovery>2025-02-18</discovery>
      <entry>2025-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="e60e538f-e795-4a00-b475-cc85a7546e00">
    <topic>Emacs -- Arbitrary code execution vulnerability</topic>
    <affects>
      <package>
	<name>emacs</name>
	<name>emacs-canna</name>
	<name>emacs-nox</name>
	<name>emacs-wayland</name>
	<range><lt>30.1,3</lt></range>
      </package>
      <package>
	<name>emacs-devel</name>
	<name>emacs-devel-nox</name>
	<range><lt>30.0.50.20240115,3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	  <h1>Problem Description</h1>
	  <p>A shell injection vulnerability exists in GNU Emacs due to improper
	  handling of custom man URI schemes.</p>
	  <h1>Impact</h1>
	  <p>Initially considered low severity, as it required user interaction with
	  local files, it was later discovered that an attacker could exploit this
	  vulnerability by tricking a user into visiting a specially crafted
	  website or an HTTP URL with a redirect, leading to arbitrary shell
	  command execution without further user action.</p>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1244</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1244</url>
    </references>
    <dates>
      <discovery>2025-02-11</discovery>
      <entry>2025-02-24</entry>
      <modified>2025-02-25</modified>
    </dates>
  </vuln>

  <vuln vid="7ba6c085-1590-491a-98ce-5452646b196f">
    <topic>Emacs -- Shell injection vulnerability</topic>
    <affects>
      <package>
	<name>emacs</name>
	<name>emacs-canna</name>
	<name>emacs-nox</name>
	<name>emacs-wayland</name>
	<range><lt>30.1,3</lt></range>
      </package>
      <package>
	<name>emacs-devel</name>
	<name>emacs-devel-nox</name>
	<range><lt>31.0.50.20250101,3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	  <h1>Problem Description:</h1>
	  <p>An Emacs user who chooses to invoke elisp-completion-at-point (for
	  code completion) on untrusted Emacs Lisp source code can trigger unsafe
	  Lisp macro expansion that allows attackers to execute arbitrary code.
	  This unsafe expansion also occurs if a user chooses to enable on-the-fly
	  diagnosis that byte compiles untrusted Emacs Lisp source code.</p>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-53920</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-53920</url>
    </references>
    <dates>
      <discovery>2024-11-27</discovery>
      <entry>2025-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="07c34df5-f299-11ef-a441-b42e991fc52e">
    <topic>exim -- SQL injection</topic>
    <affects>
      <package>
	<name>exim</name>
	<range><lt>4.98.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://bugzilla.suse.com/show_bug.cgi?id=1237424">
	  <p>Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization
	are used, allows remote SQL injection.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-26794</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-26794</url>
    </references>
    <dates>
      <discovery>2025-02-21</discovery>
      <entry>2025-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="a8f1ee74-f267-11ef-87ba-002590c1f29c">
    <topic>FreeBSD -- Multiple vulnerabilities in OpenSSH</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>14.2</ge><lt>14.2_2</lt></range>
	<range><ge>14.1</ge><lt>14.1_8</lt></range>
	<range><ge>13.4</ge><lt>13.4_4</lt></range>
      </package>
      <package>
	<name>openssh-portable</name>
	<range><lt>9.9.p2_1,1</lt></range>
      </package>
      <package>
	<name>openssh-portable-hpn</name>
	<range><lt>9.9.p2_1,1</lt></range>
      </package>
      <package>
	<name>openssh-portable-gssapi</name>
	<range><lt>9.9.p2_1,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>OpenSSH client host verification error (CVE-2025-26465)</p>
	<p>ssh(1) contains a logic error that allows an on-path attacker to
	impersonate any server during certain conditions when the
	VerifyHostKeyDNS option is enabled.</p>
	<p>OpenSSH server denial of service (CVE-2025-26466)</p>
	<p>The OpenSSH client and server are both vulnerable to a memory/CPU
	denial of service while handling SSH2_MSG_PING packets.</p>
	<h1>Impact:</h1>
	<p>OpenSSH client host verification error (CVE-2025-26465)</p>
	<p>Under specific circumstances, a machine-in-the-middle may impersonate
	any server when the client has the VerifyHostKeyDNS option enabled.</p>
	<p>OpenSSH server denial of service (CVE-2025-26466)</p>
	<p>During the processing of SSH2_MSG_PING packets, a server may be
	subject to a memory/CPU denial of service.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-26465</cvename>
      <cvename>CVE-2025-26466</cvename>
      <freebsdsa>SA-25:05.openssh</freebsdsa>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-26465</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-26466</url>
    </references>
    <dates>
      <discovery>2025-02-21</discovery>
      <entry>2025-02-24</entry>
      <modified>2025-03-08</modified>
    </dates>
  </vuln>

  <vuln vid="2a3be628-ef6e-11ef-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>133.0.6943.126</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>133.0.6943.126</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html">
	 <p>This update includes 3 security fixes:</p>
	 <ul>
	    <li>[394350433] High CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee (@0x10n) on 2025-02-04</li>
	    <li>[383465163] High CVE-2025-1426: Heap buffer overflow in GPU. Reported by un3xploitable and GF on 2024-12-11</li>
	    <li>[390590778] Medium CVE-2025-1006: Use after free in Network. Reported by Tal Keren, Sam Agranat, Eran Rom, Edouard Bochin, Adam Hatsir of Palo Alto Networks on 2025-01-18</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0999</cvename>
      <cvename>CVE-2025-1426</cvename>
      <cvename>CVE-2025-1006</cvename>
      <url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html</url>
    </references>
    <dates>
      <discovery>2025-02-18</discovery>
      <entry>2025-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="f572b9d1-ef6d-11ef-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>133.0.6943.98</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>133.0.6943.98</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html">
	 <p>This update includes 4 security fixes:</p>
	 <ul>
	    <li>[391907159] High CVE-2025-0995: Use after free in V8. Reported by Popax21 on 2025-01-24</li>
	    <li>[391788835] High CVE-2025-0996: Inappropriate implementation in Browser UI. Reported by yuki yamaoto on 2025-01-23</li>
	    <li>[391666328] High CVE-2025-0997: Use after free in Navigation. Reported by asnine on 2025-01-23</li>
	    <li>[386857213] High CVE-2025-0998: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-31</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0995</cvename>
      <cvename>CVE-2025-0996</cvename>
      <cvename>CVE-2025-0997</cvename>
      <cvename>CVE-2025-0998</cvename>
      <url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html</url>
    </references>
    <dates>
      <discovery>2025-02-12</discovery>
      <entry>2025-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="b09d0b3b-ef6d-11ef-85f3-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>133.0.6943.53</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>133.0.6943.53</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html">
	 <p>This update includes 12 security fixes:</p>
	 <ul>
	    <li>[390889644] High CVE-2025-0444: Use after free in Skia. Reported by Francisco Alonso (@revskills) on 2025-01-19</li>
	    <li>[392521083] High CVE-2025-0445: Use after free in V8. Reported by 303f06e3 on 2025-01-27</li>
	    <li>[40061026] Medium CVE-2025-0451: Inappropriate implementation in Extensions API. Reported by Vitor Torres and Alesandro Ortiz on 2022-09-18</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0444</cvename>
      <cvename>CVE-2025-0445</cvename>
      <cvename>CVE-2025-0451</cvename>
      <url>https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2025-02-04</discovery>
      <entry>2025-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="cbf5d976-656b-4bb6-805f-3af038e2de3e">
    <topic>vscode -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>vscode</name>
	<range><lt>1.97.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>VSCode developers report:</p>
	<blockquote cite="https://github.com/microsoft/vscode/releases/tag/1.97.1">
	  <p>The update addresses these issues, including a fix for a security vulnerability.</p>
	  <ul>
	    <li>Scope node_module binary resolution in js-debug</li>
	    <li>Elevation of Privilege Vulnerability with VS Code server for web UI</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-24042</cvename>
      <url>https://github.com/microsoft/vscode/security/advisories/GHSA-f85p-3684-2g3j</url>
      <cvename>CVE-2025-24039</cvename>
      <url>https://github.com/microsoft/vscode/security/advisories/GHSA-532g-4pv9-25f2</url>
    </references>
    <dates>
      <discovery>2025-02-11</discovery>
      <entry>2025-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="e915b60e-ea25-11ef-a1c0-0050569f0b83">
    <topic>security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response</topic>
    <affects>
      <package>
	<name>openvpn-auth-ldap</name>
	<range><lt>2.0.4_3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Graham Northup reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2024-28820">
	  <p>A buffer overflow in extract_openvpn_cr allows attackers with a valid
	     LDAP username and who can control the challenge/response password field
	     to pass a string with more than 14 colons into this field and cause a
	     buffer overflow.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-28820</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-28820</url>
    </references>
    <dates>
      <discovery>2024-06-27</discovery>
      <entry>2025-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="fadf3b41-ea19-11ef-a540-6cc21735f730">
    <topic>PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation</topic>
    <affects>
      <package>
	<name>postgresql17-client</name>
	<range><lt>17.3</lt></range>
      </package>
      <package>
	<name>postgresql16-client</name>
	<range><lt>16.7</lt></range>
      </package>
      <package>
	<name>postgresql15-client</name>
	<range><lt>15.11</lt></range>
      </package>
      <package>
	<name>postgresql14-client</name>
	<range><lt>14.16</lt></range>
      </package>
      <package>
	<name>postgresql13-client</name>
	<range><lt>13.19</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2025-1094/">
	<p>
	  Improper neutralization of quoting syntax in PostgreSQL
	  libpq functions PQescapeLiteral(), PQescapeIdentifier(),
	  PQescapeString(), and PQescapeStringConn() allows a
	  database input provider to achieve SQL injection in
	  certain usage patterns. Specifically, SQL injection
	  requires the application to use the function result to
	  construct input to psql, the PostgreSQL interactive
	  terminal. Similarly, improper neutralization of quoting
	  syntax in PostgreSQL command line utility programs
	  allows a source of command line arguments to achieve SQL
	  injection when client_encoding is BIG5 and
	  server_encoding is one of EUC_TW or MULE_INTERNAL.
	  Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and
	  13.19 are affected.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1094</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2025-1094/</url>
    </references>
    <dates>
      <discovery>2025-02-13</discovery>
      <entry>2025-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="1a8c5720-e9cf-11ef-9e96-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.8.0</ge><lt>17.8.2</lt></range>
	<range><ge>17.7.0</ge><lt>17.7.4</lt></range>
	<range><ge>8.3.0</ge><lt>17.6.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/">
	  <p>A CSP-bypass XSS in merge-request page</p>
	  <p>Denial of Service due to Unbounded Symbol Creation</p>
	  <p>Exfiltrate content from private issues using Prompt Injection</p>
	  <p>A custom permission may allow overriding Repository settings</p>
	  <p>Internal HTTP header leak via route confusion in workhorse</p>
	  <p>SSRF via workspaces</p>
	  <p>Unauthorized Incident Closure and Deletion by Planner Role in GitLab</p>
	  <p>ActionCable does not invalidate tokens after revocation</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0376</cvename>
      <cvename>CVE-2024-12379</cvename>
      <cvename>CVE-2024-3303</cvename>
      <cvename>CVE-2025-1042</cvename>
      <cvename>CVE-2025-1212</cvename>
      <cvename>CVE-2024-9870</cvename>
      <cvename>CVE-2025-0516</cvename>
      <cvename>CVE-2025-1198</cvename>
      <url>https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/</url>
    </references>
    <dates>
      <discovery>2025-02-12</discovery>
      <entry>2025-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="d598266d-7772-4a31-9594-83b76b1fb837">
    <topic>Intel CPUs -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>cpu-microcode-intel</name>
	<range><lt>20250211</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Intel reports:</p>
	<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html">
	 <p>
	  A potential security vulnerability in some Intel Processors may allow
	  denial of service.  Intel released microcode updates to mitigate this
	  potential vulnerability.
	 </p>
	</blockquote>
	<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html">
	 <p>
	  A potential security vulnerability in some Intel Software Guard
	  Extensions (Intel SGX) Platforms may allow denial of service.  Intel
	  is released microcode updates to mitigate this potential
	  vulnerability.
	 </p>
	</blockquote>
	<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html">
	 <p>
	  Potential security vulnerabilities in the UEFI firmware for some Intel
	  Processors may allow escalation of privilege, denial of service, or
	  information disclosure. Intel released UEFI firmware and CPU microcode
	  updates to mitigate these potential vulnerabilities.
	 </p>
	</blockquote>
	<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html">
	 <p>
	  A potential security vulnerability in some 13th and 14th Generation
	  Intel Core™ Processors may allow denial of service.  Intel released
	  microcode and UEFI reference code updates to mitigate this potential
	  vulnerability.
	 </p>
	</blockquote>
	<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html">
	 <p>
	  A potential security vulnerability in the Intel Data Streaming
	  Accelerator (Intel DSA) for some Intel Xeon Processors may allow
	  denial of service.  Intel released software updates to mitigate this
	  potential vulnerability.
	 </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-31068</cvename>
      <cvename>CVE-2024-36293</cvename>
      <cvename>CVE-2023-43758</cvename>
      <cvename>CVE-2024-39355</cvename>
      <cvename>CVE-2024-37020</cvename>
      <url>https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211</url>
    </references>
    <dates>
      <discovery>2025-02-11</discovery>
      <entry>2025-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="a64761a1-e895-11ef-873e-8447094a420f">
    <topic>OpenSSL -- Man-in-the-Middle vulnerability</topic>
    <affects>
      <package>
	<name>openssl32</name>
	<range><lt>3.2.4</lt></range>
      </package>
      <package>
	<name>openssl33</name>
	<range><lt>3.3.2</lt></range>
      </package>
      <package>
	<name>openssl34</name>
	<range><lt>3.4.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://openssl-library.org/news/secadv/20250211.txt">
	  <p>RFC7250 handshakes with unauthenticated servers don't abort as expected (High).
	    Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12797</cvename>
      <url>https://openssl-library.org/news/secadv/20250211.txt</url>
    </references>
    <dates>
      <discovery>2025-02-11</discovery>
      <entry>2025-02-11</entry>
    </dates>
  </vuln>

  <vuln vid="20485d27-e540-11ef-a845-b42e991fc52e">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>135.0.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>128.7,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.7</lt></range>
	<range><gt>129</gt><lt>135</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471">
	<p>A bug in WebAssembly code generation could have lead to a crash.
	It may have been possible for an attacker to leverage this to achieve
	code execution.</p>
	<p>A race condition could have led to private browsing tabs being
	opened in normal browsing windows.  This could have resulted in a
	potential privacy leak.</p>
	<p>Certificate length was not properly checked when added to a certificate
	store.  In practice only trusted data was processed.</p>
	<p>Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox
	ESR 128.6, and Thunderbird 128.6.  Some of these bugs showed evidence
	of memory corruption and we presume that with enough effort some
	of these could have been exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1011</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1011</url>
      <cvename>CVE-2025-1013</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1013</url>
      <cvename>CVE-2025-1014</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1014</url>
      <cvename>CVE-2025-1017</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1017</url>
    </references>
    <dates>
      <discovery>2025-02-04</discovery>
      <entry>2025-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="f7ca4ff7-e53f-11ef-a845-b42e991fc52e">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mozilla</name>
	<range><lt>135.0.0,2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169">
	  <p>Memory safety bugs present in Firefox 134 and Thunderbird 134.  Some
	of these bugs showed evidence of memory corruption and we presume
	that with enough effort some of these could have been exploited to
	run arbitrary code.</p>
	  <p>The fullscreen notification is prematurely hidden when fullscreen
	is re-requested quickly by the user.  This could have been leveraged
	to perform a potential spoofing attack.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1018</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1018</url>
      <cvename>CVE-2025-1019</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1019</url>
      <cvename>CVE-2025-1020</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1020</url>
    </references>
    <dates>
      <discovery>2025-02-04</discovery>
      <entry>2025-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="e54a1413-e539-11ef-a845-b42e991fc52e">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>135.0.0,2</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>115.20,1</lt></range>
	<range><gt>116.0,1</gt><lt>128.6,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>128.7</lt></range>
	<range><gt>129</gt><lt>135</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994">
	<p>An attacker could have caused a use-after-free via crafted XSLT
	data, leading to a potentially exploitable crash.</p>
	<p>An attacker could have caused a use-after-free via the Custom
	Highlight API, leading to a potentially exploitable crash.</p>
	<p>A race during concurrent delazification could have led to a
	use-after-free.</p>
	<p>Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox
	ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird
	128.6.  Some of these bugs showed evidence of memory corruption and
	we presume that with enough effort some of these could have been
	exploited to run arbitrary code.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1009</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1009</url>
      <cvename>CVE-2025-1010</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1010</url>
      <cvename>CVE-2025-1012</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1012</url>
      <cvename>CVE-2025-1016</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1016</url>
    </references>
    <dates>
      <discovery>2025-02-04</discovery>
      <entry>2025-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="830381c7-e539-11ef-a845-b42e991fc52e">
    <topic>Thundirbird -- unprivileged JavaScript code execution</topic>
    <affects>
      <package>
	<name>mozilla</name>
	<range><lt>128.7,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@mozilla.org reports:</p>
	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1939458">
	  <p>The Thunderbird Address Book URI fields contained unsanitized links.
	This could be used by an attacker to create and export an address
	book containing a malicious payload in a field.  For example, in
	the Other field of the Instant Messaging section.  If another user
	imported the address book, clicking on the link could result in
	opening a web page inside Thunderbird, and that page could execute
	(unprivileged) JavaScript.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-1015</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1015</url>
    </references>
    <dates>
      <discovery>2025-02-04</discovery>
      <entry>2025-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="7bcfca95-e563-11ef-873e-8447094a420f">
    <topic>MariaDB -- DoS vulnerability in InnoDB</topic>
    <affects>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.28</lt></range>
      </package>
      <package>
	<name>mariadb106-server</name>
	<range><lt>10.6.21</lt></range>
      </package>
      <package>
	<name>mariadb1011-server</name>
	<range><lt>10.11.11</lt></range>
      </package>
      <package>
	<name>mariadb114-server</name>
	<range><lt>11.4.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>MariaDB reports:</p>
	<blockquote cite="https://mariadb.com/kb/en/security/">
	  <p>Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-21490</cvename>
      <url>http://mariadb.com/kb/en/security/</url>
    </references>
    <dates>
      <discovery>2025-02-04</discovery>
      <entry>2025-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="c10b639c-e51c-11ef-9e76-4ccc6adda413">
    <topic>libcaca -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libcaca</name>
	<range><lt>0.99.b20</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Sam Hocevar reports:</p>
	<blockquote cite="https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20">
	  <p>Multiple memory leaks and invalid memory accesses:</p>
	  <ul>
	    <li>CVE-2018-20545: Illegal WRITE memory access at common-image.c</li>
	    <li>CVE-2018-20546: Illegal READ memory access at caca/dither.c</li>
	    <li>CVE-2018-20547: Illegal READ memory access at caca/dither.c</li>
	    <li>CVE-2018-20548: Illegal WRITE memory access at common-image.c</li>
	    <li>CVE-2018-20549: Illegal WRITE memory access at caca/file.c</li>
	    <li>CVE-2021-3410:  Buffer overflow in libcaca/caca/canvas.c in function caca_resize</li>
	    <li>CVE-2021-30498: Heap buffer overflow in export.c in function export_tga</li>
	    <li>CVE-2021-30499: Buffer overflow in export.c in function export_troff</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2018-20545</cvename>
      <cvename>CVE-2018-20546</cvename>
      <cvename>CVE-2018-20547</cvename>
      <cvename>CVE-2018-20548</cvename>
      <cvename>CVE-2018-20549</cvename>
      <cvename>CVE-2021-3410</cvename>
      <cvename>CVE-2021-30498</cvename>
      <cvename>CVE-2021-30499</cvename>
      <url>https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20</url>
    </references>
    <dates>
      <discovery>2021-10-19</discovery>
      <entry>2025-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="e7974ca5-e4c8-11ef-aab3-40b034429ecf">
    <topic>cacti -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>cacti</name>
	<range><lt>1.2.29</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cacti repo reports:</p>
	<blockquote cite="https://github.com/Cacti/cacti/releases/tag/release%2F1.2.29">
	  <ul>
	    <li>security #GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses</li>
	    <li>security #GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API</li>
	    <li>security #GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices</li>
	    <li>security #GHSA-fxrq-fr7h-9rqq: Arbitrary File Creation leading to RCE</li>
	    <li>security #GHSA-pv2c-97pp-vxwg: Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path</li>
	    <li>security #GHSA-vj9g-p7f2-4wqj: SQL Injection vulnerability when view host template</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-22604</cvename>
      <cvename>CVE-2025-24368</cvename>
      <cvename>CVE-2024-54145</cvename>
      <cvename>CVE-2025-24367</cvename>
      <cvename>CVE-2024-45598</cvename>
      <cvename>CVE-2024-54146</cvename>
    </references>
    <dates>
      <discovery>2025-02-02</discovery>
      <entry>2025-02-05</entry>
    </dates>
  </vuln>

  <vuln vid="9761af78-e3e4-11ef-9f4a-589cfc10a551">
    <topic>nginx-devel -- SSL session reuse vulnerability</topic>
    <affects>
      <package>
	<name>nginx-devel</name>
	<range><lt>1.27.4</lt></range>
      </package>
      <package>
	<name>nginx</name>
	<range><lt>1.26.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The nginx development team reports:</p>
	<blockquote cite="http://nginx.org/en/security_advisories.html">
	  <p>This update fixes the SSL session reuse vulnerability.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-23419</cvename>
    </references>
    <dates>
      <discovery>2025-02-05</discovery>
      <entry>2025-02-05</entry>
    </dates>
  </vuln>

  <vuln vid="72b8729e-e134-11ef-9e76-4ccc6adda413">
    <topic>qt6-webengine -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>qt6-webengine</name>
	<range><lt>6.8.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Qt qtwebengine-chromium repo reports:</p>
	<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based">
	  <p>Backports for 9 security bugs in Chromium:</p>
	  <ul>
	    <li>CVE-2024-12693: Out of bounds memory access in V8</li>
	    <li>CVE-2024-12694: Use after free in Compositing</li>
	    <li>CVE-2025-0436: Integer overflow in Skia</li>
	    <li>CVE-2025-0437: Out of bounds read in Metrics</li>
	    <li>CVE-2025-0438: Stack buffer overflow in Tracing</li>
	    <li>CVE-2025-0441: Inappropriate implementation in Fenced Frames</li>
	    <li>CVE-2025-0443: Insufficient data validation in Extensions</li>
	    <li>CVE-2025-0447: Inappropriate implementation in Navigation</li>
	    <li>CVE-2025-0611: Object corruption in V8</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12693</cvename>
      <cvename>CVE-2024-12694</cvename>
      <cvename>CVE-2025-0436</cvename>
      <cvename>CVE-2025-0437</cvename>
      <cvename>CVE-2025-0438</cvename>
      <cvename>CVE-2025-0441</cvename>
      <cvename>CVE-2025-0443</cvename>
      <cvename>CVE-2025-0447</cvename>
      <cvename>CVE-2025-0611</cvename>
      <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based</url>
    </references>
    <dates>
      <discovery>2025-01-09</discovery>
      <entry>2025-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="186101b4-dfa6-11ef-8c1c-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>132.0.6834.159</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>132.0.6834.159</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[384844003] Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0762</cvename>
      <url>https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html</url>
    </references>
    <dates>
      <discovery>2025-01-18</discovery>
      <entry>2025-01-31</entry>
    </dates>
  </vuln>

  <vuln vid="cd2ace09-df23-11ef-a205-901b0e9408dc">
    <topic>dendrite -- Server-side request forgery vulnerability</topic>
    <affects>
      <package>
	<name>dendrite</name>
	<range><lt>0.14.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dendrite team reports:</p>
	<blockquote cite="https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822">
	  <p>This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-52594</cvename>
      <url>https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822</url>
    </references>
    <dates>
      <discovery>2025-01-16</discovery>
      <entry>2025-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="2830b374-debd-11ef-87ba-002590c1f29c">
    <topic>FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>14.2</ge><lt>14.2_1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>In some cases, the ktrace facility will log the contents of
	kernel structures to userspace.  In one such case, ktrace dumps a
	variable-sized sockaddr to userspace.  There, the full sockaddr is
	copied, even when it is shorter than the full size.  This can result
	in up to 14 uninitialized bytes of kernel memory being copied out
	to userspace.</p>
	<h1>Impact:</h1>
	<p>It is possible for an unprivileged userspace program to leak
	14 bytes of a kernel heap allocation to userspace.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0662</cvename>
      <freebsdsa>SA-25:04.ktrace</freebsdsa>
    </references>
    <dates>
      <discovery>2025-01-29</discovery>
      <entry>2025-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="fa9ae646-debc-11ef-87ba-002590c1f29c">
    <topic>FreeBSD -- Unprivileged access to system files</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>14.2</ge><lt>14.2_1</lt></range>
	<range><ge>14.1</ge><lt>14.1_7</lt></range>
	<range><ge>13.4</ge><lt>13.4_3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>When etcupdate encounters conflicts while merging files, it
	saves a version containing conflict markers in /var/db/etcupdate/conflicts.
	This version does not preserve the mode of the input file, and is
	world-readable.  This applies to files that would normally have
	restricted visibility, such as /etc/master.passwd.</p>
	<h1>Impact:</h1>
	<p>An unprivileged local user may be able to read encrypted root
	and user passwords from the temporary master.passwd file created
	in /var/db/etcupdate/conflicts.  This is possible only when conflicts
	within the password file arise during an update, and the unprotected
	file is deleted when conflicts are resolved.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0374</cvename>
      <freebsdsa>SA-25:03.etcupdate</freebsdsa>
    </references>
    <dates>
      <discovery>2025-01-29</discovery>
      <entry>2025-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="ab0cbe3f-debc-11ef-87ba-002590c1f29c">
    <topic>FreeBSD -- Buffer overflow in some filesystems via NFS</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>14.2</ge><lt>14.2_1</lt></range>
	<range><ge>14.1</ge><lt>14.1_7</lt></range>
	<range><ge>13.4</ge><lt>13.4_3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>In order to export a file system via NFS, the file system must
	define a file system identifier (FID) for all exported files.  Each
	FreeBSD file system implements operations to translate between FIDs
	and vnodes, the kernel's in-memory representation of files.  These
	operations are VOP_VPTOFH(9) and VFS_FHTOVP(9).</p>
	<p>On 64-bit systems, the implementation of VOP_VPTOFH() in the
	cd9660, tarfs and ext2fs filesystems overflows the destination FID
	buffer by 4 bytes, a stack buffer overflow.</p>
	<h1>Impact:</h1>
	<p>A NFS server that exports a cd9660, tarfs, or ext2fs file system
	can be made to panic by mounting and accessing the export with an
	NFS client.  Further exploitation (e.g., bypassing file permission
	checking or remote kernel code execution) is potentially possible,
	though this has not been demonstrated.  In particular, release
	kernels are compiled with stack protection enabled, and some instances
	of the overflow are caught by this mechanism, causing a panic.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0373</cvename>
      <freebsdsa>SA-25:02.fs</freebsdsa>
    </references>
    <dates>
      <discovery>2025-01-29</discovery>
      <entry>2025-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="69e19c0b-debc-11ef-87ba-002590c1f29c">
    <topic>FreeBSD -- OpenSSH Keystroke Obfuscation Bypass</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>14.1</ge><lt>14.1_7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>A logic error in the ssh(1) ObscureKeystrokeTiming feature (on
	by default) rendered this feature ineffective.</p>
	<h1>Impact:</h1>
	<p>A passive observer could detect which network packets contain
	real keystrokes, and infer the specific characters being transmitted
	from packet timing.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2024-39894</cvename>
      <freebsdsa>SA-25:01.openssh</freebsdsa>
    </references>
    <dates>
      <discovery>2025-01-29</discovery>
      <entry>2025-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="258a58a9-6583-4808-986b-e785c27b0a18">
    <topic>oauth2-proxy -- Non-linear parsing of case-insensitive content</topic>
    <affects>
      <package>
	<name>oauth2-proxy</name>
	<range><lt>7.8.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Golang reports:</p>
	<blockquote cite="https://github.com/advisories/GHSA-w32m-9786-jp63">
	  <p>This update include security fixes:</p>
	  <ul>
	    <li>CVE-2024-45338: Non-linear parsing of case-insensitive content</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2024-45338</cvename>
    </references>
    <dates>
      <discovery>2025-01-14</discovery>
      <entry>2025-01-30</entry>
     </dates>
  </vuln>

  <vuln vid="41711c0d-db27-11ef-873e-8447094a420f">
    <topic>Vaultwarden -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>vaultwarden</name>
	<range><lt>1.33.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Vaultwarden project reports:</p>
	<blockquote cite="https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0">
	  <p>RCE in the admin panel.</p>
	  <p>Getting access to the Admin Panel via CSRF.</p>
	  <p>Escalation of privilege via variable confusion in OrgHeaders trait.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-24364</cvename>
      <url>https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797</url>
      <cvename>CVE-2025-24365</cvename>
      <url>https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h6cc-rc6q-23j4</url>
    </references>
    <dates>
      <discovery>2025-01-25</discovery>
      <entry>2025-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="c53cd328-8131-4fc2-a083-a9e9d45e3028">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>132.0.6834.110</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>132.0.6834.110</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html">
	 <p>This update includes 3 security fixes:</p>
	 <ul>
	    <li>[386143468] High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26</li>
	    <li>[385155406] High CVE-2025-0612: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-20</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0611</cvename>
      <cvename>CVE-2025-0612</cvename>
      <url>https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html</url>
    </references>
    <dates>
      <discovery>2025-01-22</discovery>
      <entry>2025-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="756839e1-cd78-4082-9f9e-d0da616ca8dd">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>132.0.6834.83</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>132.0.6834.83</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html">
	 <p>This update includes 16 security fixes:</p>
	 <ul>
	    <li>[374627491] High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21</li>
	    <li>[379652406] High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18</li>
	    <li>[382786791] High CVE-2025-0436: Integer overflow in Skia. Reported by Han Zheng (HexHive) on 2024-12-08</li>
	    <li>[378623799] High CVE-2025-0437: Out of bounds read in Metrics. Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-11-12</li>
	    <li>[384186539] High CVE-2025-0438: Stack buffer overflow in Tracing. Reported by Han Zheng (HexHive) on 2024-12-15</li>
	    <li>[371247941] Medium CVE-2025-0439: Race in Frames. Reported by Hafiizh on 2024-10-03</li>
	    <li>[40067914] Medium CVE-2025-0440: Inappropriate implementation in Fullscreen. Reported by Umar Farooq on 2023-07-22</li>
	    <li>[368628042] Medium CVE-2025-0441: Inappropriate implementation in Fenced Frames. Reported by someoneverycurious on 2024-09-21</li>
	    <li>[40940854] Medium CVE-2025-0442: Inappropriate implementation in Payments. Reported by Ahmed ElMasry on 2023-11-08</li>
	    <li>[376625003] Medium CVE-2025-0443: Insufficient data validation in Extensions. Reported by Anonymous on 2024-10-31</li>
	    <li>[359949844] Low CVE-2025-0446: Inappropriate implementation in Extensions. Reported by Hafiizh on 2024-08-15</li>
	    <li>[375550814] Low CVE-2025-0447: Inappropriate implementation in Navigation. Reported by Khiem Tran (@duckhiem) on 2024-10-25</li>
	    <li>[377948403] Low CVE-2025-0448: Inappropriate implementation in Compositing. Reported by Dahyeon Park on 2024-11-08</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2025-0434</cvename>
      <cvename>CVE-2025-0435</cvename>
      <cvename>CVE-2025-0436</cvename>
      <cvename>CVE-2025-0437</cvename>
      <cvename>CVE-2025-0438</cvename>
      <cvename>CVE-2025-0439</cvename>
      <cvename>CVE-2025-0440</cvename>
      <cvename>CVE-2025-0441</cvename>
      <cvename>CVE-2025-0442</cvename>
      <cvename>CVE-2025-0443</cvename>
      <cvename>CVE-2025-0446</cvename>
      <cvename>CVE-2025-0447</cvename>
      <cvename>CVE-2025-0448</cvename>
      <url>https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2025-01-14</discovery>
      <entry>2025-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="ef303b6a-7d9e-4e28-b92e-21f39d519d9e">
    <topic>electron32 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron32</name>
	<range><lt>32.3.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v32.3.0">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2024-12693.</li>
	    <li>Security: backported fix for CVE-2024-12694.</li>
	    <li>Security: backported fix for CVE-2024-12695.</li>
	    <li>Security: backported fix for CVE-2025-0434.</li>
	    <li>Security: backported fix for CVE-2025-0436.</li>
	    <li>Security: backported fix for CVE-2025-0437.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12693</cvename>
      <url>https://github.com/advisories/GHSA-m84q-p89f-6cc5</url>
      <cvename>CVE-2024-12694</cvename>
      <url>https://github.com/advisories/GHSA-cgc6-4xgf-5q5x</url>
      <cvename>CVE-2024-12695</cvename>
      <url>https://github.com/advisories/GHSA-6895-2frg-pq5j</url>
      <cvename>CVE-2025-0434</cvename>
      <url>https://github.com/advisories/GHSA-fpmx-pfpg-92xg</url>
      <cvename>CVE-2025-0436</cvename>
      <url>https://github.com/advisories/GHSA-ww3g-8h77-wr7v</url>
      <cvename>CVE-2025-0437</cvename>
      <url>https://github.com/advisories/GHSA-4353-vp82-4qq4</url>
    </references>
    <dates>
      <discovery>2025-01-23</discovery>
      <entry>2025-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="2def27c7-7dd0-42cb-adf6-8e5a7afe4db3">
    <topic>electron33 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron33</name>
	<range><lt>33.3.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v33.3.2">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2025-0434.</li>
	    <li>Security: backported fix for CVE-2025-0436.</li>
	    <li>Security: backported fix for CVE-2025-0437.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0434</cvename>
      <url>https://github.com/advisories/GHSA-fpmx-pfpg-92xg</url>
      <cvename>CVE-2025-0436</cvename>
      <url>https://github.com/advisories/GHSA-ww3g-8h77-wr7v</url>
      <cvename>CVE-2025-0437</cvename>
      <url>https://github.com/advisories/GHSA-4353-vp82-4qq4</url>
    </references>
    <dates>
      <discovery>2025-01-22</discovery>
      <entry>2025-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="24c93a28-d95b-11ef-b6b2-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.8.0</ge><lt>17.8.1</lt></range>
	<range><ge>17.7.0</ge><lt>17.7.3</lt></range>
	<range><ge>15.7.0</ge><lt>17.6.4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/">
	  <p>Stored XSS via Asciidoctor render</p>
	  <p>Developer could exfiltrate protected CI/CD variables via CI lint</p>
	  <p>Cyclic reference of epics leads resource exhaustion</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0314</cvename>
      <cvename>CVE-2024-11931</cvename>
      <cvename>CVE-2024-6324</cvename>
      <url>https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/</url>
    </references>
    <dates>
      <discovery>2025-01-22</discovery>
      <entry>2025-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="1e109b60-d92e-11ef-a661-08002784c58d">
    <topic>clamav -- Possbile denial-of-service vulnerability</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><ge>1.0.0,1</ge><lt>1.4.2,1</lt></range>
      </package>
      <package>
	<name>clamav-lts</name>
	<range><ge>1.0.0,1</ge><lt>1.0.8,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The ClamAV project reports:</p>
	<blockquote cite="https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html">
	  <p>
	    A possible buffer overflow read bug is found in the OLE2
	    file parser that could cause a denial-of-service (DoS)
	    condition.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-20128</cvename>
      <url>https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html</url>
    </references>
    <dates>
      <discovery>2025-01-22</discovery>
      <entry>2025-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="7d17676d-4828-4a43-85d6-1ee14362de6e">
    <topic>electron32 -- Type Confusion in V8</topic>
    <affects>
      <package>
	<name>electron32</name>
	<range><lt>32.2.8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v32.2.8">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2024-12053.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12053</cvename>
      <url>https://github.com/advisories/GHSA-wvx7-72hc-rp32</url>
    </references>
    <dates>
      <discovery>2025-01-06</discovery>
      <entry>2025-01-22</entry>
    </dates>
  </vuln>

  <vuln vid="704aa72a-d840-11ef-a205-901b0e9408dc">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go122</name>
	<range><lt>1.22.11</lt></range>
      </package>
      <package>
	<name>go123</name>
	<range><lt>1.23.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/71156">
	  <p>crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints</p>
	  <p>A certificate with a URI which has a IPv6 address with a
	  zone ID may incorrectly satisfy a URI name constraint that
	  applies to the certificate chain.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/70530">
	  <p>net/http: sensitive headers incorrectly sent after cross-domain redirect</p>
	  <p>The HTTP client drops sensitive headers after following a
	  cross-domain redirect.  For example, a request to a.com/
	  containing an Authorization header which is redirected to
	  b.com/ will not send that header to b.com.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-45341</cvename>
      <cvename>CVE-2024-45336</cvename>
      <url>https://go.dev/issue/71156</url>
      <url>https://go.dev/issue/70530</url>
    </references>
    <dates>
      <discovery>2025-01-07</discovery>
      <entry>2025-01-21</entry>
    </dates>
  </vuln>

  <vuln vid="3161429b-3897-4593-84a0-b41ffbbfa36b">
    <topic>electron31 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron31</name>
	<range><lt>31.7.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v31.7.7">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2024-12053.</li>
	    <li>Security: backported fix for CVE-2024-12693.</li>
	    <li>Security: backported fix for CVE-2024-12694.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12053</cvename>
      <url>https://github.com/advisories/GHSA-wvx7-72hc-rp32</url>
      <cvename>CVE-2024-12693</cvename>
      <url>https://github.com/advisories/GHSA-m84q-p89f-6cc5</url>
      <cvename>CVE-2024-12694</cvename>
      <url>https://github.com/advisories/GHSA-cgc6-4xgf-5q5x</url>
    </references>
    <dates>
      <discovery>2025-01-14</discovery>
      <entry>2025-01-20</entry>
    </dates>
  </vuln>

  <vuln vid="d9b0fea0-d564-11ef-b9bc-d05099c0ae8c">
    <topic>age -- age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution</topic>
    <affects>
      <package>
	<name>age</name>
	<range><lt>1.2.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Filippo Valsorda reports:</p>
	<blockquote cite="https://github.com/advisories/GHSA-32gq-x56h-299c">
	  <p>A plugin name containing a path separator may allow an
	    attacker to execute an arbitrary binary.</p>
	  <p>Such a plugin name can be provided to the age CLI through
	    an attacker-controlled recipient or identity string, or to
	    the plugin.NewIdentity, plugin.NewIdentityWithoutData, or
	    plugin.NewRecipient APIs.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://github.com/advisories/GHSA-32gq-x56h-299c</url>
    </references>
    <dates>
      <discovery>2024-12-18</discovery>
      <entry>2025-01-18</entry>
    </dates>
  </vuln>

  <vuln vid="47bc292a-d472-11ef-aaab-7d43732cb6f5">
    <topic>openvpn -- too long a username or password from a client can confuse openvpn servers</topic>
    <affects>
      <package>
	<name>openvpn</name>
	<range><lt>2.6.13</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Frank Lichtenheld reports:</p>
	<blockquote cite="https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13">
	  <p>[OpenVPN v2.6.13 ...] improve server-side handling of clients sending
	    usernames or passwords longer than USER_PASS_LEN - this would not
	    result in a crash, buffer overflow or other security issues, but the
	    server would then misparse incoming IV variables and produce misleading
	    error messages.</p>
	</blockquote>
       </body>
    </description>
    <references>
      <url>https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13</url>
    </references>
    <dates>
      <discovery>2024-10-28</discovery>
      <entry>2025-01-17</entry>
    </dates>
  </vuln>

  <vuln vid="163edccf-d2ba-11ef-b10e-589cfc10a551">
    <topic>rsync -- Multiple security fixes</topic>
    <affects>
      <package>
	<name>rsync</name>
	<range><lt>3.4.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>rsync reports:</p>
	<blockquote cite="https://kb.cert.org/vuls/id/952657">
	  <p>This update includes multiple security fixes:</p>
	  <ul>
	    <li>CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing</li>
	    <li>CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR</li>
	    <li>CVE-2024-12086: Server leaks arbitrary client files</li>
	    <li>CVE-2024-12087: Server can make client write files outside of destination directory using symbolic links</li>
	    <li>CVE-2024-12088: --safe-links Bypass</li>
	    <li>CVE-2024-12747: symlink race condition</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-12084</cvename>
      <cvename>CVE-2024-12085</cvename>
      <cvename>CVE-2024-12086</cvename>
      <cvename>CVE-2024-12087</cvename>
      <cvename>CVE-2024-12088</cvename>
      <cvename>CVE-2024-12747</cvename>
    </references>
    <dates>
      <discovery>2025-01-14</discovery>
      <entry>2025-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8">
    <topic>git -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>git</name>
	<name>git-cvs</name>
	<name>git-gui</name>
	<name>git-p4</name>
	<name>git-svn</name>
	<range><lt>2.48.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Git development team reports:</p>
	<blockquote cite="https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/">
	  <p>CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the
	  user susceptible to crafted URLs (e.g. in recursive clones) that
	  mislead the user into typing in passwords for trusted sites that
	  would then be sent to untrusted sites instead.</p>
	  <p>CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to
	  credential helpers which use line-reading functions that
	  interpret said Carriage Returns as line endings, even though Git
	  did not intend that.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-50349</cvename>
      <url>https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr</url>
      <cvename>CVE-2024-52006</cvename>
      <url>https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp</url>
    </references>
    <dates>
      <discovery>2024-10-29</discovery>
      <entry>2025-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="5e2bd238-d2bb-11ef-bc0e-1c697a616631">
    <topic>keycloak -- Multiple security fixes</topic>
    <affects>
      <package>
	<name>keycloak</name>
	<range><lt>26.0.8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Keycloak reports:</p>
	<blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
	  <p>This update includes 2 security fixes:</p>
	  <ul>
	    <li>CVE-2024-11734: Unrestricted admin use of system and environment variables</li>
	    <li>CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-11734</cvename>
      <cvename>CVE-2024-11736</cvename>
    </references>
    <dates>
      <discovery>2025-01-13</discovery>
      <entry>2025-01-13</entry>
     </dates>
  </vuln>

  <vuln vid="7624c151-d116-11ef-b232-b42e991fc52e">
    <topic>asterisk - path traversal</topic>
    <affects>
      <package>
	<name>asterisk18</name>
	<range><lt>18.26.2</lt></range>
      </package>
      <package>
	<name>asterisk20</name>
	<range><lt>20.11.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616">
	  <p>An issue in the action_listcategories() function of Sangoma Asterisk
	v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
	execute a path traversal.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-53566</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-53566</url>
    </references>
    <dates>
      <discovery>2024-12-02</discovery>
      <entry>2025-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="4d79fd1a-cc93-11ef-abed-08002784c58d">
    <topic>redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>7.0.0</ge><lt>7.4.2</lt></range>
      </package>
      <package>
	<name>redis72</name>
	<range><lt>7.2.7</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.4.2.20250201</lt></range>
      </package>
      <package>
	<name>valkey</name>
	<range><lt>8.0.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis core team reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9">
	  <p>
	    An authenticated with sufficient privileges may create a
	    malformed ACL selector which, when accessed, triggers a
	    server panic and subsequent denial of service.The problem
	    exists in Redis 7.0.0 or newer.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-51741</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9</url>
    </references>
    <dates>
      <discovery>2025-01-06</discovery>
      <entry>2025-01-10</entry>
    </dates>
  </vuln>

  <vuln vid="5f19ac58-cc90-11ef-abed-08002784c58d">
    <topic>redis,valkey -- Remote code execution valnerability</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.4.2</lt></range>
      </package>
      <package>
	<name>redis72</name>
	<range><lt>7.2.7</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.17</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.4.2.20250201</lt></range>
      </package>
      <package>
	<name>valkey</name>
	<range><lt>8.0.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis core team reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c">
	  <p>
	    An authenticated user may use a specially crafted Lua
	    script to manipulate the garbage collector and potentially
	    lead to remote code execution. The problem exists in all
	    versions of Redis with Lua scripting.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2024-46981</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c</url>
    </references>
    <dates>
      <discovery>2025-01-06</discovery>
      <entry>2025-01-10</entry>
    </dates>
  </vuln>

  <vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<name>gitlab-ee</name>
	<range><ge>17.7.0</ge><lt>17.7.1</lt></range>
	<range><ge>17.6.0</ge><lt>17.6.3</lt></range>
	<range><ge>11.0.0</ge><lt>17.5.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/">
	  <p>Possible access token exposure in GitLab logs</p>
	  <p>Cyclic reference of epics leads resource exhaustion</p>
	  <p>Unauthorized user can manipulate status of issues in public projects</p>
	  <p>Instance SAML does not respect external_provider configuration</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2025-0194</cvename>
      <cvename>CVE-2024-6324</cvename>
      <cvename>CVE-2024-12431</cvename>
      <cvename>CVE-2024-13041</cvename>
      <url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url>
    </references>
    <dates>
      <discovery>2025-01-08</discovery>
      <entry>2025-01-08</entry>
    </dates>
  </vuln>