diff options
Diffstat (limited to 'security/vuxml/vuln/2025.xml')
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 897 |
1 files changed, 896 insertions, 1 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index b1d04ff02b44..6af76ff19af5 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,897 @@ + <vuln vid="20840621-ab82-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>140.4.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899"> + <p>Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR + 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed + evidence of memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary code. This + vulnerability affects Firefox < 144, Firefox ESR < 140.4, + Thunderbird < 144, and Thunderbird < 140.4.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11715</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11715</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="ed132d42-ab81-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1986816"> + <p>Memory safety bug. This bug showed evidence of memory + corruption and we presume that with enough effort this could + have been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11721</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11721</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="f3550d26-ab7d-11f0-b961-b42e991fc52e"> + <topic>Firefox -- Sandbox escape</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.3,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1987246"> + <p>Sandbox excape due to integer overflow in the Graphics: + Canvas2D component</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11152</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11152</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="7b9a8247-ab7b-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.2.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>142.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067"> + <p>Some of these bugs showed evidence of memory corruption + and we presume that with enough effort some of these could + have been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10537</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10537</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="4fe6f98e-ab7b-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Information disclosure</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.3.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1981502"> + <p>This vulnerability affects Firefox < 143, Firefox ESR < 140.3, + Thunderbird < 143, and Thunderbird < 140.3.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10536</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10536</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="1e8a6581-ab7b-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- spoofing</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1665334"> + <p>Spoofing issue in the Site Permission component</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10534</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10534</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="c7383de4-ab7a-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- integer overflow</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.28.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"> + <p>Integer overflow in the SVG component</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10533</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10533</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="511f5aac-ab46-11f0-9446-f02f7497ecda"> + <topic>minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS</topic> + <affects> + <package> + <name>minio</name> + <range><lt>RELEASE.2025-10-15T17-29-55Z</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>mino reports:</p> + <blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr"> + <p>A privilege escalation vulnerability allows service accounts and STS + (Security Token Service) accounts with restricted session policies to + bypass their inline policy restrictions when performing "own" account + operations, specifically when creating new service accounts for the same + user.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-62506</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-62506</url> + </references> + <dates> + <discovery>2025-10-17</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="50fd6a75-0587-4987-bef2-bb933cd78ea1"> + <topic>zeek -- information leak vulnerability</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>8.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tim Wojtulewicz of Corelight reports:</p> + <blockquote cite="INSERT URL HERE"> + <p>The KRB analyzer can leak information about hosts in + analyzed traffic via external DNS lookups.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/zeek/zeek/releases/tag/v8.0.2</url> + </references> + <dates> + <discovery>2025-10-13</discovery> + <entry>2025-10-13</entry> + </dates> + </vuln> + + <vuln vid="6dd86212-a859-11f0-bd95-b42e991fc52e"> + <topic>Firefox -- JIT miscompilation in the JavaScript Engine</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.3,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1987481"> + <p>JIT miscompilation in the JavaScript Engine: JIT + component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11153</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11153</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-13</entry> + </dates> + </vuln> + + <vuln vid="87fdaf3c-a5b5-11f0-98b5-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.4.0</ge><lt>18.4.2</lt></range> + <range><ge>18.3.0</ge><lt>18.3.4</lt></range> + <range><ge>5.2.0</ge><lt>18.2.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/"> + <p>Incorrect authorization issue in GraphQL mutations impacts GitLab EE</p> + <p>Denial of Service issue in GraphQL blob type impacts GitLab CE/EE</p> + <p>Missing authorization issue in manual jobs impacts GitLab CE/EE</p> + <p>Denial of Service issue in webhook endpoints impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11340</cvename> + <cvename>CVE-2025-10004</cvename> + <cvename>CVE-2025-9825</cvename> + <cvename>CVE-2025-2934</cvename> + <url>https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/</url> + </references> + <dates> + <discovery>2025-10-08</discovery> + <entry>2025-10-10</entry> + </dates> + </vuln> + + <vuln vid="0b5145e9-a500-11f0-a136-10ffe07f9334"> + <topic>Mailpit -- Performance information disclosure</topic> + <affects> + <package> + <name>mailpit</name> + <range><lt>1.27.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ralph Slooten (Mailpit developer) reports:</p> + <blockquote cite="https://github.com/axllent/mailpit/releases/tag/v1.27.10"> + <p>An HTTP endpoint was found which exposed expvar runtime + information (memory usage, goroutine counts, GC behavior, + uptime and potential runtime flags) due to the Prometheus + client library dependency.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/axllent/mailpit/releases/tag/v1.27.10</url> + </references> + <dates> + <discovery>2025-10-09</discovery> + <entry>2025-10-09</entry> + </dates> + </vuln> + + <vuln vid="f60c790a-a394-11f0-9617-b42e991fc52e"> + <topic>Mozilla -- Incorrect boundary conditions</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.3</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979502"> + <p>The vulnerability has been assessed to have moderate + impact on affected systems, potentially allowing attackers + to exploit incorrect boundary conditions in the JavaScript + Garbage Collection component. In Thunderbird specifically, + these flaws cannot be exploited through email as scripting + is disabled when reading mail, but remain potential risks in + browser or browser-like contexts </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10532</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10532</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-07</entry> + </dates> + </vuln> + + <vuln vid="a240c31b-a394-11f0-9617-b42e991fc52e"> + <topic>Mozilla -- mitigation bypass vulnerability</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1978453"> + <p>The vulnerability has been rated as having moderate + impact, affecting both confidentiality and integrity + with low severity, while having no impact on + availability. For Thunderbird specifically, the + vulnerability cannot be exploited through email as + scripting is disabled when reading mail, but remains a + potential risk in browser or browser-like contexts </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10531</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10531</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-07</entry> + </dates> + </vuln> + + <vuln vid="f2de2f64-a2cc-11f0-8402-b42e991fc52e"> + <topic>Mozilla -- Sandbox escape due to use-after-free</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.3.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1986185"> + <p>Sandbox escape due to use-after-free</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10527</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10527</url> + <cvename>CVE-2025-10528</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10528</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-06</entry> + </dates> + </vuln> + + <vuln vid="a5395e02-a2ca-11f0-8402-b42e991fc52e"> + <topic>mongodb -- Malformed $group Query May Cause MongoDB Server to Crash</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.25</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.22</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-99616"> + <p>An authorized user can cause a crash in the MongoDB Server through + a specially crafted $group query. This vulnerability is related + to the incorrect handling of certain accumulator functions when + additional parameters are specified within the $group operation. + This vulnerability could lead to denial of service if triggered + repeatedly.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10061</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10061</url> + </references> + <dates> + <discovery>2025-09-05</discovery> + <entry>2025-10-06</entry> + <modified>2025-10-07</modified> + </dates> + </vuln> + + <vuln vid="6d16b410-a2ca-11f0-8402-b42e991fc52e"> + <topic>mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.25</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.22</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-95524"> + <p>MongoDB Server may allow upsert operations retried + within a transaction to violate unique index constraints, + potentially causing an invariant failure and server crash + during commit. This issue may be triggered by improper + WriteUnitOfWork state management.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10060</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10060</url> + </references> + <dates> + <discovery>2025-09-05</discovery> + <entry>2025-10-06</entry> + </dates> + </vuln> + + <vuln vid="4329e3bd-a2ca-11f0-8402-b42e991fc52e"> + <topic>mongodb -- MongoDB Server router will crash when incorrect lsid is set on a sharded query</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.24</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.18</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-100901"> + <p>An improper setting of the lsid field on any sharded query can cause + a crash in MongoDB routers. This issue occurs when a generic + argument (lsid) is provided in a case when it is not applicable.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10059</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10059</url> + </references> + <dates> + <discovery>2025-09-05</discovery> + <entry>2025-10-06</entry> + </dates> + </vuln> + + <vuln vid="a9dc3c61-a20f-11f0-91d8-b42e991fc52e"> + <topic>mongodb -- MongoDB Server access to non-initialized memory</topic> + <affects> + <package> + <name>mongodb6</name> + <range><lt>6.0.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-71477"> + <p>MongoDB Server may access non-initialized region of + memory leading to unexpected behaviour when zero arguments + are called in internal aggregation stage.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-8654</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-8654</url> + </references> + <dates> + <discovery>2024-09-10</discovery> + <entry>2025-10-05</entry> + </dates> + </vuln> + + <vuln vid="0af2f18e-a119-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Out of bound read due to a bug in LUA</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f"> + <p> + An authenticated user may use a specially crafted LUA script to read + out-of-bound data or crash the server and subsequent denial of + service. + The problem exists in all versions of Redis with Lua scripting + An additional workaround to mitigate the problem without patching + the redis-server executable is to prevent users from executing Lua + scripts. This can be done using ACL to block a script by restricting + both the EVAL and FUNCTION command families. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-46819</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46819</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="0258d37d-a118-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Running Lua function as a different user</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp"> + <p> + An authenticated user may use a specially crafted Lua script to + manipulate different LUA objects and potentially run their own code + in the context of another user + The problem exists in all versions of Redis with Lua scripting. + An additional workaround to mitigate the problem without patching + the redis-server executable is to prevent users from executing Lua + scripts. This can be done using ACL to block a script by restricting + both the EVAL and FUNCTION command families. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-46818</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46818</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="f6b8de04-a116-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Lua library commands may lead to integer overflow and potential RCE</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp"> + <p> + An authenticated user may use a specially crafted Lua script to + cause an integer overflow and potentially lead to remote code + execution + The problem exists in all versions of Redis with Lua scripting. + An additional workaround to mitigate the problem without patching + the redis-server executable is to prevent users from executing Lua + scripts. This can be done using ACL to block a script by restricting + both the EVAL and FUNCTION command families. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-46817</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46817</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="17e85cae-a115-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Lua Use-After-Free may lead to remote code execution</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"> + <p> + An authenticated user may use a specially crafted Lua script to + manipulate the garbage collector, trigger a use-after-free and + potentially lead to remote code execution. + The problem exists in all versions of Redis with Lua scripting. + An additional workaround to mitigate the problem without patching the + redis-server executable is to prevent users from executing Lua scripts. + This can be done using ACL to restrict EVAL and EVALSHA commands. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-49844</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-49844</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="c27c05a7-a0c8-11f0-8471-4ccc6adda413"> + <topic>qt6-webengine -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>qt6-pdf</name> + <name>qt6-webengine</name> + <range><lt>6.9.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Qt qtwebengine-chromium repo reports:</p> + <blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based"> + <p>Backports for 9 security bugs in Chromium:</p> + <ul> + <li>CVE-2025-9866: Determine whether to bypass redirect checks per request</li> + <li>CVE-2025-10200: Use after free in Serviceworker</li> + <li>CVE-2025-10201: Inappropriate implementation in Mojo</li> + <li>CVE-2025-10500: Use after free in Dawn</li> + <li>CVE-2025-10501: Use after free in WebRTC</li> + <li>CVE-2025-10502: Heap buffer overflow in ANGLE</li> + <li>CVE-2025-10890: Side-channel information leakage in V8 (1/2)</li> + <li>CVE-2025-10891: Integer overflow in V8</li> + <li>CVE-2025-10892: Integer overflow in V8</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9866</cvename> + <cvename>CVE-2025-10200</cvename> + <cvename>CVE-2025-10201</cvename> + <cvename>CVE-2025-10500</cvename> + <cvename>CVE-2025-10501</cvename> + <cvename>CVE-2025-10502</cvename> + <cvename>CVE-2025-10890</cvename> + <cvename>CVE-2025-10891</cvename> + <cvename>CVE-2025-10892</cvename> + <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based</url> + </references> + <dates> + <discovery>2025-09-25</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + <vuln vid="21fba35e-a05f-11f0-a8b8-a1ef31191bc1"> <topic>fetchmail -- potential crash when authenticating to SMTP server</topic> <affects> @@ -24,7 +918,7 @@ </body> </description> <references> - <!-- cvename has been requested from MITRE but not yet created <cvename>INSERT CVE RECORD IF AVAILABLE</cvename> --> + <cvename>CVE-2025-61962</cvename> <url>https://www.fetchmail.info/fetchmail-SA-2025-01.txt</url> <url>https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads</url> <url>https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8</url> @@ -32,6 +926,7 @@ <dates> <discovery>2025-10-02</discovery> <entry>2025-10-03</entry> + <modified>2025-10-04</modified> </dates> </vuln> |