Report Name: Linux Patch Wednesday May 2025
Generated: 2025-05-23 22:32:13

Product Name	Prevalence	U	C	H	M	L	A	Comment
Intel(R) Processor	0.9			1	3		4	Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
Linux Kernel	0.9			2	346	368	716	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Windows Kernel	0.9				4		4	Windows Kernel
Binutils	0.8			1			1	The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Chromium	0.8		1	1	6		8	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNOME desktop	0.8				3		3	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
GNU C Library	0.8			1			1	The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
ICMP	0.8				2		2	The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
Mozilla Firefox	0.8			4	3		7	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js	0.8			1	4		5	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSH	0.8					1	1	OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
OpenSSL	0.8			1	1		2	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
PHP	0.8			1	2		3	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
Safari	0.8				2		2	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Zabbix	0.8			1	1	1	3	Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
Apache Tomcat	0.7				1		1	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Apache Traffic Server	0.7			1			1	The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
BIND	0.7				1		1	BIND is a suite of software for interacting with the Domain Name System
FFmpeg	0.7				1		1	FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Kubernetes	0.7		4	1		2	7	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
MediaWiki	0.7				1		1	MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
Moodle	0.7			2	2	6	10	Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
Oracle MySQL	0.7				26	1	27	MySQL is an open-source relational database management system
SQLite	0.7			1	1		2	SQLite is a database engine written in the C programming language
VMware Tools	0.7					1	1	VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems
Yelp	0.7		1				1	The Gnome user help application
vim	0.7			1			1	Vim is a free and open-source, screen-based text editor program
Apache ActiveMQ	0.6		1				1	Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
ImageMagick	0.6				1		1	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Jenkins	0.6				4	2	6	Jenkins is an open source automation server. It helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration, and continuous delivery.
Libsoup	0.6			5	8	2	15	libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools.
MongoDB	0.6				5		5	MongoDB is a source-available, cross-platform, document-oriented database program
Nextcloud	0.6				1	1	2	Nextcloud server is a self hosted personal cloud system
Perl	0.6				6		6	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Pgpool-II	0.6			1			1	Pgpool-II is a middleware that works between PostgreSQL servers and a PostgreSQL database client
PostgreSQL	0.6			1	2		3	PostgreSQL also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
PyTorch	0.6		1	1	8		10	PyTorch is a machine learning library based on the Torch library, used for applications such as computer vision and natural language processing, originally developed by Meta AI and now part of the Linux Foundation umbrella
Python	0.6				3		3	Python is a high-level, general-purpose programming language
Redis	0.6				1		1	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
libxml2	0.6			2			2	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
pgAdmin	0.6		1	2	2		5	pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world
7-Zip	0.5			2			2	7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives"
DOMPurify	0.5				1		1	DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
GDAL	0.5			1			1	Product detected by a:osgeo:gdal (exists in CPE dict)
HTTP Server	0.5				1		1	Product detected by a:apache:http_server (exists in CPE dict)
Libarchive	0.5					1	1	Multi-format archive and compression library
Libheif	0.5			2	1		3	Product detected by a:struktur:libheif (exists in CPE dict)
Libraw	0.5				4		4	Product detected by a:libraw:libraw (exists in CPE dict)
NVIDIA GPU Display Driver	0.5				1		1	A NVIDIA driver is a software program that enables communication between your computer and the NVIDIA graphics processor installed in your system
OpenTelemetry	0.5					1	1	OpenTelemetry is a collection of APIs, SDKs, and tools. Use it to instrument, generate, collect, and export telemetry data (metrics, logs and traces) to help you analyze your software's performance and behavior
PHP CSS Parser	0.5	1					1	Product detected by a:sabberworm:php_css_parser (exists in CPE dict)
Setuptools	0.5			1			1	Setuptools is a fully-featured, actively-maintained, and stable library designed to facilitate packaging Python projects
Stm32 Mw Usb Host	0.5			1			1	Product detected by a:st:stm32_mw_usb_host (exists in CPE dict)
Synapse	0.5				4	2	6	Product detected by a:matrix:synapse (exists in CPE dict)
TLS	0.5				2	2	4	TLS
WABT	0.5			1			1	Product detected by a:webassembly:wabt (exists in CPE dict)
Znuny	0.5				2		2	Znuny/Znuny LTS is a fork of the ((OTRS)) Community Edition, one of the most flexible web-based ticketing systems used for Customer Service, Help Desk, IT Service Management
aardvark-dns	0.5			1			1	Product detected by a:containers:aardvark-dns (does NOT exist in CPE dict)
assimp	0.5			2			2	Product detected by a:assimp:assimp (exists in CPE dict)
augeas	0.5			1			1	Product detected by a:augeas:augeas (exists in CPE dict)
buildkit	0.5		2				2	Product detected by a:mobyproject:buildkit (exists in CPE dict)
commons_vfs	0.5				1		1	Product detected by a:apache:commons_vfs (does NOT exist in CPE dict)
corosync	0.5			1			1	Product detected by a:corosync:corosync (exists in CPE dict)
dokuwiki	0.5		1				1	Product detected by a:dokuwiki:dokuwiki (exists in CPE dict)
gobgp	0.5				3	1	4	Product detected by a:osrg:gobgp (does NOT exist in CPE dict)
hdf5	0.5			4			4	Product detected by a:hdfgroup:hdf5 (exists in CPE dict)
kitty	0.5			1			1	Product detected by a:kovidgoyal:kitty (does NOT exist in CPE dict)
libbpf	0.5			1			1	Product detected by a:libbpf_project:libbpf (exists in CPE dict)
libreoffice	0.5				1		1	Product detected by a:libreoffice:libreoffice (exists in CPE dict)
micropython	0.5			2			2	Product detected by a:micropython:micropython (does NOT exist in CPE dict)
moodle	0.5				1		1	Product detected by a:moodle:moodle (exists in CPE dict)
net::dropbox::api	0.5				1		1	Product detected by a:norbu09:netdropboxapi (does NOT exist in CPE dict)
net::imap	0.5				1		1	Product detected by a:ruby-lang:netimap (does NOT exist in CPE dict)
nginx	0.5				1		1	Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
onnx	0.5		1				1	Product detected by a:onnx:onnx (does NOT exist in CPE dict)
qt	0.5					1	1	Product detected by a:qt:qt (exists in CPE dict)
string::compare::constanttime	0.5				1		1	Product detected by a:fractal:stringcompareconstanttime (does NOT exist in CPE dict)
upx	0.5			1			1	Product detected by a:upx:upx (does NOT exist in CPE dict)
varnish_enterprise	0.5				1		1	Product detected by a:varnish-software:varnish_enterprise (exists in CPE dict)
web::api	0.5				1		1	Product detected by a:lev:webapi (does NOT exist in CPE dict)
xmedcon	0.5				1		1	Product detected by a:xmedcon_project:xmedcon (does NOT exist in CPE dict)
Erlang/OTP	0.4		1			1	2	Erlang/OTP is a set of libraries for the Erlang programming language
Finit	0.4			1	1		2	Finit is a fast init for Linux systems
Flask-Cors	0.4			3			3	A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible
Gunicorn	0.4			1			1	The Gunicorn "Green Unicorn" is a Python Web Server Gateway Interface (WSGI) HTTP server
Horde IMP	0.4		1				1	IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. It uses the best-of-class Horde/Imap_Client library to provide fast, robust connections to the remote IMAP/POP3 server.
Libxmp	0.4			1			1	Libxmp is a library that renders module files to PCM data
Spring Framework	0.4				1		1	SThe Spring Framework is an application framework and inversion of control container for the Java platform
tar-fs	0.4			1			1	Filesystem bindings for tar-stream that allow you to pack directories into tarballs and extract tarballs into directories
webpy	0.4			1			1	web.py is a web framework for Python
Artifex Ghostscript	0.3					1	1	Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
Visual Studio	0.3				1		1	Integrated development environment
Unknown Product	0				42	93	135	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	1	8	9	8		26
Authentication Bypass	0.98			6	14		20
Code Injection	0.97			4			4
Command Injection	0.97		2	4	4		10
Security Feature Bypass	0.9		1	7	23	1	32
Elevation of Privilege	0.85			2	2		4
Arbitrary File Reading	0.83				1		1
Information Disclosure	0.83			2	16		18
Cross Site Scripting	0.8		1	1	10	1	13
Open Redirect	0.75				2	1	3
Denial of Service	0.7		1	8	57	5	71
Path Traversal	0.7		1	1	2	1	5
Incorrect Calculation	0.5			1	16	8	25
Memory Corruption	0.5		1	17	317	46	381
Spoofing	0.4				1	1	2
Tampering	0.3					1	1
Unknown Vulnerability Type	0				52	423	475

Source	U	C	H	M	L	A
almalinux		1	8	13	3	25
debian	1	8	49	426	433	917
oraclelinux		1	10	20	10	41
redhat		1	10	21	10	42
redos		6	12	26	16	60
ubuntu	1	5	10	99	45	160

Urgent (1)

1. Remote Code Execution - PHP CSS Parser (CVE-2020-13756) - Urgent [916]

Description: Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

debian: CVE-2020-13756 was patched at 2025-05-21

ubuntu: CVE-2020-13756 was patched at 2025-05-07

Critical (15)

2. Denial of Service - Apache ActiveMQ (CVE-2025-27533) - Critical [796]

Description: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

debian: CVE-2025-27533 was patched at 2025-05-21

3. Security Feature Bypass - Chromium (CVE-2025-4664) - Critical [764]

Description: Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-4664 was patched at 2025-05-15, 2025-05-21

ubuntu: CVE-2025-46646 was patched at 2025-05-01

4. Path Traversal - buildkit (CVE-2024-23652) - Critical [738]

Description: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.

ubuntu: CVE-2024-23652 was patched at 2025-05-01

5. Remote Code Execution - Kubernetes (CVE-2025-1974) - Critical [735]

Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

redos: CVE-2025-1974 was patched at 2025-04-17

6. Remote Code Execution - Kubernetes (CVE-2025-1098) - Critical [723]

Description: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

redos: CVE-2025-1098 was patched at 2025-04-17

7. Remote Code Execution - Kubernetes (CVE-2025-24514) - Critical [723]

Description: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

redos: CVE-2025-24514 was patched at 2025-04-17

8. Remote Code Execution - pgAdmin (CVE-2025-2945) - Critical [719]

Description: Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.

redos: CVE-2025-2945 was patched at 2025-04-24

9. Remote Code Execution - Kubernetes (CVE-2025-1097) - Critical [711]

Description: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

redos: CVE-2025-1097 was patched at 2025-04-17

10. Remote Code Execution - Erlang/OTP (CVE-2025-32433) - Critical [685]

Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

debian: CVE-2025-32433 was patched at 2025-04-20, 2025-04-23

redos: CVE-2025-32433 was patched at 2025-04-30

ubuntu: CVE-2025-32433 was patched at 2025-04-17, 2025-04-23

11. Remote Code Execution - PyTorch (CVE-2025-32434) - Critical [659]

Description: PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

debian: CVE-2025-32434 was patched at 2025-04-23

12. Command Injection - dokuwiki (CVE-2016-7964) - Critical [649]

Description: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

debian: CVE-2016-7964 was patched at 2025-04-23

13. Memory Corruption - buildkit (CVE-2024-23651) - Critical [642]

Description: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

ubuntu: CVE-2024-23651 was patched at 2025-05-01

14. Command Injection - onnx (CVE-2024-7776) - Critical [637]

Description: A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

debian: CVE-2024-7776 was patched at 2025-04-23

15. Remote Code Execution - Yelp (CVE-2025-3155) - Critical [604]

Description: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

almalinux: CVE-2025-3155 was patched at 2025-05-13, 2025-05-14

debian: CVE-2025-3155 was patched at 2025-04-23, 2025-04-24

oraclelinux: CVE-2025-3155 was patched at 2025-05-15, 2025-05-22

redhat: CVE-2025-3155 was patched at 2025-05-05, 2025-05-06, 2025-05-13, 2025-05-14

ubuntu: CVE-2025-3155 was patched at 2025-04-23

16. Cross Site Scripting - Horde IMP (CVE-2025-30349) - Critical [602]

Description: Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.

debian: CVE-2025-30349 was patched at 2025-04-23

High (62)

17. Security Feature Bypass - GNU C Library (CVE-2025-4802) - High [591]

Description: Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

debian: CVE-2025-4802 was patched at 2025-05-21

18. Denial of Service - aardvark-dns (CVE-2024-8418) - High [589]

Description: A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime.

oraclelinux: CVE-2024-8418 was patched at 2025-05-16

redhat: CVE-2024-8418 was patched at 2025-05-13

19. Information Disclosure - Intel(R) Processor (CVE-2024-45332) - High [572]

Description: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

debian: CVE-2024-45332 was patched at 2025-05-21

20. Path Traversal - tar-fs (CVE-2024-12905) - High [560]

Description: An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

debian: CVE-2024-12905 was patched at 2025-04-23

21. Authentication Bypass - Finit (CVE-2025-29906) - High [551]

Description: Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.

debian: CVE-2025-29906 was patched at 2025-05-21

22. Security Feature Bypass - Kubernetes (CVE-2025-24513) - High [551]

Description: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

redos: CVE-2025-24513 was patched at 2025-04-17

23. Denial of Service - Libsoup (CVE-2025-32908) - High [546]

Description: A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

debian: CVE-2025-32908 was patched at 2025-04-23

24. Memory Corruption - Libsoup (CVE-2025-32911) - High [546]

Description: A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

almalinux: CVE-2025-32911 was patched at 2025-05-06, 2025-05-13

debian: CVE-2025-32911 was patched at 2025-04-23

oraclelinux: CVE-2025-32911 was patched at 2025-05-06, 2025-05-22

redhat: CVE-2025-32911 was patched at 2025-05-05, 2025-05-06, 2025-05-07, 2025-05-13

redos: CVE-2025-32911 was patched at 2025-04-30

ubuntu: CVE-2025-32911 was patched at 2025-05-06, 2025-05-07

25. Security Feature Bypass - kitty (CVE-2025-43929) - High [541]

Description: open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

debian: CVE-2025-43929 was patched at 2025-04-23

26. Command Injection - Gunicorn (CVE-2024-6827) - High [537]

Description: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

debian: CVE-2024-6827 was patched at 2025-04-23

27. Remote Code Execution - Libheif (CVE-2025-29482) - High [535]

Description: Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.

debian: CVE-2025-29482 was patched at 2025-05-21

28. Remote Code Execution - libbpf (CVE-2025-29481) - High [535]

Description: Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.

debian: CVE-2025-29481 was patched at 2025-04-23

29. Denial of Service - Libsoup (CVE-2025-32907) - High [534]

Description: A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

almalinux: CVE-2025-32907 was patched at 2025-05-13

debian: CVE-2025-32907 was patched at 2025-04-23

oraclelinux: CVE-2025-32907 was patched at 2025-05-22

redhat: CVE-2025-32907 was patched at 2025-05-05, 2025-05-06, 2025-05-13

30. Denial of Service - assimp (CVE-2025-3016) - High [529]

Description: A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue.

debian: CVE-2025-3016 was patched at 2025-04-23

debian: CVE-2025-30164 was patched at 2025-04-23

31. Code Injection - webpy (CVE-2025-3818) - High [525]

Description: A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-3818 was patched at 2025-04-23

32. Denial of Service - libxml2 (CVE-2025-32414) - High [522]

Description: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

debian: CVE-2025-32414 was patched at 2025-04-23

redos: CVE-2025-32414 was patched at 2025-04-24

ubuntu: CVE-2025-32414 was patched at 2025-04-28

33. Memory Corruption - corosync (CVE-2025-30472) - High [517]

Description: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

debian: CVE-2025-30472 was patched at 2025-04-23

oraclelinux: CVE-2025-30472 was patched at 2025-05-16

redhat: CVE-2025-30472 was patched at 2025-05-13

ubuntu: CVE-2025-30472 was patched at 2025-05-05

34. Elevation of Privilege - Linux Kernel (CVE-2023-53033) - High [516]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet + vlan header are copied directly from the skbuff data area. Fix incorrect arithmetic operator: subtract, not add, the size of the vlan header in case of double-tagged packets to adjust the length accordingly to address CVE-2023-0179.

debian: CVE-2023-53033 was patched at 2025-04-23

35. Authentication Bypass - Flask-Cors (CVE-2024-6844) - High [515]

Description: A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues.

debian: CVE-2024-6844 was patched at 2025-04-23

36. Authentication Bypass - Flask-Cors (CVE-2024-6866) - High [515]

Description: corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks.

debian: CVE-2024-6866 was patched at 2025-04-23

37. Memory Corruption - Linux Kernel (CVE-2025-21670) - High [513]

Description: In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ RIP: 0010:vsock_connectible_has_data+0x1f/0x40 Call Trace: vsock_bpf_recvmsg+0xca/0x5e0 sock_recvmsg+0xb9/0xc0 __sys_recvfrom+0xb3/0x130 __x64_sys_recvfrom+0x20/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e So we need to check the `vsk->transport` in vsock_bpf_recvmsg(), especially for connected sockets (stream/seqpacket) as we already do in __vsock_connectible_recvmsg().

ubuntu: CVE-2025-21670 was patched at 2025-04-23

38. Authentication Bypass - pgAdmin (CVE-2024-4215) - High [507]

Description: pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

redos: CVE-2024-4215 was patched at 2025-04-17

39. Memory Corruption - assimp (CVE-2025-3015) - High [505]

Description: A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue.

debian: CVE-2025-3015 was patched at 2025-04-23

40. Memory Corruption - micropython (CVE-2024-8946) - High [505]

Description: A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.

ubuntu: CVE-2024-8946 was patched at 2025-05-01

41. Memory Corruption - micropython (CVE-2024-8947) - High [505]

Description: A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.

ubuntu: CVE-2024-8947 was patched at 2025-05-01

42. Authentication Bypass - Flask-Cors (CVE-2024-6839) - High [503]

Description: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors.

debian: CVE-2024-6839 was patched at 2025-04-23

43. Code Injection - pgAdmin (CVE-2022-4223) - High [499]

Description: The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.

redos: CVE-2022-4223 was patched at 2025-04-17

44. Denial of Service - PyTorch (CVE-2025-2953) - High [498]

Description: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

debian: CVE-2025-2953 was patched at 2025-04-23

45. Memory Corruption - Libsoup (CVE-2025-32914) - High [498]

Description: A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.

debian: CVE-2025-32914 was patched at 2025-04-23

redos: CVE-2025-32914 was patched at 2025-04-30

ubuntu: CVE-2025-32914 was patched at 2025-05-06, 2025-05-07

46. Memory Corruption - Binutils (CVE-2025-3198) - High [496]

Description: A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

debian: CVE-2025-3198 was patched at 2025-04-23

47. Memory Corruption - libxml2 (CVE-2025-32415) - High [486]

Description: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

debian: CVE-2025-32415 was patched at 2025-04-23

redos: CVE-2025-32415 was patched at 2025-05-06

ubuntu: CVE-2025-32415 was patched at 2025-04-28

48. Denial of Service - GDAL (CVE-2025-29480) - High [482]

Description: Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function.

debian: CVE-2025-29480 was patched at 2025-04-23

49. Memory Corruption - Libheif (CVE-2025-43967) - High [482]

Description: libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

debian: CVE-2025-43967 was patched at 2025-04-23

50. Memory Corruption - WABT (CVE-2025-2584) - High [470]

Description: A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-2584 was patched at 2025-04-23

51. Security Feature Bypass - 7-Zip (CVE-2022-47111) - High [470]

Description: 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.

debian: CVE-2022-47111 was patched at 2025-04-23

52. Security Feature Bypass - 7-Zip (CVE-2022-47112) - High [470]

Description: 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.

debian: CVE-2022-47112 was patched at 2025-04-23

53. Remote Code Execution - Moodle (CVE-2025-3641) - High [449]

Description: A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.

redos: CVE-2025-3641 was patched at 2025-05-15

54. Remote Code Execution - Moodle (CVE-2025-3642) - High [449]

Description: A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.

redos: CVE-2025-3642 was patched at 2025-05-15

55. Memory Corruption - hdf5 (CVE-2025-2915) - High [446]

Description: A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-2915 was patched at 2025-04-23

56. Memory Corruption - hdf5 (CVE-2025-2924) - High [446]

Description: A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-2924 was patched at 2025-04-23

57. Memory Corruption - hdf5 (CVE-2025-2925) - High [446]

Description: A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-2925 was patched at 2025-04-23

58. Memory Corruption - hdf5 (CVE-2025-2926) - High [446]

Description: A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-2926 was patched at 2025-04-23

59. Memory Corruption - upx (CVE-2025-2849) - High [446]

Description: A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

debian: CVE-2025-2849 was patched at 2025-04-23

60. Command Injection - Apache Traffic Server (CVE-2024-53868) - High [444]

Description: Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

debian: CVE-2024-53868 was patched at 2025-04-23

61. Code Injection - Zabbix (CVE-2024-36465) - High [437]

Description: A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

redos: CVE-2024-36465 was patched at 2025-05-06

62. Security Feature Bypass - Chromium (CVE-2025-4052) - High [436]

Description: Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-4052 was patched at 2025-05-01, 2025-05-21

63. Memory Corruption - augeas (CVE-2025-2588) - High [434]

Description: A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-2588 was patched at 2025-04-23

64. Incorrect Calculation - Libxmp (CVE-2025-47256) - High [429]

Description: Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.

debian: CVE-2025-47256 was patched at 2025-05-21

65. Remote Code Execution - Stm32 Mw Usb Host (CVE-2021-42553) - High [428]

Description: A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.

ubuntu: CVE-2021-42553 was patched at 2025-05-01

66. Security Feature Bypass - Mozilla Firefox (CVE-2025-4083) - High [425]

Description: A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

almalinux: CVE-2025-4083 was patched at 2025-05-05, 2025-05-12

debian: CVE-2025-4083 was patched at 2025-04-30, 2025-05-01, 2025-05-21

oraclelinux: CVE-2025-4083 was patched at 2025-05-05, 2025-05-06, 2025-05-12

redhat: CVE-2025-4083 was patched at 2025-05-05, 2025-05-08, 2025-05-12, 2025-05-13, 2025-05-14, 2025-05-15

67. Remote Code Execution - Mozilla Firefox (CVE-2025-4091) - High [419]

Description: Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.

almalinux: CVE-2025-4091 was patched at 2025-05-05, 2025-05-12

debian: CVE-2025-4091 was patched at 2025-04-30, 2025-05-01, 2025-05-21

oraclelinux: CVE-2025-4091 was patched at 2025-05-05, 2025-05-06, 2025-05-12

redhat: CVE-2025-4091 was patched at 2025-05-05, 2025-05-08, 2025-05-12, 2025-05-13, 2025-05-14, 2025-05-15

68. Remote Code Execution - Mozilla Firefox (CVE-2025-4093) - High [419]

Description: Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10.

almalinux: CVE-2025-4093 was patched at 2025-05-05, 2025-05-12

debian: CVE-2025-4093 was patched at 2025-04-30, 2025-05-01, 2025-05-21

oraclelinux: CVE-2025-4093 was patched at 2025-05-05, 2025-05-06, 2025-05-12

redhat: CVE-2025-4093 was patched at 2025-05-05, 2025-05-08, 2025-05-12, 2025-05-13, 2025-05-14, 2025-05-15

69. Authentication Bypass - Pgpool-II (CVE-2025-46801) - High [417]

Description: Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.

debian: CVE-2025-46801 was patched at 2025-05-21

70. Code Injection - PostgreSQL (CVE-2025-46337) - High [416]

Description: ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.

debian: CVE-2025-46337 was patched at 2025-05-21

71. Elevation of Privilege - Mozilla Firefox (CVE-2025-2817) - High [416]

Description: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

almalinux: CVE-2025-2817 was patched at 2025-05-05, 2025-05-12

oraclelinux: CVE-2025-2817 was patched at 2025-05-05, 2025-05-06, 2025-05-12

redhat: CVE-2025-2817 was patched at 2025-05-05, 2025-05-08, 2025-05-12, 2025-05-13, 2025-05-14, 2025-05-15

72. Remote Code Execution - Setuptools (CVE-2025-47273) - High [416]

Description: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

debian: CVE-2025-47273 was patched at 2025-05-21

73. Denial of Service - Libsoup (CVE-2025-32906) - High [415]

Description: A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.

almalinux: CVE-2025-32906 was patched at 2025-05-06, 2025-05-13

debian: CVE-2025-32906 was patched at 2025-04-23

oraclelinux: CVE-2025-32906 was patched at 2025-05-06, 2025-05-22

redhat: CVE-2025-32906 was patched at 2025-05-05, 2025-05-06, 2025-05-07, 2025-05-13

redos: CVE-2025-32906 was patched at 2025-04-30

ubuntu: CVE-2025-32906 was patched at 2025-05-06, 2025-05-07

74. Remote Code Execution - SQLite (CVE-2025-3277) - High [414]

Description: An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

almalinux: CVE-2025-3277 was patched at 2025-05-05, 2025-05-13

debian: CVE-2025-32776 was patched at 2025-04-23

oraclelinux: CVE-2025-3277 was patched at 2025-05-05

redhat: CVE-2025-3277 was patched at 2025-05-05, 2025-05-13

75. Command Injection - vim (CVE-2025-27423) - High [408]

Description: Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164

redos: CVE-2025-27423 was patched at 2025-04-30

76. Cross Site Scripting - PHP (CVE-2024-45699) - High [407]

Description: The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

debian: CVE-2024-45699 was patched at 2025-04-23

77. Command Injection - Node.js (CVE-2025-23167) - High [401]

Description: A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

debian: CVE-2025-23167 was patched at 2025-05-21

78. Information Disclosure - OpenSSL (CVE-2023-24010) - High [400]

Description: An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.

debian: CVE-2023-24010 was patched at 2025-04-27

Medium (525)

79. Denial of Service - HTTP Server (CVE-2025-3891) - Medium [398]

Description: A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

almalinux: CVE-2025-3891 was patched at 2025-05-06

debian: CVE-2025-3891 was patched at 2025-05-08, 2025-05-21

oraclelinux: CVE-2025-3891 was patched at 2025-05-07

redhat: CVE-2025-3891 was patched at 2025-05-06

80. Elevation of Privilege - Windows Kernel (CVE-2025-43715) - Medium [397]

Description: Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

debian: CVE-2025-43715 was patched at 2025-04-23

81. Information Disclosure - Windows Kernel (CVE-2025-2830) - Medium [393]

Description: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.

almalinux: CVE-2025-2830 was patched at 2025-04-28, 2025-05-07, 2025-05-13

debian: CVE-2025-2830 was patched at 2025-04-23, 2025-05-01

oraclelinux: CVE-2025-2830 was patched at 2025-04-28, 2025-05-07, 2025-05-22

redhat: CVE-2025-2830 was patched at 2025-04-28, 2025-04-30, 2025-05-06, 2025-05-07, 2025-05-13

redos: CVE-2025-2830 was patched at 2025-05-15

82. Command Injection - Python (CVE-2025-43859) - Medium [392]

Description: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

debian: CVE-2025-43859 was patched at 2025-04-27

redhat: CVE-2025-43859 was patched at 2025-05-14

ubuntu: CVE-2025-43859 was patched at 2025-05-08

83. Authentication Bypass - Chromium (CVE-2025-4051) - Medium [391]

Description: Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2025-4051 was patched at 2025-05-01, 2025-05-21

84. Command Injection - nginx (CVE-2024-33452) - Medium [387]

Description: An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.

debian: CVE-2024-33452 was patched at 2025-04-27

85. Remote Code Execution - Perl (CVE-2025-30673) - Medium [385]

Description: Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

debian: CVE-2025-30673 was patched at 2025-04-23

86. Security Feature Bypass - Moodle (CVE-2025-3638) - Medium [384]

Description: A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

redos: CVE-2025-3638 was patched at 2025-05-15

87. Open Redirect - Windows Kernel (CVE-2025-3522) - Medium [379]

Description: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.

almalinux: CVE-2025-3522 was patched at 2025-04-28, 2025-05-07, 2025-05-13

debian: CVE-2025-3522 was patched at 2025-04-23, 2025-05-01

oraclelinux: CVE-2025-3522 was patched at 2025-04-28, 2025-05-07, 2025-05-22

redhat: CVE-2025-3522 was patched at 2025-04-28, 2025-04-30, 2025-05-06, 2025-05-07, 2025-05-13

redos: CVE-2025-3522 was patched at 2025-05-15

88. Path Traversal - pgAdmin (CVE-2023-0241) - Medium [379]

Description: pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.

redos: CVE-2023-0241 was patched at 2025-04-17

89. Security Feature Bypass - Python (CVE-2024-39780) - Medium [379]

Description: A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. This issue has now been fixed for ROS Noetic via commit 3d93ac13603438323d7e9fa74e879e45c5fe2e8e.

debian: CVE-2024-39780 was patched at 2025-04-23

90. Security Feature Bypass - Safari (CVE-2025-31205) - Medium [377]

Description: The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.

almalinux: CVE-2025-31205 was patched at 2025-05-20

debian: CVE-2025-31205 was patched at 2025-05-21

oraclelinux: CVE-2025-31205 was patched at 2025-05-20