Report Name: Linux Patch Wednesday July 2025
Generated: 2025-07-25 02:28:39

Product Name	Prevalence	U	C	H	M	L	A	Comment
Apache HTTP Server	0.9		1	3	3		7	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
Linux Kernel	0.9			1	96	194	291	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Polkit	0.9			1			1	polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes
Binutils	0.8				2		2	The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Chromium	0.8	1					1	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNU C Library	0.8				2		2	The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
ICMP	0.8				1		1	The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
Mozilla Firefox	0.8			8	7		15	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
PHP	0.8			3			3	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
Safari	0.8			1			1	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Windows NTLM V1	0.8			1			1	Windows component
libxslt	0.8				2		2	ibxslt is the XSLT C library developed for the GNOME project
Apache Tomcat	0.7				3		3	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Kubernetes	0.7				1		1	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
MediaWiki	0.7			6	3	2	11	MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
cpp-httplib	0.7			1	2		3	cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library
ClamAV	0.6				1		1	ClamAV (Clam AntiVirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses
FreeRDP	0.6				1		1	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
ImageMagick	0.6				3		3	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
MongoDB	0.6				3	1	4	MongoDB is a source-available, cross-platform, document-oriented database program
Nextcloud	0.6				1	1	2	Nextcloud server is a self hosted personal cloud system
Oracle Java SE	0.6				4		4	Oracle Java SE
Python	0.6			3	3		6	Python is a high-level, general-purpose programming language
Redis	0.6			1	1		2	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Teams	0.6				1		1	MS Office product
Vault	0.6				3		3	Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
libxml2	0.6				1		1	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
pgAdmin	0.6		1	1	1		3	pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world
CXF	0.5				1		1	Product detected by a:apache:cxf (exists in CPE dict)
Consul	0.5				1		1	Product detected by a:hashicorp:consul (exists in CPE dict)
DjVuLibre	0.5			1			1	DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images
HashiCorp Nomad	0.5			1			1	HashiCorp Nomad is a workload scheduler and orchestrator designed to deploy and manage applications, including containerized and non-containerized workloads, across various infrastructure platforms
Jq	0.5			1			1	Product detected by a:jqlang:jq (exists in CPE dict)
Mbed TLS	0.5			1	3		4	Mbed TLS
Radare2	0.5				1		1	Product detected by a:radare:radare2 (exists in CPE dict)
Sudo	0.5		1	1	1		3	Product detected by a:sudo_project:sudo (exists in CPE dict)
TLS	0.5				1		1	TLS
Tar	0.5			1			1	Product detected by a:gnu:tar (exists in CPE dict)
abc	0.5			1			1	Product detected by a:berkeley-abc:abc (does NOT exist in CPE dict)
drupal	0.5			1			1	Product detected by a:drupal:drupal (exists in CPE dict)
hdf5	0.5			10			10	Product detected by a:hdfgroup:hdf5 (exists in CPE dict)
jquery	0.5			1			1	Product detected by a:jquery:jquery (exists in CPE dict)
luajit	0.5			3			3	Product detected by a:luajit:luajit (exists in CPE dict)
nix	0.5				1		1	Product detected by a:nixos:nix (does NOT exist in CPE dict)
rlottie	0.5				3		3	Product detected by a:samsung:rlottie (does NOT exist in CPE dict)
Flask-Cors	0.4			1			1	A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible
Git	0.4			1	4		5	Git
Unknown Product	0				21	32	53	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		1	10	6		17
Authentication Bypass	0.98			5	6		11
Code Injection	0.97			1	1		2
Command Injection	0.97			1	2		3
XXE Injection	0.97				1		1
Arbitrary File Writing	0.95				1		1
Security Feature Bypass	0.9	1	1	6	9		17
Elevation of Privilege	0.85		1	2	2		5
Information Disclosure	0.83			2	1		3
Cross Site Scripting	0.8			5	3		8
Open Redirect	0.75			1	1		2
Denial of Service	0.7			4	25		29
Path Traversal	0.7			1	1		2
Incorrect Calculation	0.5				5	1	6
Memory Corruption	0.5			16	102	5	123
Unknown Vulnerability Type	0				16	224	240

Source	U	C	H	M	L	A
almalinux		1	3	9		13
altlinux		1	15	19	8	43
debian	1	2	29	99	129	260
oraclelinux		1	5	14	2	22
redhat		1	4	11	4	20
redos		2	4	10	4	20
ubuntu		1	8	60	88	157

Urgent (1)

1. Security Feature Bypass - Chromium (CVE-2025-6554) - Urgent [853]

Description: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-6554 was patched at 2025-07-02, 2025-07-15

Critical (3)

2. Remote Code Execution - pgAdmin (CVE-2024-3116) - Critical [719]

Description: pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

redos: CVE-2024-3116 was patched at 2025-07-01

3. Security Feature Bypass - Apache HTTP Server (CVE-2024-42516) - Critical [632]

Description: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.

debian: CVE-2024-42516 was patched at 2025-07-15

4. Elevation of Privilege - Sudo (CVE-2025-32462) - Critical [616]

Description: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

almalinux: CVE-2025-32462 was patched at 2025-06-30, 2025-07-01

altlinux: CVE-2025-32462 was patched at 2025-07-02

debian: CVE-2025-32462 was patched at 2025-06-30, 2025-07-15

oraclelinux: CVE-2025-32462 was patched at 2025-06-30, 2025-07-01

redhat: CVE-2025-32462 was patched at 2025-06-30, 2025-07-01, 2025-07-07, 2025-07-09, 2025-07-10, 2025-07-14

redos: CVE-2025-32462 was patched at 2025-07-07

ubuntu: CVE-2025-32462 was patched at 2025-06-30

High (54)

5. Cross Site Scripting - jquery (CVE-2012-6708) - High [595]

Description: jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

ubuntu: CVE-2012-6708 was patched at 2025-07-08

6. Elevation of Privilege - Sudo (CVE-2025-32463) - High [592]

Description: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

altlinux: CVE-2025-32463 was patched at 2025-07-02

redos: CVE-2025-32463 was patched at 2025-07-07

ubuntu: CVE-2025-32463 was patched at 2025-06-30

7. Remote Code Execution - Redis (CVE-2025-32023) - High [588]

Description: Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

debian: CVE-2025-32023 was patched at 2025-07-15

8. Cross Site Scripting - MediaWiki (CVE-2024-40600) - High [569]

Description: An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

altlinux: CVE-2024-40600 was patched at 2025-06-19

9. Security Feature Bypass - PHP (CVE-2025-1220) - High [567]

Description: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.

debian: CVE-2025-1220 was patched at 2025-07-15

10. Denial of Service - cpp-httplib (CVE-2025-52887) - High [563]

Description: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.

debian: CVE-2025-52887 was patched at 2025-07-15

11. Cross Site Scripting - MediaWiki (CVE-2024-40599) - High [557]

Description: An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

altlinux: CVE-2024-40599 was patched at 2025-06-19

12. Authentication Bypass - Flask-Cors (CVE-2024-6221) - High [551]

Description: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

ubuntu: CVE-2024-6221 was patched at 2025-07-02

13. Remote Code Execution - Git (CVE-2025-48384) - High [542]

Description: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

debian: CVE-2025-48384 was patched at 2025-07-15

ubuntu: CVE-2025-48384 was patched at 2025-07-08

14. Security Feature Bypass - HashiCorp Nomad (CVE-2025-4922) - High [541]

Description: Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.

redos: CVE-2025-4922 was patched at 2025-07-07

15. Cross Site Scripting - MediaWiki (CVE-2024-40604) - High [533]

Description: An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.

altlinux: CVE-2024-40604 was patched at 2025-06-19

16. Cross Site Scripting - MediaWiki (CVE-2024-40605) - High [533]

Description: An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

altlinux: CVE-2024-40605 was patched at 2025-06-19

17. Denial of Service - luajit (CVE-2024-25177) - High [529]

Description: LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

debian: CVE-2024-25177 was patched at 2025-07-15

18. Denial of Service - Linux Kernel (CVE-2025-38089) - High [525]

Description: In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash.

oraclelinux: CVE-2025-38089 was patched at 2025-07-14

19. Memory Corruption - PHP (CVE-2025-6491) - High [520]

Description: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.

debian: CVE-2025-6491 was patched at 2025-07-15

20. Open Redirect - Mozilla Firefox (CVE-2025-6428) - High [517]

Description: When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

altlinux: CVE-2025-6428 was patched at 2025-07-11

21. Elevation of Privilege - Windows NTLM V1 (CVE-2025-21311) - High [511]

Description: Windows NTLM V1 Elevation of Privilege Vulnerability

debian: CVE-2025-21311 was patched at 2025-07-15

22. Memory Corruption - luajit (CVE-2024-25176) - High [505]

Description: LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

debian: CVE-2024-25176 was patched at 2025-07-15

23. Remote Code Execution - Safari (CVE-2022-32912) - High [502]

Description: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

redhat: CVE-2022-32912 was patched at 2025-07-07

24. Memory Corruption - Mbed TLS (CVE-2025-47917) - High [494]

Description: Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).

debian: CVE-2025-47917 was patched at 2025-07-15

25. Memory Corruption - luajit (CVE-2024-25178) - High [494]

Description: LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c

debian: CVE-2024-25178 was patched at 2025-07-15

26. Remote Code Execution - drupal (CVE-2024-55638) - High [488]

Description: Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

redos: CVE-2024-55638 was patched at 2025-07-03

27. Memory Corruption - abc (CVE-2025-45333) - High [482]

Description: berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

debian: CVE-2025-45333 was patched at 2025-07-15

28. Memory Corruption - hdf5 (CVE-2025-6818) - High [482]

Description: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6818 was patched at 2025-07-15

29. Memory Corruption - hdf5 (CVE-2025-6856) - High [482]

Description: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6856 was patched at 2025-07-15

30. Memory Corruption - hdf5 (CVE-2025-6857) - High [482]

Description: A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6857 was patched at 2025-07-15

31. Memory Corruption - DjVuLibre (CVE-2025-53367) - High [470]

Description: DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.

debian: CVE-2025-53367 was patched at 2025-07-07, 2025-07-15

ubuntu: CVE-2025-53367 was patched at 2025-07-09

32. Memory Corruption - Jq (CVE-2024-53427) - High [470]

Description: decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

altlinux: CVE-2024-53427 was patched at 2025-06-19

oraclelinux: CVE-2024-53427 was patched at 2025-06-20

33. Denial of Service - hdf5 (CVE-2025-6817) - High [458]

Description: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6817 was patched at 2025-07-15

34. Memory Corruption - hdf5 (CVE-2025-6858) - High [458]

Description: A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6858 was patched at 2025-07-15

35. Memory Corruption - hdf5 (CVE-2025-7067) - High [458]

Description: A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-7067 was patched at 2025-07-15

36. Memory Corruption - hdf5 (CVE-2025-7068) - High [458]

Description: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-7068 was patched at 2025-07-15

37. Memory Corruption - hdf5 (CVE-2025-7069) - High [458]

Description: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-7069 was patched at 2025-07-15

38. Path Traversal - Tar (CVE-2025-45582) - High [458]

Description: GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).

debian: CVE-2025-45582 was patched at 2025-07-15

39. Authentication Bypass - Apache HTTP Server (CVE-2025-23048) - High [444]

Description: In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

debian: CVE-2025-23048 was patched at 2025-07-15

40. Command Injection - Apache HTTP Server (CVE-2024-43204) - High [430]

Description: SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue.

debian: CVE-2024-43204 was patched at 2025-07-15

41. Remote Code Execution - Mozilla Firefox (CVE-2025-6436) - High [430]

Description: Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140.

altlinux: CVE-2025-6436 was patched at 2025-07-11

42. Code Injection - PHP (CVE-2025-1735) - High [425]

Description: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

debian: CVE-2025-1735 was patched at 2025-07-15

43. Security Feature Bypass - Mozilla Firefox (CVE-2025-6427) - High [425]

Description: An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

altlinux: CVE-2025-6427 was patched at 2025-07-11

44. Security Feature Bypass - Mozilla Firefox (CVE-2025-6433) - High [425]

Description: If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140.

altlinux: CVE-2025-6433 was patched at 2025-07-11

45. Authentication Bypass - MediaWiki (CVE-2025-6926) - High [422]

Description: Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

debian: CVE-2025-6926 was patched at 2025-07-03, 2025-07-15

46. Memory Corruption - hdf5 (CVE-2025-6750) - High [422]

Description: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6750 was patched at 2025-07-15

47. Memory Corruption - hdf5 (CVE-2025-6816) - High [422]

Description: A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6816 was patched at 2025-07-15

48. Remote Code Execution - Python (CVE-2025-4517) - High [421]

Description: Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

almalinux: CVE-2025-4517 was patched at 2025-07-01, 2025-07-02

oraclelinux: CVE-2025-4517 was patched at 2025-07-01, 2025-07-02

redhat: CVE-2025-4517 was patched at 2025-06-30, 2025-07-01, 2025-07-02, 2025-07-07, 2025-07-08

ubuntu: CVE-2025-4517 was patched at 2025-06-19

49. Authentication Bypass - Apache HTTP Server (CVE-2025-49812) - High [420]

Description: In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.

debian: CVE-2025-49812 was patched at 2025-07-15

50. Remote Code Execution - Mozilla Firefox (CVE-2025-5272) - High [419]

Description: Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Thunderbird < 139.

altlinux: CVE-2025-5272 was patched at 2025-07-11, 2025-07-15

51. Security Feature Bypass - Mozilla Firefox (CVE-2025-6435) - High [413]

Description: If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140 and Thunderbird < 140.

altlinux: CVE-2025-6435 was patched at 2025-07-11

52. Information Disclosure - Mozilla Firefox (CVE-2025-6432) - High [412]

Description: When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.

altlinux: CVE-2025-6432 was patched at 2025-07-11

53. Remote Code Execution - Polkit (CVE-2025-7519) - High [411]

Description: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

debian: CVE-2025-7519 was patched at 2025-07-15

54. Remote Code Execution - Python (CVE-2025-4138) - High [409]

Description: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

almalinux: CVE-2025-4138 was patched at 2025-07-01, 2025-07-02

oraclelinux: CVE-2025-4138 was patched at 2025-07-01, 2025-07-02

redhat: CVE-2025-4138 was patched at 2025-06-30, 2025-07-01, 2025-07-02, 2025-07-07, 2025-07-08

ubuntu: CVE-2025-4138 was patched at 2025-06-19

55. Remote Code Execution - Python (CVE-2025-4330) - High [409]

Description: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

almalinux: CVE-2025-4330 was patched at 2025-07-01, 2025-07-02

oraclelinux: CVE-2025-4330 was patched at 2025-07-01, 2025-07-02

redhat: CVE-2025-4330 was patched at 2025-06-30, 2025-07-01, 2025-07-02, 2025-07-07, 2025-07-08

ubuntu: CVE-2025-4330 was patched at 2025-06-19

56. Information Disclosure - MediaWiki (CVE-2024-40597) - High [407]

Description: An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)

altlinux: CVE-2024-40597 was patched at 2025-06-19

57. Authentication Bypass - pgAdmin (CVE-2023-1907) - High [405]

Description: A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

redos: CVE-2023-1907 was patched at 2025-07-03

58. Security Feature Bypass - Mozilla Firefox (CVE-2025-6426) - High [401]

Description: The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

altlinux: CVE-2025-6426 was patched at 2025-07-11

Medium (182)

59. Authentication Bypass - Oracle Java SE (CVE-2025-30749) - Medium [394]

Description: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

almalinux: CVE-2025-30749 was patched at 2025-07-15

debian: CVE-2025-30749 was patched at 2025-07-17

oraclelinux: CVE-2025-30749 was patched at 2025-07-16

redhat: CVE-2025-30749 was patched at 2025-07-15, 2025-07-16

60. Authentication Bypass - Oracle Java SE (CVE-2025-50059) - Medium [394]

Description: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

almalinux: CVE-2025-50059 was patched at 2025-07-15

debian: CVE-2025-50059 was patched at 2025-07-17

oraclelinux: CVE-2025-50059 was patched at 2025-07-16

redhat: CVE-2025-50059 was patched at 2025-07-15, 2025-07-16

61. Authentication Bypass - Oracle Java SE (CVE-2025-50106) - Medium [394]

Description: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

almalinux: CVE-2025-50106 was patched at 2025-07-15

debian: CVE-2025-50106 was patched at 2025-07-17

oraclelinux: CVE-2025-50106 was patched at 2025-07-16

redhat: CVE-2025-50106 was patched at 2025-07-15, 2025-07-16

62. Denial of Service - Apache HTTP Server (CVE-2025-49630) - Medium [394]

Description: In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

debian: CVE-2025-49630 was patched at 2025-07-15

63. Security Feature Bypass - MongoDB (CVE-2025-6709) - Medium [391]

Description: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

altlinux: CVE-2025-6709 was patched at 2025-07-04

64. Remote Code Execution - Git (CVE-2025-48385) - Medium [388]

Description: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

debian: CVE-2025-48385 was patched at 2025-07-15

ubuntu: CVE-2025-48385 was patched at 2025-07-08

65. Remote Code Execution - Python (CVE-2025-27614) - Medium [385]

Description: Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.

debian: CVE-2025-27614 was patched at 2025-07-15

ubuntu: CVE-2025-27614 was patched at 2025-07-08

66. Information Disclosure - Kubernetes (CVE-2025-49593) - Medium [383]

Description: Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.

redos: CVE-2025-49593 was patched at 2025-07-07

67. Open Redirect - pgAdmin (CVE-2023-22298) - Medium [376]

Description: Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

redos: CVE-2023-22298 was patched at 2025-07-03

68. Denial of Service - CXF (CVE-2025-23184) - Medium [375]

Description: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

redhat: CVE-2025-23184 was patched at 2025-07-07, 2025-07-14

69. Security Feature Bypass - rlottie (CVE-2025-53075) - Medium [375]

Description: Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

debian: CVE-2025-53075 was patched at 2025-07-15

70. Remote Code Execution - Python (CVE-2024-12718) - Medium [373]

Description: Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

almalinux: CVE-2024-12718 was patched at 2025-07-01, 2025-07-02

oraclelinux: CVE-2024-12718 was patched at 2025-07-01, 2025-07-02

redhat: CVE-2024-12718 was patched at 2025-06-30, 2025-07-01, 2025-07-02, 2025-07-07, 2025-07-08

ubuntu: CVE-2024-12718 was patched at 2025-06-19

71. Security Feature Bypass - MediaWiki (CVE-2024-40601) - Medium [372]

Description: An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.

altlinux: CVE-2024-40601 was patched at 2025-06-19

72. Remote Code Execution - Mozilla Firefox (CVE-2025-5265) - Medium [371]

Description: Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

altlinux: CVE-2025-5265 was patched at 2025-07-11, 2025-07-15

73. Command Injection - Python (CVE-2025-53643) - Medium [368]

Description: AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

debian: CVE-2025-53643 was patched at 2025-07-15

74. Cross Site Scripting - MediaWiki (CVE-2024-40602) - Medium [366]

Description: An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

altlinux: CVE-2024-40602 was patched at 2025-06-19

75. Incorrect Calculation - Mozilla Firefox (CVE-2025-49710) - Medium [365]

Description: An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.

altlinux: CVE-2025-49710 was patched at 2025-07-11

76. Memory Corruption - Mozilla Firefox (CVE-2025-49709) - Medium [365]

Description: Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.

altlinux: CVE-2025-49709 was patched at 2025-07-11

77. Path Traversal - nix (CVE-2024-45593) - Medium [363]

Description: Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.

ubuntu: CVE-2024-45593 was patched at 2025-07-14

78. Denial of Service - Apache Tomcat (CVE-2025-52520) - Medium [360]

Description: For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

debian: CVE-2025-52520 was patched at 2025-07-15

79. Denial of Service - Apache Tomcat (CVE-2025-53506) - Medium [360]

Description: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

debian: CVE-2025-53506 was patched at 2025-07-15

80. Denial of Service - cpp-httplib (CVE-2025-53629) - Medium [360]

Description: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628.

debian: CVE-2025-53629 was patched at 2025-07-15

81. Authentication Bypass - Teams (CVE-2025-3580) - Medium [358]

Description: An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same organization as the Organization administrator Impact: - Organization administrators can permanently delete Server administrator accounts - If the only Server administrator is deleted, the Grafana instance becomes unmanageable - No super-user permissions remain in the system - Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.

redos: CVE-2025-3580 was patched at 2025-06-19

82. Denial of Service - libxslt (CVE-2025-7424) - Medium [353]

Description: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

debian: CVE-2025-7424 was patched at 2025-07-15

83. Security Feature Bypass - TLS (CVE-2025-6032) - Medium [351]

Description: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

almalinux: CVE-2025-6032 was patched at 2025-07-08

oraclelinux: CVE-2025-6032 was patched at 2025-07-08

redhat: CVE-2025-6032 was patched at 2025-07-01, 2025-07-02, 2025-07-08, 2025-07-09

84. Authentication Bypass - Oracle Java SE (CVE-2025-30754) - Medium [346]

Description: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

almalinux: CVE-2025-30754 was patched at 2025-07-15

debian: CVE-2025-30754 was patched at 2025-07-17

oraclelinux: CVE-2025-30754 was patched at 2025-07-16

redhat: CVE-2025-30754 was patched at 2025-07-15, 2025-07-16

85. Remote Code Execution - Unknown Product (CVE-2025-2251) - Medium [345]

Description: {'nvd_cve_data_all': 'A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

redhat: CVE-2025-2251 was patched at 2025-07-07, 2025-07-14

86. Denial of Service - MongoDB (CVE-2025-6710) - Medium [344]

Description: MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which could occur pre-authorisation. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

altlinux: CVE-2025-6710 was patched at 2025-07-04

87. Denial of Service - libxml2 (CVE-2025-49795) - Medium [344]

Description: A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

oraclelinux: CVE-2025-49795 was patched at 2025-07-08

88. Denial of Service - cpp-httplib (CVE-2025-53628) - Medium [336]

Description: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.

debian: CVE-2025-53628 was patched at 2025-07-15

89. Memory Corruption - Linux Kernel (CVE-2025-22068) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->canceling is set, the uring_cmd can be done via ublk_cancel_cmd() and io_uring_cmd_done(). So set ubq->canceling when queue is frozen, this way makes sure that the flag can be observed from ublk_queue_rq() reliably, and avoids use-after-free on uring_cmd.

ubuntu: CVE-2025-22068 was patched at 2025-06-24, 2025-06-26, 2025-06-30, 2025-07-04, 2025-07-08

90. Memory Corruption - Linux Kernel (CVE-2025-22085) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099 Read of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025 CPU: 0 UID: 0 PID: 10025 Comm: syz.0.988 Not tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x16e/0x5b0 mm/kasan/report.c:521 kasan_report+0x143/0x180 mm/kasan/report.c:634 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 nla_put+0xd3/0x150 lib/nlattr.c:1099 nla_put_string include/net/netlink.h:1621 [inline] fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265 rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857 ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344 ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:709 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:724 ____sys_sendmsg+0x53a/0x860 net/socket.c:2564 ___sys_sendmsg net/socket.c:2618 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2650 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f42d1b8d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ... RSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169 RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c RBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8 </TASK> Allocated by task 10025: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313 __kmemdup_nul mm/util.c:61 [inline] kstrdup+0x42/0x100 mm/util.c:81 kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274 dev_set_name+0xd5/0x120 drivers/base/core.c:3468 assign_name drivers/infiniband/core/device.c:1202 [inline] ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net ---truncated---

ubuntu: CVE-2025-22085 was patched at 2025-06-24, 2025-06-26, 2025-07-08

91. Denial of Service - Redis (CVE-2025-48367) - Medium [332]

Description: Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

debian: CVE-2025-48367 was patched at 2025-07-15

92. Arbitrary File Writing - Git (CVE-2025-46835) - Medium [331]

Description: Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

debian: CVE-2025-46835 was patched at 2025-07-15

ubuntu: CVE-2025-46835 was patched at 2025-07-08

93. Denial of Service - ICMP (CVE-2025-48964) - Medium [329]

Description: ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

altlinux: CVE-2025-48964 was patched at 2025-06-30

94. Security Feature Bypass - MediaWiki (CVE-2024-40603) - Medium [324]

Description: An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.

altlinux: CVE-2024-40603 was patched at 2025-06-19

95. Memory Corruption - Linux Kernel (CVE-2025-22036) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation. <CPU 0> <CPU 1> mpage_read_folio <<bh on stack>> do_mpage_readpage exfat_get_block bh_read __bh_read get_bh(bh) submit_bh wait_on_buffer ... end_buffer_read_sync __end_buffer_read_notouch unlock_buffer <<keep going>> ... ... ... ... <<bh is not valid out of mpage_read_folio>> . . another_function <<variable A on stack>> put_bh(bh) atomic_dec(bh->b_count) * stack corruption here * This patch returns -EAGAIN if a folio does not have buffers when bh_read needs to be called. By doing this, the caller can fallback to functions like block_read_full_folio(), create a buffer_head in the folio, and then call get_block again. Let's do not call bh_read() with on-stack buffer_head.

oraclelinux: CVE-2025-22036 was patched at 2025-07-16

ubuntu: CVE-2025-22036 was patched at 2025-06-24, 2025-06-26, 2025-07-08

96. Memory Corruption - Linux Kernel (CVE-2025-39778) - Medium [322]

Description: In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() The csts_state_names[] array only has six sparse entries, but the iteration code in nvmet_ctrl_state_show() iterates seven, resulting in a potential out-of-bounds stack read. Fix that. Fixes the following warning with an UBSAN kernel: vmlinux.o: warning: objtool: .text.nvmet_ctrl_state_show: unexpected end of section

ubuntu: CVE-2025-39778 was patched at 2025-06-24, 2025-06-26, 2025-06-30, 2025-07-04, 2025-07-08

97. Denial of Service - ClamAV (CVE-2025-20234) - Medium [320]

Description: A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

ubuntu: CVE-2025-20234 was patched at 2025-07-02, 2025-07-07

98. Denial of Service - FreeRDP (CVE-2025-4478) - Medium [320]

Description: A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

oraclelinux: CVE-2025-4478 was patched at 2025-06-27

ubuntu: CVE-2025-4478 was patched at 2025-07-08

99. Denial of Service - Mozilla Firefox (CVE-2025-6434) - Medium [317]

Description: The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140.

altlinux: CVE-2025-6434 was patched at 2025-07-11

100. Memory Corruption - libxslt (CVE-2025-7425) - Medium [317]

Description: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.