Report Name: Linux Patch Wednesday June 2025
Generated: 2025-06-30 16:36:22

Product Name	Prevalence	U	C	H	M	L	A	Comment
HTTP/2	0.9				1		1	HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
Linux Kernel	0.9			2	114	239	355	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Windows Kernel	0.9				2		2	Windows Kernel
libblockdev	0.9			1			1	libblockdev is a C library supporting GObject introspection for manipulation of block devices
Binutils	0.8				2		2	The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Canonical Apport	0.8			1			1	Apport intercepts Program crashes, collects debugging information about the crash and the operating system environment, and sends it to bug trackers in a standardized form
Chromium	0.8	2		3	12		17	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
FreeIPA	0.8			1			1	FreeIPA is a free and open source identity management system
GNOME desktop	0.8				1		1	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
Mozilla Firefox	0.8			3	15		18	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty	0.8				1		1	Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
Node.js	0.8				1		1	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSL	0.8				2		2	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
Samba	0.8				1		1	Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
libvpx	0.8				1		1	libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
systemd-coredump	0.8			1			1	systemd-coredump@.service is a system service to process core dumps
.NET and Visual Studio	0.7			1			1	.NET and Visual Studio
Apache Commons FileUpload	0.7			1			1	The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications
Apache Tomcat	0.7			1	2		3	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Apache Traffic Server	0.7				2		2	The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
Asterisk	0.7			1	1		2	Asterisk is a free and open source framework for building communications applications and is sponsored by Sangoma
FFmpeg	0.7			1			1	FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Moodle	0.7				6	1	7	Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
Open Asset Import Library Assimp	0.7			12			12	Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
SQLite	0.7				1		1	SQLite is a database engine written in the C programming language
ClamAV	0.6		1				1	ClamAV (Clam AntiVirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses
KDE Konsole	0.6		1				1	Konsole is a free and open-source terminal emulator graphical application which is part of KDE Applications and ships with the KDE desktop environment
LibTomMath	0.6				1		1	LibTomMath is a free open source portable number theoretic multiple-precision integer library written entirely in C
Nokogiri	0.6				2		2	Nokogiri is an open source XML and HTML library for the Ruby programming language
Perl	0.6				5		5	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
PostgreSQL	0.6				1		1	PostgreSQL also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
Python	0.6				3		3	Python is a high-level, general-purpose programming language
Redis	0.6				1		1	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Roundcube	0.6		1				1	Roundcube is a web-based IMAP email client
Vault	0.6			1	5	1	7	Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
Wireshark	0.6				1		1	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
libxml2	0.6				4		4	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
Commons BeanUtils	0.5			1			1	Product detected by a:apache:commons_beanutils (exists in CPE dict)
Flask	0.5					1	1	Flask is a lightweight WSGI web application framework
Hibernate Validator	0.5		1				1	Hibernate Validator is the reference implementation of Jakarta Validation 3.1. Jakarta Validation defines a metadata model and API for JavaBean as well as method validation.
HotelDruid	0.5			1			1	Product detected by a:digitaldruid:hoteldruid (exists in CPE dict)
JGit	0.5		1				1	Product detected by a:eclipse:jgit (exists in CPE dict)
Jhead	0.5			1			1	Product detected by a:jhead_project:jhead (exists in CPE dict)
Jq	0.5			2			2	Product detected by a:jqlang:jq (exists in CPE dict)
Libarchive	0.5			1	4		5	Multi-format archive and compression library
ModSecurity	0.5			2			2	ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
NVIDIA CUDA Toolkit	0.5				1		1	The NVIDIA CUDA Toolkit provides a development environment for creating high-performance, GPU-accelerated applications
Node.js pbkdf2	0.5			2			2	The crypto.pbkdf2(), also known as Password-Based Key Derivation function, provides an asynchronous implementation of the derivative function. A key is derived by using the Hmac digest of a specified algorithm from password, salt and iterations.
Nomad	0.5				5	1	6	Product detected by a:hashicorp:nomad (exists in CPE dict)
TLS	0.5				2		2	TLS
Tcpreplay	0.5			1			1	Product detected by a:broadcom:tcpreplay (exists in CPE dict)
Tika	0.5				1		1	Product detected by a:apache:tika (exists in CPE dict)
Yasm	0.5			1			1	Product detected by a:yasm_project:yasm (exists in CPE dict)
cJSON	0.5			1			1	Product detected by a:cjson_project:cjson (exists in CPE dict)
clickhouse	0.5				1		1	Product detected by a:clickhouse:clickhouse (exists in CPE dict)
hdf5	0.5			3			3	Product detected by a:hdfgroup:hdf5 (exists in CPE dict)
libexpat	0.5				1		1	Product detected by a:libexpat_project:libexpat (exists in CPE dict)
pulp	0.5				1		1	Product detected by a:pulpproject:pulp (exists in CPE dict)
python-markdown2	0.5				1		1	Product detected by a:python-markdown2_project:python-markdown2 (exists in CPE dict)
tvOS	0.5				1		1	Product detected by o:apple:tvos (exists in CPE dict)
Git	0.4				1		1	Git
tar-fs	0.4				1		1	Filesystem bindings for tar-stream that allow you to pack directories into tarballs and extract tarballs into directories
Artifex Ghostscript	0.3					1	1	Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
GitHub	0.2				1	1	2	GitHub, Inc. is an Internet hosting service for software development and version control using Git
Unknown Product	0				28	63	91	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		3	9	10		22
Authentication Bypass	0.98				13		13
Code Injection	0.97		1	1	4		6
Command Injection	0.97				2		2
XXE Injection	0.97		1				1
Arbitrary File Writing	0.95				1		1
Security Feature Bypass	0.9	1		2	11	1	15
Elevation of Privilege	0.85			3	1		4
Arbitrary File Reading	0.83				2		2
Information Disclosure	0.83				10	1	11
Cross Site Scripting	0.8				4		4
Open Redirect	0.75				1		1
Denial of Service	0.7			8	20	11	39
Path Traversal	0.7				5	2	7
Incorrect Calculation	0.5				5	6	11
Memory Corruption	0.5	1		22	129	18	170
Spoofing	0.4			1	2	1	4
Unknown Vulnerability Type	0				17	268	285

Source	U	C	H	M	L	A
almalinux			5	7	1	13
altlinux	1	2	4	26	9	42
debian	1	5	41	197	294	538
oraclelinux			8	15	8	31
redhat			6	9	4	19
redos			2	17	5	24
ubuntu		1	7	9	8	25

Urgent (2)

1. Security Feature Bypass - Chromium (CVE-2025-2783) - Urgent [913]

Description: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

altlinux: CVE-2025-2783 was patched at 2025-06-04, 2025-06-11, 2025-06-18

2. Memory Corruption - Chromium (CVE-2025-5419) - Urgent [829]

Description: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-5419 was patched at 2025-06-04, 2025-06-17

Critical (5)

3. Code Injection - Hibernate Validator (CVE-2025-35036) - Critical [780]

Description: Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.

debian: CVE-2025-35036 was patched at 2025-06-17

4. Remote Code Execution - Roundcube (CVE-2025-49113) - Critical [719]

Description: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

altlinux: CVE-2025-49113 was patched at 2025-06-23

debian: CVE-2025-49113 was patched at 2025-06-02, 2025-06-17

ubuntu: CVE-2025-49113 was patched at 2025-06-19

5. Remote Code Execution - ClamAV (CVE-2025-20260) - Critical [635]

Description: A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.

debian: CVE-2025-20260 was patched at 2025-06-17

6. XXE Injection - JGit (CVE-2025-4949) - Critical [613]

Description: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

debian: CVE-2025-4949 was patched at 2025-05-22

7. Remote Code Execution - KDE Konsole (CVE-2025-49091) - Critical [611]

Description: KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.

altlinux: CVE-2025-49091 was patched at 2025-06-20

debian: CVE-2025-49091 was patched at 2025-06-17, 2025-06-20

High (46)

8. Remote Code Execution - Libarchive (CVE-2025-5914) - High [595]

Description: A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

debian: CVE-2025-5914 was patched at 2025-06-17

9. Security Feature Bypass - Node.js pbkdf2 (CVE-2025-6545) - High [589]

Description: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

debian: CVE-2025-6545 was patched at 2025-06-17

10. Security Feature Bypass - Node.js pbkdf2 (CVE-2025-6547) - High [589]

Description: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.

debian: CVE-2025-6547 was patched at 2025-06-17

11. Elevation of Privilege - libblockdev (CVE-2025-6019) - High [587]

Description: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

almalinux: CVE-2025-6019 was patched at 2025-06-20

debian: CVE-2025-6019 was patched at 2025-06-17

oraclelinux: CVE-2025-6019 was patched at 2025-06-23

ubuntu: CVE-2025-6019 was patched at 2025-06-18

12. Denial of Service - Apache Tomcat (CVE-2025-48988) - High [586]

Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

debian: CVE-2025-48988 was patched at 2025-06-17

13. Denial of Service - Apache Commons FileUpload (CVE-2025-48976) - High [563]

Description: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

debian: CVE-2025-48976 was patched at 2025-06-17

14. Denial of Service - ModSecurity (CVE-2025-48866) - High [541]

Description: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

debian: CVE-2025-48866 was patched at 2025-06-08, 2025-06-17

ubuntu: CVE-2025-48866 was patched at 2025-06-13

15. Denial of Service - HotelDruid (CVE-2025-44203) - High [529]

Description: In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.

debian: CVE-2025-44203 was patched at 2025-06-17

16. Denial of Service - ModSecurity (CVE-2025-47947) - High [529]

Description: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.

almalinux: CVE-2025-47947 was patched at 2025-06-11

debian: CVE-2025-47947 was patched at 2025-05-22, 2025-06-08

oraclelinux: CVE-2025-47947 was patched at 2025-06-11

redhat: CVE-2025-47947 was patched at 2025-06-05, 2025-06-09, 2025-06-11

ubuntu: CVE-2025-47947 was patched at 2025-06-13

17. Denial of Service - systemd-coredump (CVE-2025-4598) - High [520]

Description: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

debian: CVE-2025-4598 was patched at 2025-05-29, 2025-06-17

oraclelinux: CVE-2025-4598 was patched at 2025-05-29

ubuntu: CVE-2025-4598 was patched at 2025-06-09

18. Denial of Service - Tcpreplay (CVE-2024-22654) - High [517]

Description: tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.

debian: CVE-2024-22654 was patched at 2025-06-17

19. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5200) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5200 was patched at 2025-06-17

20. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5201) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5201 was patched at 2025-06-17

21. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5202) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validate_header of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5202 was patched at 2025-06-17

22. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5203) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5203 was patched at 2025-06-17

23. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5204) - High [515]

Description: A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5204 was patched at 2025-06-17

24. Spoofing - Asterisk (CVE-2025-47779) - High [509]

Description: Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

debian: CVE-2025-47779 was patched at 2025-06-17

25. Denial of Service - Jq (CVE-2024-23337) - High [505]

Description: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

altlinux: CVE-2024-23337 was patched at 2025-06-19

debian: CVE-2024-23337 was patched at 2025-05-22

26. Elevation of Privilege - Linux Kernel (CVE-2022-50014) - High [504]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW Ever since the Dirty COW (CVE-2016-5195) security issue happened, we know that FOLL_FORCE can be possibly dangerous, especially if there are races that can be exploited by user space. Right now, it would be sufficient to have some code that sets a PTE of a R/O-mapped shared page dirty, in order for it to erroneously become writable by FOLL_FORCE. The implications of setting a write-protected PTE dirty might not be immediately obvious to everyone. And in fact ever since commit 9ae0f87d009c ("mm/shmem: unconditionally set pte dirty in mfill_atomic_install_pte"), we can use UFFDIO_CONTINUE to map a shmem page R/O while marking the pte dirty. This can be used by unprivileged user space to modify tmpfs/shmem file content even if the user does not have write permissions to the file, and to bypass memfd write sealing -- Dirty COW restricted to tmpfs/shmem (CVE-2022-2590). To fix such security issues for good, the insight is that we really only need that fancy retry logic (FOLL_COW) for COW mappings that are not writable (!VM_WRITE). And in a COW mapping, we really only broke COW if we have an exclusive anonymous page mapped. If we have something else mapped, or the mapped anonymous page might be shared (!PageAnonExclusive), we have to trigger a write fault to break COW. If we don't find an exclusive anonymous page when we retry, we have to trigger COW breaking once again because something intervened. Let's move away from this mandatory-retry + dirty handling and rely on our PageAnonExclusive() flag for making a similar decision, to use the same COW logic as in other kernel parts here as well. In case we stumble over a PTE in a COW mapping that does not map an exclusive anonymous page, COW was not properly broken and we have to trigger a fake write-fault to break COW. Just like we do in can_change_pte_writable() added via commit 64fe24a3e05e ("mm/mprotect: try avoiding write faults for exclusive anonymous pages when changing protection") and commit 76aefad628aa ("mm/mprotect: fix soft-dirty check in can_change_pte_writable()"), take care of softdirty and uffd-wp manually. For example, a write() via /proc/self/mem to a uffd-wp-protected range has to fail instead of silently granting write access and bypassing the userspace fault handler. Note that FOLL_FORCE is not only used for debug access, but also triggered by applications without debug intentions, for example, when pinning pages via RDMA. This fixes CVE-2022-2590. Note that only x86_64 and aarch64 are affected, because only those support CONFIG_HAVE_ARCH_USERFAULTFD_MINOR. Fortunately, FOLL_COW is no longer required to handle FOLL_FORCE. So let's just get rid of it. Thanks to Nadav Amit for pointing out that the pte_dirty() check in FOLL_FORCE code is problematic and might be exploitable. Note 1: We don't check for the PTE being dirty because it doesn't matter for making a "was COWed" decision anymore, and whoever modifies the page has to set the page dirty either way. Note 2: Kernels before extended uffd-wp support and before PageAnonExclusive (< 5.19) can simply revert the problematic commit instead and be safe regarding UFFDIO_CONTINUE. A backport to v5.19 requires minor adjustments due to lack of vma_soft_dirty_enabled().

debian: CVE-2022-50014 was patched at 2025-06-17

27. Memory Corruption - Jq (CVE-2025-48060) - High [494]

Description: jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

altlinux: CVE-2025-48060 was patched at 2025-06-19

debian: CVE-2025-48060 was patched at 2025-05-22

28. Memory Corruption - hdf5 (CVE-2025-44904) - High [494]

Description: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

debian: CVE-2025-44904 was patched at 2025-06-17

29. Memory Corruption - hdf5 (CVE-2025-44905) - High [494]

Description: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.

debian: CVE-2025-44905 was patched at 2025-06-17

30. Memory Corruption - FFmpeg (CVE-2025-1816) - High [491]

Description: A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

ubuntu: CVE-2025-1816 was patched at 2025-05-28

31. Memory Corruption - Canonical Apport (CVE-2025-5054) - High [484]

Description: Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).

ubuntu: CVE-2025-5054 was patched at 2025-05-29

32. Memory Corruption - hdf5 (CVE-2025-6516) - High [482]

Description: A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-6516 was patched at 2025-06-17

33. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5165) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5165 was patched at 2025-06-17

34. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5166) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5166 was patched at 2025-06-17

35. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5167) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5167 was patched at 2025-06-17

36. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5168) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5168 was patched at 2025-06-17

37. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5169) - High [479]

Description: A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-5169 was patched at 2025-06-17

38. Memory Corruption - Jhead (CVE-2025-44906) - High [470]

Description: jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.

debian: CVE-2025-44906 was patched at 2025-06-17

39. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-6119) - High [467]

Description: A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-6119 was patched at 2025-06-17

40. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-6120) - High [467]

Description: A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian: CVE-2025-6120 was patched at 2025-06-17

41. Remote Code Execution - Chromium (CVE-2025-5280) - High [466]

Description: Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-5280 was patched at 2025-05-29, 2025-06-17

42. Memory Corruption - Linux Kernel (CVE-2022-50213) - High [453]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.

debian: CVE-2022-50213 was patched at 2025-06-17

43. Memory Corruption - Yasm (CVE-2024-22653) - High [446]

Description: yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.

debian: CVE-2024-22653 was patched at 2025-06-17

redos: CVE-2024-22653 was patched at 2025-06-19

44. Memory Corruption - cJSON (CVE-2023-53154) - High [446]

Description: parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

altlinux: CVE-2023-53154 was patched at 2025-06-24

debian: CVE-2023-53154 was patched at 2025-06-17

45. Remote Code Execution - Chromium (CVE-2025-5959) - High [430]

Description: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-5959 was patched at 2025-06-11, 2025-06-17

46. Remote Code Execution - Mozilla Firefox (CVE-2025-5268) - High [430]

Description: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

almalinux: CVE-2025-5268 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5268 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5268 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5268 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

47. Remote Code Execution - Mozilla Firefox (CVE-2025-5269) - High [419]

Description: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11.

almalinux: CVE-2025-5269 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5269 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5269 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5269 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

48. Elevation of Privilege - FreeIPA (CVE-2025-4404) - High [416]

Description: A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

debian: CVE-2025-4404 was patched at 2025-06-17

oraclelinux: CVE-2025-4404 was patched at 2025-06-17, 2025-06-18

redhat: CVE-2025-4404 was patched at 2025-06-17

49. Remote Code Execution - Commons BeanUtils (CVE-2025-48734) - High [416]

Description: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

debian: CVE-2025-48734 was patched at 2025-06-17

oraclelinux: CVE-2025-48734 was patched at 2025-06-18

redhat: CVE-2025-48734 was patched at 2025-06-16

50. Remote Code Execution - Chromium (CVE-2025-6557) - High [407]

Description: Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-6557 was patched at 2025-06-17

51. Remote Code Execution - Mozilla Firefox (CVE-2025-4092) - High [407]

Description: Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138.

altlinux: CVE-2025-4092 was patched at 2025-05-27

52. Code Injection - Vault (CVE-2023-0620) - High [404]

Description: HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.

redos: CVE-2023-0620 was patched at 2025-05-26

53. Remote Code Execution - .NET and Visual Studio (CVE-2025-30399) - High [402]

Description: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

almalinux: CVE-2025-30399 was patched at 2025-06-11

oraclelinux: CVE-2025-30399 was patched at 2025-06-11, 2025-06-13

redhat: CVE-2025-30399 was patched at 2025-06-11, 2025-06-16

ubuntu: CVE-2025-30399 was patched at 2025-06-10

Medium (237)

54. Authentication Bypass - Apache Traffic Server (CVE-2025-31698) - Medium [398]

Description: ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

debian: CVE-2025-31698 was patched at 2025-06-17, 2025-06-24

55. Information Disclosure - Moodle (CVE-2025-32044) - Medium [395]

Description: A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.

altlinux: CVE-2025-32044 was patched at 2025-05-26

redos: CVE-2025-32044 was patched at 2025-06-16

56. Authentication Bypass - Chromium (CVE-2025-5067) - Medium [391]

Description: Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-5067 was patched at 2025-05-29, 2025-06-17

57. Denial of Service - Mozilla Firefox (CVE-2025-6424) - Medium [389]

Description: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

debian: CVE-2025-6424 was patched at 2025-06-17

58. Arbitrary File Reading - Samba (CVE-2025-0620) - Medium [388]

Description: A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

ubuntu: CVE-2025-0620 was patched at 2025-06-10

59. Information Disclosure - Mozilla Firefox (CVE-2025-5266) - Medium [388]

Description: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

almalinux: CVE-2025-5266 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5266 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5266 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5266 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

60. Authentication Bypass - Apache Tomcat (CVE-2025-49125) - Medium [386]

Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

debian: CVE-2025-49125 was patched at 2025-06-17

61. Security Feature Bypass - libexpat (CVE-2012-1147) - Medium [386]

Description: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

debian: CVE-2012-1147 was patched at 2025-06-17

62. Cross Site Scripting - Vault (CVE-2023-2121) - Medium [385]

Description: Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

redos: CVE-2023-2121 was patched at 2025-05-26

63. Remote Code Execution - Mozilla Firefox (CVE-2025-4089) - Medium [383]

Description: Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138.

altlinux: CVE-2025-4089 was patched at 2025-05-27

64. Remote Code Execution - Mozilla Firefox (CVE-2025-5264) - Medium [383]

Description: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

almalinux: CVE-2025-5264 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5264 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5264 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5264 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

redos: CVE-2025-5264 was patched at 2025-06-16

65. Elevation of Privilege - Mozilla Firefox (CVE-2025-4085) - Medium [380]

Description: An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

altlinux: CVE-2025-4085 was patched at 2025-05-27

66. Memory Corruption - Chromium (CVE-2025-5063) - Medium [377]

Description: Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-5063 was patched at 2025-05-29, 2025-06-17

67. Security Feature Bypass - Chromium (CVE-2025-5064) - Medium [377]

Description: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2025-5064 was patched at 2025-05-29, 2025-06-17

68. Security Feature Bypass - Mozilla Firefox (CVE-2025-4088) - Medium [377]

Description: A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

altlinux: CVE-2025-4088 was patched at 2025-05-27

69. Security Feature Bypass - Nomad (CVE-2022-41606) - Medium [375]

Description: HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

redos: CVE-2022-41606 was patched at 2025-05-26

70. Information Disclosure - tvOS (CVE-2023-40403) - Medium [374]

Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

almalinux: CVE-2023-40403 was patched at 2025-06-09

debian: CVE-2023-40403 was patched at 2025-06-17

oraclelinux: CVE-2023-40403 was patched at 2025-06-09

redhat: CVE-2023-40403 was patched at 2025-06-09, 2025-06-12

71. Authentication Bypass - PostgreSQL (CVE-2025-49146) - Medium [370]

Description: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.

debian: CVE-2025-49146 was patched at 2025-06-17

72. Arbitrary File Reading - Perl (CVE-2025-40908) - Medium [367]

Description: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

debian: CVE-2025-40908 was patched at 2025-06-17

oraclelinux: CVE-2025-40908 was patched at 2025-06-23, 2025-06-24

73. Denial of Service - GNOME desktop (CVE-2025-5024) - Medium [365]

Description: A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

debian: CVE-2025-5024 was patched at 2025-05-22

74. Memory Corruption - Chromium (CVE-2025-5068) - Medium [365]

Description: Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2025-5068 was patched at 2025-06-04, 2025-06-17

75. Information Disclosure - Chromium (CVE-2025-5281) - Medium [364]

Description: Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2025-5281 was patched at 2025-05-29, 2025-06-17

76. Authentication Bypass - Moodle (CVE-2025-3627) - Medium [363]

Description: A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).

altlinux: CVE-2025-3627 was patched at 2025-05-26

redos: CVE-2025-3627 was patched at 2025-05-26

77. Security Feature Bypass - pulp (CVE-2024-7143) - Medium [363]

Description: A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.

oraclelinux: CVE-2024-7143 was patched at 2025-06-09

78. Denial of Service - Apache Traffic Server (CVE-2025-49763) - Medium [360]

Description: ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

debian: CVE-2025-49763 was patched at 2025-06-17, 2025-06-24

79. Cross Site Scripting - Mozilla Firefox (CVE-2025-6430) - Medium [359]

Description: When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

debian: CVE-2025-6430 was patched at 2025-06-17

80. Cross Site Scripting - python-markdown2 (CVE-2018-5773) - Medium [357]

Description: An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.

altlinux: CVE-2018-5773 was patched at 2025-05-26

81. Denial of Service - libxml2 (CVE-2025-49796) - Medium [355]

Description: A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

debian: CVE-2025-49796 was patched at 2025-06-17

82. Security Feature Bypass - Vault (CVE-2022-41316) - Medium [355]

Description: HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

redos: CVE-2022-41316 was patched at 2025-05-26

83. Incorrect Calculation - Chromium (CVE-2025-6191) - Medium [353]

Description: Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-6191 was patched at 2025-06-17, 2025-06-18

84. Memory Corruption - Chromium (CVE-2025-5958) - Medium [353]

Description: Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-5958 was patched at 2025-06-11, 2025-06-17

85. Memory Corruption - Chromium (CVE-2025-6192) - Medium [353]

Description: Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-6192 was patched at 2025-06-17, 2025-06-18

86. Security Feature Bypass - Chromium (CVE-2025-6556) - Medium [353]

Description: Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-6556 was patched at 2025-06-17

87. Security Feature Bypass - Mozilla Firefox (CVE-2025-5263) - Medium [353]

Description: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

almalinux: CVE-2025-5263 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5263 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5263 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5263 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

redos: CVE-2025-5263 was patched at 2025-06-16

88. Authentication Bypass - Moodle (CVE-2025-3634) - Medium [351]

Description: A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

altlinux: CVE-2025-3634 was patched at 2025-05-26

redos: CVE-2025-3634 was patched at 2025-05-26

89. Denial of Service - clickhouse (CVE-2019-16536) - Medium [351]

Description: Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.

debian: CVE-2019-16536 was patched at 2025-06-17

90. Denial of Service - Vault (CVE-2023-0665) - Medium [344]

Description: HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

redos: CVE-2023-0665 was patched at 2025-05-26

91. Denial of Service - libxml2 (CVE-2025-49795) - Medium [344]

Description: A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

debian: CVE-2025-49795 was patched at 2025-06-17

92. Denial of Service - libxml2 (CVE-2025-6021) - Medium [344]

Description: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

debian: CVE-2025-6021 was patched at 2025-06-17

93. Denial of Service - Mozilla Firefox (CVE-2025-5267) - Medium [341]

Description: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

almalinux: CVE-2025-5267 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5267 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5267 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5267 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

94. Information Disclosure - Mozilla Firefox (CVE-2025-6425) - Medium [341]

Description: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

debian: CVE-2025-6425 was patched at 2025-06-17

95. Security Feature Bypass - TLS (CVE-2025-6032) - Medium [339]

Description: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

debian: CVE-2025-6032 was patched at 2025-06-17

96. Remote Code Execution - Redis (CVE-2025-27151) - Medium [338]

Description: Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

debian: CVE-2025-27151 was patched at 2025-06-17

97. Command Injection - Git (CVE-2025-22237) - Medium [335]

Description: An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.