Report Name: Linux Patch Wednesday November 2025
Generated: 2025-11-21 16:55:52

Product Name	Prevalence	U	C	H	M	L	A	Comment
Django	0.9		1				1	Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. It provides built-in tools for database models, authentication, URL routing, templates, and security features, making it one of the most widely used frameworks for building scalable and maintainable web applications.
Linux Kernel	0.9				82	150	232	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Sudo	0.9				1	1	2	Sudo is a widely used Unix/Linux utility that allows permitted users to execute commands with elevated (typically root) privileges while providing extensive logging and fine-grained security controls. It is a foundational component in most Linux and BSD distributions.
Binutils	0.8			2			2	The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CUPS	0.8				2		2	CUPS is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server
Chromium	0.8		2	4	27		33	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNOME desktop	0.8				1	1	2	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
Mozilla Firefox	0.8			7	25		32	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty	0.8			1			1	Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
PHP	0.8				1		1	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
Samba	0.8		1		1		2	Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
Zabbix	0.8				1		1	Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
Apache Tomcat	0.7		1		2		3	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
BIND	0.7			4	2		6	BIND is a suite of software for interacting with the Domain Name System
Calibre	0.7			1			1	Calibre is a cross-platform free and open-source suite of e-book software
Curl	0.7					1	1	Curl is a command-line tool for transferring data specified with URL syntax
MinIO	0.7			1			1	MinIO is a high-performance, S3-compatible object storage system designed for large-scale data infrastructure. It supports cloud-native workloads and provides APIs for storing, retrieving, and managing unstructured data such as photos, videos, log files, and backups, with a focus on scalability, speed, and simplicity.
QEMU e1000	0.7				1		1	QEMU is an open-source machine emulator and virtualization platform. It supports various virtual hardware devices, including the e1000 network device, which emulates an Intel PRO/1000 network adapter for virtual machines. The e1000 component handles network packet transmission and reception for guest systems.
SQLite	0.7			1			1	SQLite is a database engine written in the C programming language
Bouncy Castle	0.6				1		1	Bouncy Castle is a collection of APIs used in cryptography
Canonical LXD	0.6				1		1	Canonical LXD is a system container and VM manager for Linux. LXD-UI is the web UI component of LXD that provides a browser-based interface for creating, managing and starting containers and instances.
ImageMagick	0.6			2			2	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Jenkins	0.6					2	2	Jenkins is an open source automation server. It helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration, and continuous delivery.
Lasso	0.6		1	3			4	Lasso is an open-source library that implements the SAML (Security Assertion Markup Language) standard for identity federation, single sign-on (SSO), and identity management, supporting protocols like SAML 1.1, SAML 2.0, Liberty ID-FF, and ID-WSF.
MongoDB	0.6				3		3	MongoDB is a source-available, cross-platform, document-oriented database program
Oracle Java SE	0.6			1	2		3	Oracle Java SE
Perl	0.6				1		1	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
PostgreSQL	0.6				2		2	PostgreSQL also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
PyTorch	0.6				1		1	PyTorch is a machine learning library based on the Torch library, used for applications such as computer vision and natural language processing, originally developed by Meta AI and now part of the Linux Foundation umbrella
Python	0.6				1		1	Python is a high-level, general-purpose programming language
Vault	0.6				1		1	Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
Webmin	0.6		2	1			3	Webmin is a web-based system administration tool for Unix-like servers and services, with about 1,000,000 yearly installations worldwide. It allows administrators to configure operating system internals such as users, disk quotas, services, and configuration files, as well as modify and control open-source applications such as BIND DNS Server, Apache HTTP Server, PHP, MySQL, and more.
pgAdmin	0.6				1		1	pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world
Audiofile	0.5			1			1	audiofile is an open-source library for reading and writing audio files in various formats, including AIFF, WAV, and others.
Authlib	0.5			1			1	Authlib is a Python library for building OAuth and OpenID Connect clients and servers, providing tools for secure authentication, token management, and authorization flows.
DCMTK	0.5			2			2	DCMTK (DICOM Toolkit) is an open-source collection of libraries and applications implementing large parts of the DICOM standard, including image processing, storage, and network services for medical imaging.
Docker	0.5				1		1	Docker
FRRouting	0.5			9			9	FRRouting (FRR) is an IP routing protocol suite for Linux and Unix platforms, supporting BGP, OSPF, RIP, IS-IS, and other routing protocols for network infrastructure.
FontForge	0.5				2		2	FontForge is an open-source font editor used for creating, editing, and converting fonts in formats such as TrueType, OpenType, and PostScript.
GIMP	0.5			1			1	GIMP is an open-source image manipulation program used for photo editing, graphic design, and digital art creation.
Gnulib	0.5			1			1	Gnulib is a portability library used in GNU software to provide reusable implementations of common functions across different platforms.
Icinga	0.5				2	2	4	Icinga is an open-source IT monitoring application that checks network resources, generates performance data, and notifies users of outages.
JasPer	0.5			2			2	JasPer is an open-source JPEG-2000 codec library that provides tools for encoding, decoding, and manipulating JPEG-2000 images. It supports a wide range of features for image compression and decompression, including file format handling and color management.
Jitsi	0.5			1			1	Jitsi is an open-source platform for video conferencing and real-time communication, including video, voice, chat, and encrypted group meetings.
Kamailio	0.5			4			4	Kamailio is an open-source SIP server used for building scalable VoIP, instant messaging, and real-time communications systems.
Libarchive	0.5				1		1	Multi-format archive and compression library
Mbed TLS	0.5			1		1	2	Mbed TLS
NVIDIA CUDA Toolkit	0.5				1		1	The NVIDIA CUDA Toolkit provides a development environment for creating high-performance, GPU-accelerated applications
NVIDIA vGPU	0.5				2		2	NVIDIA vGPU (Virtual GPU) is a virtualization solution for Windows and Linux that enables multiple virtual machines to share a single physical GPU, providing accelerated graphics and compute capabilities. It includes the Virtual GPU Manager component that runs on the hypervisor and manages GPU resource allocation for guest VMs.
Netsurf	0.5			3			3	NetSurf is a lightweight open-source web browser designed for efficiency and portability, supporting HTML, CSS, and basic web standards. It is commonly used in embedded and resource-constrained environments.
Pillow	0.5			1			1	Pillow is a Python imaging library that adds image processing capabilities to Python, supporting formats such as PNG, JPEG, GIF, TIFF, and BMP.
Pypdf	0.5				2		2	PyPDF is a Python library for reading, manipulating, and writing PDF files, including extraction, splitting, merging, and encryption features.
QuickJS	0.5			7	1		8	QuickJS is a lightweight JavaScript engine that supports modern ECMAScript features and can be embedded into applications for scripting purposes.
Radare2	0.5				1		1	Radare2 is an open-source reverse engineering framework that includes tools for binary analysis, disassembly, debugging, and forensics.
Squid	0.5			1			1	Squid is a caching and forwarding HTTP proxy supporting web acceleration, content filtering, and caching for HTTP, HTTPS, and FTP.
Starlette	0.5				1		1	Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit
Suricata	0.5			1	2		3	Suricata is an open-source intrusion detection and prevention system (IDS/IPS) and network security monitoring engine that supports deep packet inspection and threat detection.
Terraform	0.5				1		1	Terraform is an infrastructure-as-code (IaC) tool that enables users to define, provision, and manage cloud and on-premises infrastructure using declarative configuration files.
The Visualization Toolkit (VTK)	0.5			3			3	The Visualization Toolkit (VTK) is an open-source software system for 3D computer graphics, image processing, and visualization.
libmicrohttpd	0.5				2		2	libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. It is designed to be lightweight and embedded.
Git	0.4			1			1	Git
Keras	0.4			1	3		4	High-level neural networks API, running on top of TensorFlow, allowing model building and training
NVIDIA Container Toolkit	0.35		2	2	4		8	The NVIDIA Container Toolkit provides the tooling and runtime components to build and run GPU-accelerated containers, exposing host NVIDIA GPUs into containerized workloads and integrating with container runtimes (Docker, containerd, CRI-O).
GeographicLib	0.3			1			1	GeographicLib is a C++ library for geographic calculations, including conversions between geographic, UTM, MGRS, geocentric, and local coordinates. It provides tools such as GeoConvert to perform precise coordinate transformations.
JOSE	0.3				2		2	JavaScript module for JSON Object Signing and Encryption (JOSE)
Wasmtime	0.25					1	1	Standalone WebAssembly runtime written in Rust
Unknown Product	0				23	64	87	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		6	10	5		21
Authentication Bypass	0.98			5	10		15
Code Injection	0.97		1	1			2
Command Injection	0.97			2	3		5
Arbitrary File Writing	0.95			2	1		3
Security Feature Bypass	0.9		1	3	11		15
Elevation of Privilege	0.85			2			2
Information Disclosure	0.83		1	6	4		11
Cross Site Scripting	0.8				1		1
Denial of Service	0.7			18	33	9	60
Path Traversal	0.7				3		3
Incorrect Calculation	0.5			3	5	1	9
Memory Corruption	0.5		1	20	97	12	130
Spoofing	0.4				6		6
Tampering	0.3				2		2
Unknown Vulnerability Type	0				30	201	231

Source	U	C	H	M	L	A
almalinux		1	6	7	4	18
altlinux		2	18	37	15	72
debian		6	55	161	203	425
oraclelinux		1	6	7	6	20
redhat		2	6	18	5	31
redos		4	7	22	4	37
ubuntu		3	9	19	3	34

Urgent (0)

Critical (10)

1. Remote Code Execution - Samba (CVE-2025-10230) - Critical [704]

Description: A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.

altlinux: CVE-2025-10230 was patched at 2025-11-11

debian: CVE-2025-10230 was patched at 2025-10-16

ubuntu: CVE-2025-10230 was patched at 2025-10-16, 2025-10-20

2. Remote Code Execution - Webmin (CVE-2024-12828) - Critical [695]

Description: Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.

redos: CVE-2024-12828 was patched at 2025-10-28

3. Remote Code Execution - Apache Tomcat (CVE-2025-55752) - Critical [664]

Description: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

altlinux: CVE-2025-55752 was patched at 2025-11-10, 2025-11-17

debian: CVE-2025-55752 was patched at 2025-11-15

redhat: CVE-2025-55752 was patched at 2025-11-06

4. Memory Corruption - Chromium (CVE-2025-13223) - Critical [651]

Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-13223 was patched at 2025-11-18, 2025-11-19

5. Remote Code Execution - NVIDIA Container Toolkit (CVE-2024-0132) - Critical [641]

Description: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

redos: CVE-2024-0132 was patched at 2025-10-28

6. Code Injection - Django (CVE-2025-64459) - Critical [632]

Description: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.

debian: CVE-2025-64459 was patched at 2025-11-15

ubuntu: CVE-2025-64459 was patched at 2025-11-05

7. Information Disclosure - Webmin (CVE-2024-44762) - Critical [629]

Description: A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.

redos: CVE-2024-44762 was patched at 2025-11-05

8. Security Feature Bypass - Chromium (CVE-2025-12428) - Critical [627]

Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-12428 was patched at 2025-10-30, 2025-11-15

9. Remote Code Execution - Lasso (CVE-2025-47151) - Critical [623]

Description: A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

almalinux: CVE-2025-47151 was patched at 2025-11-17

debian: CVE-2025-47151 was patched at 2025-11-15

oraclelinux: CVE-2025-47151 was patched at 2025-11-19

redhat: CVE-2025-47151 was patched at 2025-11-17

ubuntu: CVE-2025-47151 was patched at 2025-11-18

10. Remote Code Execution - NVIDIA Container Toolkit (CVE-2025-23359) - Critical [605]

Description: NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

redos: CVE-2025-23359 was patched at 2025-10-28

High (72)

11. Memory Corruption - Gnulib (CVE-2017-7476) - High [589]

Description: Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.

altlinux: CVE-2017-7476 was patched at 2025-11-06

12. Security Feature Bypass - BIND (CVE-2025-40778) - High [586]

Description: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

almalinux: CVE-2025-40778 was patched at 2025-11-05, 2025-11-06, 2025-11-10, 2025-11-12

altlinux: CVE-2025-40778 was patched at 2025-10-28, 2025-11-05

debian: CVE-2025-40778 was patched at 2025-10-23, 2025-11-15

oraclelinux: CVE-2025-40778 was patched at 2025-11-05, 2025-11-06, 2025-11-10

redhat: CVE-2025-40778 was patched at 2025-11-05, 2025-11-06, 2025-11-10, 2025-11-12, 2025-11-19

redos: CVE-2025-40778 was patched at 2025-11-13

ubuntu: CVE-2025-40778 was patched at 2025-10-22, 2025-11-12

13. Remote Code Execution - Netsurf (CVE-2024-51317) - High [583]

Description: An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function

debian: CVE-2024-51317 was patched at 2025-11-15

14. Remote Code Execution - QuickJS (CVE-2025-62494) - High [583]

Description: A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand operand is a string. * It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf). * During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array). * The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string. This mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime.

debian: CVE-2025-62494 was patched at 2025-11-15

15. Elevation of Privilege - MinIO (CVE-2025-62506) - High [577]

Description: MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing operations on their own account, specifically when creating new service accounts for the same user. The vulnerability exists in the IAM policy validation logic where the code incorrectly relied on the DenyOnly argument when validating session policies for restricted accounts. When a session policy is present, the system should validate that the action is allowed by the session policy, not just that it is not denied. An attacker with valid credentials for a restricted service or STS account can create a new service account for itself without policy restrictions, resulting in a new service account with full parent privileges instead of being restricted by the inline policy. This allows the attacker to access buckets and objects beyond their intended restrictions and modify, delete, or create objects outside their authorized scope. The vulnerability is fixed in version RELEASE.2025-10-15T17-29-55Z.

altlinux: CVE-2025-62506 was patched at 2025-11-13

redos: CVE-2025-62506 was patched at 2025-11-13

16. Denial of Service - SQLite (CVE-2025-52099) - High [575]

Description: Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function

debian: CVE-2025-52099 was patched at 2025-11-15

17. Arbitrary File Writing - BIND (CVE-2025-52881) - High [572]

Description: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

almalinux: CVE-2025-52881 was patched at 2025-11-07, 2025-11-11, 2025-11-13, 2025-11-18

debian: CVE-2025-52881 was patched at 2025-11-15

oraclelinux: CVE-2025-52881 was patched at 2025-11-07, 2025-11-17

redhat: CVE-2025-52881 was patched at 2025-11-07, 2025-11-11, 2025-11-13, 2025-11-18

ubuntu: CVE-2025-52881 was patched at 2025-11-04

18. Authentication Bypass - Webmin (CVE-2025-61541) - High [572]

Description: Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email_url(). An attacker can manipulate the Host header to inject a malicious domain into the reset email. If a victim follows the poisoned link, the attacker can intercept the reset token and gain full control of the target account.

redos: CVE-2025-61541 was patched at 2025-11-13

19. Arbitrary File Writing - Git (CVE-2025-26625) - High [569]

Description: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.

altlinux: CVE-2025-26625 was patched at 2025-10-28

debian: CVE-2025-26625 was patched at 2025-11-15

20. Security Feature Bypass - Chromium (CVE-2025-12439) - High [567]

Description: Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

debian: CVE-2025-12439 was patched at 2025-10-30, 2025-11-15

21. Information Disclosure - Squid (CVE-2025-62168) - High [552]

Description: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.

almalinux: CVE-2025-62168 was patched at 2025-10-27, 2025-11-11

altlinux: CVE-2025-62168 was patched at 2025-11-11

debian: CVE-2025-62168 was patched at 2025-10-30, 2025-11-15

oraclelinux: CVE-2025-62168 was patched at 2025-10-27, 2025-11-18

redhat: CVE-2025-62168 was patched at 2025-10-27, 2025-10-28, 2025-10-30, 2025-11-03, 2025-11-10, 2025-11-11, 2025-11-12

redos: CVE-2025-62168 was patched at 2025-11-12

ubuntu: CVE-2025-62168 was patched at 2025-10-28

22. Information Disclosure - BIND (CVE-2025-31133) - High [550]

Description: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

almalinux: CVE-2025-31133 was patched at 2025-11-07, 2025-11-11, 2025-11-13

debian: CVE-2025-31133 was patched at 2025-11-15

oraclelinux: CVE-2025-31133 was patched at 2025-11-07, 2025-11-17

redhat: CVE-2025-31133 was patched at 2025-11-07, 2025-11-11, 2025-11-13

ubuntu: CVE-2025-31133 was patched at 2025-11-04

23. Denial of Service - BIND (CVE-2025-52565) - High [539]

Description: runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

almalinux: CVE-2025-52565 was patched at 2025-11-07, 2025-11-11, 2025-11-13

debian: CVE-2025-52565 was patched at 2025-11-15

oraclelinux: CVE-2025-52565 was patched at 2025-11-07, 2025-11-17

redhat: CVE-2025-52565 was patched at 2025-11-07, 2025-11-11, 2025-11-13

ubuntu: CVE-2025-52565 was patched at 2025-11-04

24. Denial of Service - Lasso (CVE-2025-46404) - High [534]

Description: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

debian: CVE-2025-46404 was patched at 2025-11-15

ubuntu: CVE-2025-46404 was patched at 2025-11-18

25. Denial of Service - Lasso (CVE-2025-46705) - High [534]

Description: A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

debian: CVE-2025-46705 was patched at 2025-11-15

ubuntu: CVE-2025-46705 was patched at 2025-11-18

26. Denial of Service - Lasso (CVE-2025-46784) - High [534]

Description: A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

debian: CVE-2025-46784 was patched at 2025-11-15

ubuntu: CVE-2025-46784 was patched at 2025-11-18

27. Denial of Service - Binutils (CVE-2025-11839) - High [532]

Description: A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.

debian: CVE-2025-11839 was patched at 2025-11-15

28. Remote Code Execution - Keras (CVE-2025-9905) - High [530]

Description: The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives. Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.

debian: CVE-2025-9905 was patched at 2025-11-15

29. Denial of Service - FRRouting (CVE-2025-61099) - High [517]

Description: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.

debian: CVE-2025-61099 was patched at 2025-11-15

30. Denial of Service - FRRouting (CVE-2025-61100) - High [517]

Description: FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.

debian: CVE-2025-61100 was patched at 2025-11-15

31. Denial of Service - FRRouting (CVE-2025-61101) - High [517]

Description: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

debian: CVE-2025-61101 was patched at 2025-11-15

32. Denial of Service - FRRouting (CVE-2025-61102) - High [517]

Description: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

debian: CVE-2025-61102 was patched at 2025-11-15

33. Denial of Service - FRRouting (CVE-2025-61103) - High [517]

Description: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

debian: CVE-2025-61103 was patched at 2025-11-15

34. Denial of Service - FRRouting (CVE-2025-61104) - High [517]

Description: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

debian: CVE-2025-61104 was patched at 2025-11-15

35. Denial of Service - FRRouting (CVE-2025-61105) - High [517]

Description: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

debian: CVE-2025-61105 was patched at 2025-11-15

36. Denial of Service - FRRouting (CVE-2025-61106) - High [517]

Description: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

debian: CVE-2025-61106 was patched at 2025-11-15

37. Denial of Service - FRRouting (CVE-2025-61107) - High [517]

Description: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

debian: CVE-2025-61107 was patched at 2025-11-15

38. Information Disclosure - QuickJS (CVE-2025-62492) - High [517]

Description: A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negative fromIndex argument is supplied. * The fromIndex argument (read as a double variable, $d$) is used to calculate the starting position for the search. * If d is negative, the index is calculated relative to the end of the array by adding the array's length (len) to d: $$d_{new} = d + \text{len}$$ * Due to the inherent limitations of floating-point arithmetic, if the negative value $d$ is extremely small (e.g., $-1 \times 10^{-20}$), the addition $d + \text{len}$ can result in a loss of precision, yielding an outcome that is exactly equal to $\text{len}$. * The result is then converted to an integer index $k$: $k = \text{len}$. * The search function proceeds to read array elements starting from index $k$. Since valid indices are $0$ to $\text{len}-1$, starting the read at index $\text{len}$ is one element past the end of the array. This allows an attacker to cause an Out-of-Bounds Read of one element immediately following the buffer. While the scope of this read is small (one element), it can potentially lead to Information Disclosure of adjacent memory contents, depending on the execution environment.

debian: CVE-2025-62492 was patched at 2025-11-15

39. Information Disclosure - QuickJS (CVE-2025-62493) - High [517]

Description: A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. * The function determines the number of characters (n_digits) needed for the string representation by calculating: $$ \\ \text{n\_digits} = (\text{n\_bits} + \text{log2\_radix} - 1) / \text{log2\_radix}$$ $$$$This formula is off-by-one in certain edge cases when calculating the necessary memory limbs. For instance, a 127-bit BigInt using radix 32 (where $\text{log2\_radix}=5$) is calculated to need $\text{n\_digits}=26$. * The maximum number of bits actually stored is $\text{n\_bits}=127$, which requires only two 64-bit limbs ($\text{JS\_LIMB\_BITS}=64$). * The conversion loop iterates $\text{n\_digits}=26$ times, attempting to read 5 bits in each iteration, totaling $26 \times 5 = 130$ bits. * In the final iterations of the loop, the code attempts to read data that spans two limbs: C c = (r->tab[pos] >> shift) | (r->tab[pos + 1] << (JS_LIMB_BITS - shift)); * Since the BigInt was only allocated two limbs, the read operation for r->tab[pos + 1] becomes an Out-of-Bounds Read when pos points to the last valid limb (e.g., $pos=1$). This vulnerability allows an attacker to cause the engine to read and process data from the memory immediately following the BigInt buffer. This can lead to Information Disclosure of sensitive data stored on the heap adjacent to the BigInt object.

debian: CVE-2025-62493 was patched at 2025-11-15

40. Denial of Service - Authlib (CVE-2025-62706) - High [505]

Description: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. This issue has been patched in version 1.6.5. Workarounds for this issue involve rejecting or stripping zip=DEF for inbound JWEs at the application boundary, forking and add a bounded decompression guard via decompressobj().decompress(data, MAX_SIZE)) and returning an error when output exceeds a safe limit, or enforcing strict maximum token sizes and fail fast on oversized inputs; combine with rate limiting.

debian: CVE-2025-62706 was patched at 2025-11-15

41. Information Disclosure - Mbed TLS (CVE-2025-54764) - High [505]

Description: Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

debian: CVE-2025-54764 was patched at 2025-11-15

42. Memory Corruption - Suricata (CVE-2025-59150) - High [505]

Description: Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.

altlinux: CVE-2025-59150 was patched at 2025-11-07

43. Memory Corruption - The Visualization Toolkit (VTK) (CVE-2025-57108) - High [505]

Description: Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.

debian: CVE-2025-57108 was patched at 2025-11-15

44. Denial of Service - ImageMagick (CVE-2025-62594) - High [498]

Description: ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.

debian: CVE-2025-62594 was patched at 2025-11-15

45. Incorrect Calculation - ImageMagick (CVE-2025-62171) - High [498]

Description: ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.

debian: CVE-2025-62171 was patched at 2025-10-19, 2025-11-15

46. Command Injection - Netty (CVE-2025-59419) - High [497]

Description: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r) and Line Feed (\n) characters in user-supplied parameters. The vulnerability exists in io.netty.handler.codec.smtp.DefaultSmtpRequest, where parameters are directly concatenated into the SMTP command string without sanitization. When methods such as SmtpRequests.rcpt(recipient) are called with a malicious string containing CRLF sequences, attackers can inject arbitrary SMTP commands. Because the injected commands are sent from the server's trusted IP address, resulting emails will likely pass SPF and DKIM authentication checks, making them appear legitimate. This allows remote attackers who can control SMTP command parameters (such as email recipients) to forge arbitrary emails from the trusted server, potentially impersonating executives and forging high-stakes corporate communications. This issue has been patched in versions 4.1.129.Final and 4.2.8.Final. No known workarounds exist.

debian: CVE-2025-59419 was patched at 2025-10-16

redos: CVE-2025-59419 was patched at 2025-11-06

ubuntu: CVE-2025-59419 was patched at 2025-10-28

47. Memory Corruption - Binutils (CVE-2025-11840) - High [496]

Description: A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

debian: CVE-2025-11840 was patched at 2025-11-15

48. Authentication Bypass - Oracle Java SE (CVE-2025-53066) - High [495]

Description: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

almalinux: CVE-2025-53066 was patched at 2025-10-22

altlinux: CVE-2025-53066 was patched at 2025-11-05, 2025-11-06, 2025-11-07, 2025-11-10, 2025-11-14

debian: CVE-2025-53066 was patched at 2025-10-24, 2025-10-25, 2025-10-26, 2025-11-15

oraclelinux: CVE-2025-53066 was patched at 2025-10-23, 2025-10-24, 2025-11-11

redhat: CVE-2025-53066 was patched at 2025-10-22, 2025-10-23

49. Incorrect Calculation - QuickJS (CVE-2025-62495) - High [494]

Description: An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\text{size}\_\text{t}$ (an unsigned type, typically 64-bit) for its size member. * However, several functions, such as re_emit_op_u32 and other internal parsing routines, incorrectly cast or store this DynBuf $\text{size}\_\text{t}$ value into a signed int (typically 32-bit). * When a large or complex regular expression (such as those generated by a recursive pattern in a Proof-of-Concept) causes the bytecode size to exceed $2^{31}$ bytes (the maximum positive value for a signed 32-bit integer), the size value wraps around, resulting in a negative integer when stored in the int variable (Integer Overflow). * This negative value is subsequently used in offset calculations. For example, within functions like re_parse_disjunction, the negative size is used to compute an offset (pos) for patching a jump instruction. * This negative offset is then incorrectly added to the buffer pointer (s->byte\_code.buf + pos), leading to an out-of-bounds write on the first line of the snippet below: put_u32(s->byte_code.buf + pos, len);

debian: CVE-2025-62495 was patched at 2025-11-15

50. Incorrect Calculation - QuickJS (CVE-2025-62496) - High [494]

Description: A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) required to store the BigInt using the formula: $$\text{n\_bits} = (\text{n\_digits} \times 27 + 7) / 8 \quad (\text{for radix 10})$$ * For large input strings (e.g., $79,536,432$ digits or more for base 10), the intermediate calculation $(\text{n\_digits} \times 27 + 7)$ exceeds the maximum value of a standard signed 32-bit integer, resulting in an Integer Overflow. * The resulting n_bits value becomes unexpectedly small or even negative due to this wrap-around. * This flawed n_bits is then used to compute n_limbs, the number of memory "limbs" needed for the BigInt object. Since n_bits is too small, the calculated n_limbs is also significantly underestimated. * The function proceeds to allocate a JSBigInt object using this underestimated n_limbs. * When the function later attempts to write the actual BigInt data into the allocated object, the small buffer size is quickly exceeded, leading to a Heap Out-of-Bounds Write as data is written past the end of the allocated r->tab array.

debian: CVE-2025-62496 was patched at 2025-11-15

51. Command Injection - Jitsi (CVE-2022-43550) - High [482]

Description: A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.

altlinux: CVE-2022-43550 was patched at 2025-10-24, 2025-10-27

52. Memory Corruption - Audiofile (CVE-2025-50950) - High [482]

Description: Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.

debian: CVE-2025-50950 was patched at 2025-11-15

53. Memory Corruption - JasPer (CVE-2025-8837) - High [482]

Description: A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.

altlinux: CVE-2025-8837 was patched at 2025-11-13

54. Memory Corruption - QuickJS (CVE-2025-62490) - High [482]

Description: In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which the array could get resized and len1 become out of bounds. This results in a use-after-free.A second instance occurs in the same function during printing of a map or set objects. The code iterates over ms->records list, but once again, elements could be removed from the list during js_print_value call.

debian: CVE-2025-62490 was patched at 2025-11-15

55. Memory Corruption - QuickJS (CVE-2025-62491) - High [482]

Description: A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->rejected_promise_list). * The function js_std_promise_rejection_check attempts to iterate over the rejected_promise_list to report unhandled rejections using a standard list loop. * The reason for a promise rejection is processed inside the loop, including calling js_std_dump_error1(ctx, rp->reason). * If the promise rejection reason is an Error object that defines a custom property getter (e.g., via Object.defineProperty), this getter is executed during the error dumping process. * The malicious custom getter can execute JavaScript code that calls catch() on the same rejected promise being processed. * Calling catch() internally triggers js_std_promise_rejection_tracker, which then removes and frees the current promise entry (JSRejectedPromiseEntry) from the rejected_promise_list. * Since the list iteration continues using the now-freed memory pointer (el), the subsequent loop access results in a Use-After-Free condition.

debian: CVE-2025-62491 was patched at 2025-11-15

56. Memory Corruption - The Visualization Toolkit (VTK) (CVE-2025-57106) - High [482]

Description: Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.

debian: CVE-2025-57106 was patched at 2025-11-15

57. Remote Code Execution - GIMP (CVE-2025-10934) - High [482]

Description: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.

debian: CVE-2025-10934 was patched at 2025-11-03, 2025-11-04, 2025-11-15

58. Memory Corruption - Kamailio (CVE-2025-12204) - High [470]

Description: A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

debian: CVE-2025-12204 was patched at 2025-11-15

59. Memory Corruption - Kamailio (CVE-2025-12205) - High [470]

Description: A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

debian: CVE-2025-12205 was patched at 2025-11-15

60. Memory Corruption - Netsurf (CVE-2025-29699) - High [470]

Description: NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.

debian: CVE-2025-29699 was patched at 2025-11-15

61. Memory Corruption - Netsurf (CVE-2025-45663) - High [470]

Description: An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.

debian: CVE-2025-45663 was patched at 2025-11-15

62. Denial of Service - JasPer (CVE-2025-8836) - High [458]

Description: A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.

altlinux: CVE-2025-8836 was patched at 2025-11-13

63. Memory Corruption - The Visualization Toolkit (VTK) (CVE-2025-57107) - High [458]

Description: Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

debian: CVE-2025-57107 was patched at 2025-11-15

64. Remote Code Execution - Mozilla Firefox (CVE-2025-9187) - High [454]

Description: Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.

altlinux: CVE-2025-9187 was patched at 2025-10-23

65. Memory Corruption - GeographicLib (CVE-2025-60751) - High [448]

Description: GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.

debian: CVE-2025-60751 was patched at 2025-11-03, 2025-11-15

66. Memory Corruption - DCMTK (CVE-2020-36855) - High [446]

Description: A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.

debian: CVE-2020-36855 was patched at 2025-11-03, 2025-11-15

67. Memory Corruption - DCMTK (CVE-2022-4981) - High [446]

Description: A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.

debian: CVE-2022-4981 was patched at 2025-11-15

68. Memory Corruption - Kamailio (CVE-2025-12206) - High [446]

Description: A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

debian: CVE-2025-12206 was patched at 2025-11-15

69. Memory Corruption - Kamailio (CVE-2025-12207) - High [446]

Description: A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

debian: CVE-2025-12207 was patched at 2025-11-15

70. Memory Corruption - Pillow (CVE-2025-48379) - High [446]

Description: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

altlinux: CVE-2025-48379 was patched at 2025-10-29

71. Remote Code Execution - Mozilla Firefox (CVE-2025-11721) - High [442]

Description: Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144.

altlinux: CVE-2025-11721 was patched at 2025-11-06, 2025-11-10

72. Security Feature Bypass - Chromium (CVE-2025-12429) - High [425]

Description: Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-12429 was patched at 2025-10-30, 2025-11-15

73. Remote Code Execution - Mozilla Firefox (CVE-2025-13027) - High [419]

Description: Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 145 and Thunderbird < 145.

altlinux: CVE-2025-13027 was patched at 2025-11-18

74. Authentication Bypass - Chromium (CVE-2025-12430) - High [415]

Description: Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-12430 was patched at 2025-10-30, 2025-11-15

75. Authentication Bypass - Mozilla Firefox (CVE-2025-13025) - High [415]

Description: Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145.

altlinux: CVE-2025-13025 was patched at 2025-11-18

76. Code Injection - Mozilla Firefox (CVE-2025-11153) - High [413]

Description: JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3.

altlinux: CVE-2025-11153 was patched at 2025-11-06

77. Elevation of Privilege - Chromium (CVE-2025-12726) - High [404]

Description: Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-12726 was patched at 2025-11-07, 2025-11-15

78. Authentication Bypass - Mozilla Firefox (CVE-2025-10530) - High [403]

Description: Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143 and Thunderbird < 143.

altlinux: CVE-2025-10530 was patched at 2025-10-23

79. Remote Code Execution - NVIDIA Container Toolkit (CVE-2024-0135) - High [403]

Description: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

redos: CVE-2024-0135 was patched at 2025-10-28

80. Remote Code Execution - NVIDIA Container Toolkit (CVE-2024-0136) - High [403]

Description: NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

redos: CVE-2024-0136 was patched at 2025-10-28

81. Remote Code Execution - Calibre (CVE-2025-64486) - High [402]

Description: calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve arbitrary code execution. This issue is fixed in version 8.14.0.

debian: CVE-2025-64486 was patched at 2025-11-15

82. Information Disclosure - Mozilla Firefox (CVE-2025-11717) - High [400]

Description: When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144.

altlinux: CVE-2025-11717 was patched at 2025-11-06

Medium (211)

83. Authentication Bypass - Mozilla Firefox (CVE-2025-11716) - Medium [391]

Description: Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.

altlinux: CVE-2025-11716 was patched at 2025-11-06, 2025-11-10

84. Information Disclosure - Mozilla Firefox (CVE-2025-10535) - Medium [388]

Description: Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox < 143.

altlinux: CVE-2025-10535 was patched at 2025-10-23

85. Cross Site Scripting - Mozilla Firefox (CVE-2025-10534) - Medium [383]

Description: Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143.

altlinux: CVE-2025-10534 was patched at 2025-10-23

86. Authentication Bypass - Chromium (CVE-2025-12436) - Medium [379]

Description: Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)

debian: CVE-2025-12436 was patched at 2025-10-30, 2025-11-15

87. Authentication Bypass - Chromium (CVE-2025-12444) - Medium [379]

Description: Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-12444 was patched at 2025-10-30, 2025-11-15

88. Authentication Bypass - Chromium (CVE-2025-12447) - Medium [379]

Description: Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-12447 was patched at 2025-10-30, 2025-11-15

89. Security Feature Bypass - Chromium (CVE-2025-12431) - Medium [377]

Description: Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)

debian: CVE-2025-12431 was patched at 2025-10-30, 2025-11-15

90. Security Feature Bypass - Chromium (CVE-2025-12445) - Medium [377]

Description: Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

debian: CVE-2025-12445 was patched at 2025-10-30, 2025-11-15

91. Remote Code Execution - Keras (CVE-2025-49655) - Medium [376]

Description: Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.

debian: CVE-2025-49655 was patched at 2025-11-15

92. Arbitrary File Writing - Docker (CVE-2025-62725) - Medium [372]

Description: Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.

debian: CVE-2025-62725 was patched at 2025-11-15

redos: CVE-2025-62725 was patched at 2025-11-13

93. Authentication Bypass - Sudo (CVE-2025-64517) - Medium [372]

Description: sudo-rs is a memory safe implementation of sudo and su written in Rust. With `Defaults targetpw` (or `Defaults rootpw`) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the authentication timestamp. Any later `sudo` invocation on the same terminal while the timestamp was still valid would use that timestamp, potentially bypassing new authentication even if the policy would have required it. A highly-privileged user (able to run commands as other users, or as root, through sudo) who knows one password of an account they are allowed to run commands as, would be able to run commands as any other account the policy permits them to run commands for, even if they don't know the password for those accounts. A common instance of this would be that a user can still use their own password to run commands as root (the default behaviour of `sudo`), effectively negating the intended behaviour of the `targetpw` or `rootpw` options. Version 0.2.10 contains a patch for the issue. Versions prior to 0.2.5 are not affected, since they do not offer `Defaults targetpw` or `Defaults rootpw`.

debian: CVE-2025-64517 was patched at 2025-11-11, 2025-11-15

94. Authentication Bypass - Oracle Java SE (CVE-2025-53057) - Medium [370]

Description: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

almalinux: CVE-2025-53057 was patched at 2025-10-22

altlinux: CVE-2025-53057 was patched at 2025-11-05, 2025-11-06, 2025-11-07, 2025-11-10, 2025-11-14

debian: CVE-2025-53057 was patched at 2025-10-24, 2025-10-25, 2025-10-26, 2025-11-15

oraclelinux: CVE-2025-53057 was patched at 2025-10-23, 2025-10-24, 2025-11-11

redhat: CVE-2025-53057 was patched at 2025-10-22, 2025-10-23

95. Authentication Bypass - Mozilla Firefox (CVE-2025-13015) - Medium [367]

Description: Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.

altlinux: CVE-2025-13015 was patched at 2025-11-18

debian: CVE-2025-13015 was patched at 2025-11-12, 2025-11-15, 2025-11-16, 2025-11-18

redhat: CVE-2025-13015 was patched at 2025-11-12, 2025-11-13

96. Denial of Service - GNOME desktop (CVE-2025-12105) - Medium [365]

Description: A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.