Red Hat Linux OS and other open source products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Red Hat product.
RSS Feeds for Red Hat security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Red Hat products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server1533 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation1504 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop1493 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2025:9964 | (RHSA-2025:9964) Important: xorg-x11-server security update | June 30, 2025 |
| RHSA-2025:9918 | (RHSA-2025:9918) Important: python3.11 security update | June 30, 2025 |
| RHSA-2025:9922 | (RHSA-2025:9922) Important: Streams for Apache Kafka 2.9.1 release and security update | June 30, 2025 |
| RHSA-2025:9940 | (RHSA-2025:9940) Moderate: python-setuptools security update | June 30, 2025 |
| RHSA-2025:9896 | (RHSA-2025:9896) Moderate: kernel security update | June 30, 2025 |
| RHSA-2025:9895 | (RHSA-2025:9895) Important: Red Hat Service Interconnect security update | June 30, 2025 |
| RHSA-2025:9880 | (RHSA-2025:9880) Moderate: kernel security update | June 30, 2025 |
| RHSA-2025:9878 | (RHSA-2025:9878) Important: libblockdev security update | June 30, 2025 |
| RHSA-2025:9877 | (RHSA-2025:9877) Moderate: glibc security update | June 30, 2025 |
| RHSA-2025:9845 | (RHSA-2025:9845) Moderate: weldr-client security update | June 26, 2025 |
By the Year
In 2025 there have been 125 vulnerabilities in Red Hat with an average score of 6.8 out of ten. Last year, in 2024 Red Hat had 1594 security vulnerabilities published. Right now, Red Hat is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.23.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 125 | 6.77 |
| 2024 | 1594 | 6.54 |
| 2023 | 1182 | 6.80 |
| 2022 | 1344 | 6.98 |
| 2021 | 1091 | 6.67 |
| 2020 | 640 | 6.60 |
| 2019 | 756 | 6.93 |
| 2018 | 738 | 7.32 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function
CVE-2025-5914
9.8 - Critical
- June 09, 2025
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Double-free
A flaw was found in Stackrox
CVE-2025-5198
5.4 - Medium
- May 27, 2025
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes Role object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
XSS
A flaw was found in the mod_auth_openidc module for Apache httpd
CVE-2025-3891
7.5 - High
- April 29, 2025
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Uncaught Exception
A flaw was found in Yelp
CVE-2025-3155
7.4 - High
- April 03, 2025
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Open Redirect
A flaw was found in libsoup
CVE-2025-2784
6.5 - Medium
- April 03, 2025
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Out-of-bounds Read
Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions
CVE-2025-30177
- April 01, 2025
Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow component is vulnerable to Camel message header injection, in particular the custom header filter strategy used by the component only filter the "out" direction, while it doesn't filter the "in" direction. This allows an attacker to include Camel specific headers that for some Camel components can alter the behaviour such as the camel-bean component, or the camel-exec component.
Improper Neutralization of Internal Special Elements
Bypass/Injection vulnerability in Apache Camel
CVE-2025-29891
- March 12, 2025
Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component. If you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include parameters in the HTTP requests that are sent to the Camel application that get translated into headers. The headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. This CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components.
Improper Neutralization of Internal Special Elements
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions
CVE-2025-24201
8.8 - High
- March 11, 2025
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Memory Corruption
Weak authentication in ASP.NET Core & Visual Studio
CVE-2025-24070
7 - High
- March 11, 2025
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
1390
Bypass/Injection vulnerability in Apache Camel components under particular conditions
CVE-2025-27636
- March 09, 2025
Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include malicious HTTP headers in the HTTP requests that are send to the Camel application. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. In these conditions an attacker could be able to forge a Camel header name and make the bean component invoking other methods in the same bean. In terms of usage of the default header filter strategy the list of components using that is: * camel-activemq * camel-activemq6 * camel-amqp * camel-aws2-sqs * camel-azure-servicebus * camel-cxf-rest * camel-cxf-soap * camel-http * camel-jetty * camel-jms * camel-kafka * camel-knative * camel-mail * camel-nats * camel-netty-http * camel-platform-http * camel-rest * camel-sjms * camel-spring-rabbitmq * camel-stomp * camel-tahu * camel-undertow * camel-xmpp The vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with "Camel", "camel", or "org.apache.camel.". Mitigation: You can easily work around this in your Camel applications by removing the headers in your Camel routes. There are many ways of doing this, also globally or per route. This means you could use the removeHeaders EIP, to filter out anything like "cAmel, cAMEL" etc, or in general everything not starting with "Camel", "camel" or "org.apache.camel.".
Jinja is an extensible templating engine
CVE-2025-27516
- March 05, 2025
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
1336
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server
CVE-2025-1080
- March 04, 2025
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
jar: URLs retrieve local file content packaged in a ZIP archive
CVE-2025-1936
- March 04, 2025
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
A web page could trick a user into setting that site as the default handler for a custom URL protocol
CVE-2025-1935
- March 04, 2025
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript
CVE-2025-1934
- March 04, 2025
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory
CVE-2025-1933
- March 04, 2025
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access
CVE-2025-1932
- March 04, 2025
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
It was possible to cause a use-after-free in the content process side of a WebTransport connection
CVE-2025-1931
- March 04, 2025
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process
CVE-2025-1930
- March 04, 2025
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
CVE-2025-1938
- March 04, 2025
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7
CVE-2025-1937
- March 04, 2025
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
A stack overflow flaw was found when reading a BFS file system
CVE-2024-45778
5.5 - Medium
- March 03, 2025
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
Integer Overflow or Wraparound
A flaw was found in the HFS filesystem
CVE-2024-45782
7.8 - High
- March 03, 2025
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
Memory Corruption
A flaw was found in grub2
CVE-2025-0678
7.8 - High
- March 03, 2025
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
Integer Overflow or Wraparound
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges
CVE-2025-1755
7.8 - High
- February 27, 2025
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
Untrusted Path
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege
CVE-2025-1756
7.8 - High
- February 27, 2025
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
Untrusted Path
A use-after-free flaw was found in X.Org and Xwayland
CVE-2025-26601
7.8 - High
- February 25, 2025
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
Dangling pointer
A use-after-free flaw was found in X.Org and Xwayland
CVE-2025-26600
7.8 - High
- February 25, 2025
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
Dangling pointer
An access to an uninitialized pointer flaw was found in X.Org and Xwayland
CVE-2025-26599
7.8 - High
- February 25, 2025
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
Access of Uninitialized Pointer
A use-after-free flaw was found in X.Org and Xwayland
CVE-2025-26594
7.8 - High
- February 25, 2025
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
Dangling pointer
A buffer overflow flaw was found in X.Org and Xwayland
CVE-2025-26595
7.8 - High
- February 25, 2025
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
Memory Corruption
A heap overflow flaw was found in X.Org and Xwayland
CVE-2025-26596
7.8 - High
- February 25, 2025
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
Memory Corruption
A buffer overflow flaw was found in X.Org and Xwayland
CVE-2025-26597
7.8 - High
- February 25, 2025
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
Buffer Overflow
An out-of-bounds write flaw was found in X.Org and Xwayland
CVE-2025-26598
7.8 - High
- February 25, 2025
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
Memory Corruption
A flaw was found in grub2
CVE-2025-0624
7.6 - High
- February 19, 2025
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
Memory Corruption
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c
CVE-2025-24928
- February 18, 2025
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
CVE-2024-56171
- February 18, 2025
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled
CVE-2025-26465
6.8 - Medium
- February 18, 2025
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Detection of Error Condition Without Action
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
CVE-2025-0426
- February 13, 2025
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn()
CVE-2025-1094
- February 13, 2025
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.
CVE-2022-31631
- February 12, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.
CVE-2022-31631
- February 12, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
A command injection flaw was found in the text editor Emacs
CVE-2025-1244
8.8 - High
- February 12, 2025
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
Shell injection
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
server may fail to notice
CVE-2024-12797
- February 11, 2025
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected. This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Distribution is a toolkit to pack, ship, store, and deliver container content
CVE-2025-24976
- February 11, 2025
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a JSON web token (JWT). The issue lies in how the JSON web key (JWK) verification is performed. When a JWT contains a JWK header without a certificate chain, the code only checks if the KeyID (`kid`) matches one of the trusted keys, but doesn't verify that the actual key material matches. A fix for the issue is available at commit 5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd and expected to be a part of version 3.0.0-rc.3. There is no way to work around this issue without patching if the system requires token authentication.
Insecure Direct Object Reference / IDOR
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final
CVE-2025-24970
- February 10, 2025
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
Improper Input Validation
A flaw was found in npm-serialize-javascript
CVE-2024-11831
5.4 - Medium
- February 10, 2025
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
XSS
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification
CVE-2025-23085
- February 07, 2025
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
Certificate length was not properly checked when added to a certificate store
CVE-2025-1014
8.8 - High
- February 04, 2025
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Improper Certificate Validation
Memory safety bugs present in Firefox 134
CVE-2025-1016
9.8 - Critical
- February 04, 2025
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Memory Corruption