CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-5372 – Libssh: incorrect return code handling in ssh_kdf() in libssh
https://notcve.org/view.php?id=CVE-2025-5372
04 Jul 2025 — A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, in... • https://access.redhat.com/security/cve/CVE-2025-5372 • CWE-682: Incorrect Calculation •
CVSS: 3.6EPSS: 0%CPEs: 19EXPL: 0CVE-2025-4878 – Libssh: use of uninitialized variable in privatekey_from_file()
https://notcve.org/view.php?id=CVE-2025-4878
04 Jul 2025 — A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. Ronald Crane disc... • https://access.redhat.com/security/cve/CVE-2025-4878 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-49520 – Event-driven-ansible: authenticated argument injection in git url in eda project creation
https://notcve.org/view.php?id=CVE-2025-49520
30 Jun 2025 — A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access. • https://access.redhat.com/errata/RHSA-2025:9986 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-49521 – Event-driven-ansible: template injection via git branch and refspec in eda projects
https://notcve.org/view.php?id=CVE-2025-49521
30 Jun 2025 — A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft. • https://access.redhat.com/errata/RHSA-2025:9986 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 16EXPL: 45CVE-2025-32463 – Sudo chroot 1.9.17 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-32463
30 Jun 2025 — Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. A flaw was found in Sudo. This flaw allows a local attacker to escalate their privileges by tricking Sudo into loading an arbitrary shared library using the user-specified root directory via the `-R` (`--chroot`) option. An attacker can run arbitrary commands as root on systems that support `/etc/nsswitch.conf`. Rich Mirch discovered that Sudo incorrectl... • https://packetstorm.news/files/id/206210 • CWE-427: Uncontrolled Search Path Element CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 11CVE-2025-32462 – Sudo 1.9.17 Host Option - Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-32462
30 Jun 2025 — Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--... • https://packetstorm.news/files/id/206211 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-5318 – Libssh: out-of-bounds read in sftp_handle()
https://notcve.org/view.php?id=CVE-2025-5318
24 Jun 2025 — A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. This update for libssh fixes the following issues. Fixed lik... • https://access.redhat.com/security/cve/CVE-2025-5318 • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 11EXPL: 0CVE-2025-6032 – Podman: podman missing tls verification
https://notcve.org/view.php?id=CVE-2025-6032
24 Jun 2025 — A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. Red Hat OpenShift Container Platform release 4.19.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a buffer overflow vulnerability. • https://access.redhat.com/security/cve/CVE-2025-6032 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2025-6430 – firefox: thunderbird: Content-Disposition header ignored when a file is included in an embed or object tag
https://notcve.org/view.php?id=CVE-2025-6430
24 Jun 2025 — When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1971140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2025-6429 – firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
https://notcve.org/view.php?id=CVE-2025-6429
24 Jun 2025 — Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricte... • https://bugzilla.mozilla.org/show_bug.cgi?id=1970658 • CWE-116: Improper Encoding or Escaping of Output CWE-706: Use of Incorrectly-Resolved Name or Reference •