CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0690 – Grub2: read: integer overflow may lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-0690
24 Feb 2025 — The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. • https://access.redhat.com/security/cve/CVE-2025-0690 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0CVE-2025-0624 – Grub2: net: out-of-bounds write in grub_net_search_config_file()
https://notcve.org/view.php?id=CVE-2025-0624
19 Feb 2025 — A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot inf... • https://access.redhat.com/security/cve/CVE-2025-0624 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2025-0622 – Grub2: command/gpg: use-after-free due to hooks not being removed on module unload
https://notcve.org/view.php?id=CVE-2025-0622
18 Feb 2025 — A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0622 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 8%CPEs: 20EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. It was discovered that the OpenSSH client incorrectly handled ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2022-28693 – hw: cpu: Intel: information disclosure via local access
https://notcve.org/view.php?id=CVE-2022-28693
14 Feb 2025 — Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-420: Unprotected Alternate Channel •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2025-1244 – Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
https://notcve.org/view.php?id=CVE-2025-1244
12 Feb 2025 — A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a ... • https://access.redhat.com/security/cve/CVE-2025-1244 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-27856 – Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27856
15 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. A flaw was found in WebKitGTK. Processing malicious web content can cause unexpected app termination or arbitrary code execution due to improper checks. • https://support.apple.com/en-us/120896 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2024-12087 – Rsync: path traversal vulnerability in rsync
https://notcve.org/view.php?id=CVE-2024-12087
14 Jan 2025 — A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write m... • https://access.redhat.com/security/cve/CVE-2024-12087 • CWE-35: Path Traversal: '.../ •
CVSS: 5.6EPSS: 0%CPEs: 18EXPL: 0CVE-2024-12747 – Rsync: race condition in rsync handling symbolic links
https://notcve.org/view.php?id=CVE-2024-12747
14 Jan 2025 — A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. • https://access.redhat.com/security/cve/CVE-2024-12747 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-12088 – Rsync: --safe-links option bypass leads to path traversal
https://notcve.org/view.php?id=CVE-2024-12088
14 Jan 2025 — A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. • https://access.redhat.com/security/cve/CVE-2024-12088 • CWE-35: Path Traversal: '.../ •