CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1012 – firefox: thunderbird: Use-after-free during concurrent delazification
https://notcve.org/view.php?id=CVE-2025-1012
04 Feb 2025 — A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A race during concurrent delazification could have led to a use-after-free. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1939710 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1011 – firefox: thunderbird: A bug in WebAssembly code generation could result in a crash
https://notcve.org/view.php?id=CVE-2025-1011
04 Feb 2025 — A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A bug in WebAssembly code generation could lead to a crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1936454 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1010 – firefox: thunderbird: Use-after-free in Custom Highlight
https://notcve.org/view.php?id=CVE-2025-1010
04 Feb 2025 — An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. Multiple security issues were discover... • https://bugzilla.mozilla.org/show_bug.cgi?id=1936982 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2025-1009 – firefox: thunderbird: Use-after-free in XSLT
https://notcve.org/view.php?id=CVE-2025-1009
04 Feb 2025 — An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. Multiple security issues were discovered in Firefox.... • https://packetstorm.news/files/id/189614 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24162 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2025-24162
27 Jan 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management. • https://support.apple.com/en-us/122066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24158 – webkitgtk: Processing web content may lead to a denial-of-service
https://notcve.org/view.php?id=CVE-2025-24158
27 Jan 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service. A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling. • https://support.apple.com/en-us/122066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 27EXPL: 0CVE-2024-11218 – Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
https://notcve.org/view.php?id=CVE-2024-11218
22 Jan 2025 — A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. This update for podman fixes the following issues. Github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service Load ip_tables and ip6_tab... • https://access.redhat.com/security/cve/CVE-2024-11218 • CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-21502 – openjdk: Enhance array handling (Oracle CPU 2025-01)
https://notcve.org/view.php?id=CVE-2025-21502
21 Jan 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JD... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-195: Signed to Unsigned Conversion Error CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-27856 – Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27856
15 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. A flaw was found in WebKitGTK. Processing malicious web content can cause unexpected app termination or arbitrary code execution due to improper checks. • https://support.apple.com/en-us/120896 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2024-57635
https://notcve.org/view.php?id=CVE-2024-57635
14 Jan 2025 — An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. • https://github.com/openlink/virtuoso-opensource/issues/1182 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •