CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2025-1244 – Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
https://notcve.org/view.php?id=CVE-2025-1244
12 Feb 2025 — A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a ... • https://access.redhat.com/security/cve/CVE-2025-1244 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-12133 – Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
https://notcve.org/view.php?id=CVE-2024-12133
10 Feb 2025 — A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. USN-7275-1 fixed vulnerabilities in Libtasn1. This update provides the corresponding updates for Ubuntu 24.04 LTS. • https://access.redhat.com/security/cve/CVE-2024-12133 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57392
https://notcve.org/view.php?id=CVE-2024-57392
06 Feb 2025 — Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port. • https://github.com/Br1m4zz/protocol_vul_repoduce.git • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1017 – firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
https://notcve.org/view.php?id=CVE-2025-1017
04 Feb 2025 — Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1016 – firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
https://notcve.org/view.php?id=CVE-2025-1016
04 Feb 2025 — Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues have been found in the Mozilla Firefox web browser, which ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1014 – firefox: thunderbird: Certificate length was not properly checked
https://notcve.org/view.php?id=CVE-2025-1014
04 Feb 2025 — Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1940804 • CWE-295: Improper Certificate Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1012 – firefox: thunderbird: Use-after-free during concurrent delazification
https://notcve.org/view.php?id=CVE-2025-1012
04 Feb 2025 — A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A race during concurrent delazification could have led to a use-after-free. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1939710 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1011 – firefox: thunderbird: A bug in WebAssembly code generation could result in a crash
https://notcve.org/view.php?id=CVE-2025-1011
04 Feb 2025 — A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1936454 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1010 – firefox: thunderbird: Use-after-free in Custom Highlight
https://notcve.org/view.php?id=CVE-2025-1010
04 Feb 2025 — An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code... • https://bugzilla.mozilla.org/show_bug.cgi?id=1936982 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2025-1009 – firefox: thunderbird: Use-after-free in XSLT
https://notcve.org/view.php?id=CVE-2025-1009
04 Feb 2025 — An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. Multiple security issues were discovered in Firefox.... • https://packetstorm.news/files/id/189614 • CWE-416: Use After Free •