CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38824 – CVE-2024-38824 salt advisory
https://notcve.org/view.php?id=CVE-2024-38824
13 Jun 2025 — Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory. This update for salt fixes the following issues. Fixed Minion token validation. Fixed server vulnerability to replay attacks when not using a TLS encrypted transport. Fixed directory traversal vulnerability in recv_file method. • https://docs.saltproject.io/en/3006/topics/releases/3006.12.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5986 – thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
https://notcve.org/view.php?id=CVE-2025-5986
11 Jun 2025 — A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email i... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012 • CWE-400: Uncontrolled Resource Consumption CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-5914 – Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
https://notcve.org/view.php?id=CVE-2025-5914
09 Jun 2025 — A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. Se ha identificado una vulnerabilidad en la librería libarchive, específicamente en la función archive_read_format_rar_seek_data... • https://access.redhat.com/security/cve/CVE-2025-5914 • CWE-415: Double Free •
CVSS: 6.6EPSS: 0%CPEs: 12EXPL: 0CVE-2025-0620 – Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session
https://notcve.org/view.php?id=CVE-2025-0620
06 Jun 2025 — A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. It was discovered that Samba incorrectly handled certain group membership changes when using Kerberos authentication. A remote user could possibly use this issue to continue to access resources after being removed by an administrator. • https://access.redhat.com/security/cve/CVE-2025-0620 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49466
https://notcve.org/view.php?id=CVE-2025-49466
05 Jun 2025 — aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part, aerc anterior a 93bec0d permite el directory traversal en commands/msgview/open.go debido a la concatenación de ruta directa del nombre de una parte adjunta. • https://git.sr.ht/~rjarry/aerc/commit/2bbe75fe0bc87ab4c1e16c5a18c6200224391629 • CWE-23: Relative Path Traversal •
CVSS: 4.7EPSS: 0%CPEs: 26EXPL: 0CVE-2025-4598 – Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
https://notcve.org/view.php?id=CVE-2025-4598
29 May 2025 — A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access... • https://access.redhat.com/security/cve/CVE-2025-4598 • CWE-364: Signal Handler Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 1CVE-2025-5222 – Icu: stack buffer overflow in the srbroot::addtag function
https://notcve.org/view.php?id=CVE-2025-5222
27 May 2025 — A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. A buffer overflow was discovered in the International Components for Unicode (ICU) library. For the stable distribution (bookworm), this problem has been fixed in version 72.1-3+deb12u1. • https://github.com/berkley4/icu-74-debian • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-5269 – firefox: thunderbird: Memory safety bug
https://notcve.org/view.php?id=CVE-2025-5269
27 May 2025 — Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11. Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1924108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-5268 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-5268
27 May 2025 — Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Firefox ESR < 128.11. Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that wit... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-5265 – openSUSE Security Advisory - openSUSE-SU-2025:15174-1
https://notcve.org/view.php?id=CVE-2025-5265
27 May 2025 — Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11. Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into usi... • https://bugzilla.mozilla.org/show_bug.cgi?id=1962301 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •