CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8035 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-8035
22 Jul 2025 — Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. The Mozil... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8034 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-8034
22 Jul 2025 — Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was f... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8029 – firefox: thunderbird: javascript: URLs executed on object and embed tags
https://notcve.org/view.php?id=CVE-2025-8029
22 Jul 2025 — Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. • https://bugzilla.mozilla.org/show_bug.cgi?id=1928021 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-50063
https://notcve.org/view.php?id=CVE-2025-50063
15 Jul 2025 — Vulnerability in Oracle Java SE (component: Install). Supported versions that are affected are Oracle Java SE: 8u451 and 8u451-perf. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. • https://www.oracle.com/security-alerts/cpujul2025.html •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2025-7425 – Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
https://notcve.org/view.php?id=CVE-2025-7425
10 Jul 2025 — A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterpri... • https://access.redhat.com/security/cve/CVE-2025-7425 • CWE-416: Use After Free •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36357 – SUSE Security Advisory - SUSE-SU-2025:02326-1
https://notcve.org/view.php?id=CVE-2024-36357
08 Jul 2025 — A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. This update for xen fixes the following issues. Fixed Intel CPU: Indirect Target Selection. Fixed Xen hypercall page unsafe against speculative attacks. Fixed deadlock potential with VT-d and legacy PCI device pass-through. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html • CWE-1421: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36350 – SUSE Security Advisory - SUSE-SU-2025:02326-1
https://notcve.org/view.php?id=CVE-2024-36350
08 Jul 2025 — A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. This update for xen fixes the following issues. Fixed Intel CPU: Indirect Target Selection. Fixed Xen hypercall page unsafe against speculative attacks. Fixed deadlock potential with VT-d and legacy PCI device pass-through. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html • CWE-1421: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-7345 – Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf
https://notcve.org/view.php?id=CVE-2025-7345
08 Jul 2025 — A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. It was discovered that GDK-Pixbuf incorrectly handled certain GIF files. An attacker could possibly use this issue to expose sensitive info... • https://access.redhat.com/security/cve/CVE-2025-7345 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 11CVE-2025-32462 – Sudo 1.9.17 Host Option - Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-32462
30 Jun 2025 — Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--... • https://packetstorm.news/files/id/206211 • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 13EXPL: 0CVE-2025-6032 – Podman: podman missing tls verification
https://notcve.org/view.php?id=CVE-2025-6032
24 Jun 2025 — A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. Red Hat OpenShift Container Platform release 4.19.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a buffer overflow vulnerability. • https://access.redhat.com/security/cve/CVE-2025-6032 • CWE-295: Improper Certificate Validation •