CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3931 – Yggdrasil: local privilege escalation in yggdrasil
https://notcve.org/view.php?id=CVE-2025-3931
14 May 2025 — A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with ac... • https://access.redhat.com/errata/RHSA-2025:7592 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4432 – Ring: some aes functions may panic when overflow checking is enabled in ring
https://notcve.org/view.php?id=CVE-2025-4432
09 May 2025 — A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. • https://access.redhat.com/security/cve/CVE-2025-4432 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4382 – Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
https://notcve.org/view.php?id=CVE-2025-4382
09 May 2025 — A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may al... • https://access.redhat.com/security/cve/CVE-2025-4382 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3528 – Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
https://notcve.org/view.php?id=CVE-2025-3528
09 May 2025 — A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. • https://access.redhat.com/security/cve/CVE-2025-3528 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31177 – Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one
https://notcve.org/view.php?id=CVE-2025-31177
07 May 2025 — gnuplot is affected by a heap buffer overflow at function utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31177 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12225 – Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass
https://notcve.org/view.php?id=CVE-2024-12225
06 May 2025 — A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an ex... • https://access.redhat.com/security/cve/CVE-2024-12225 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4374 – Quay: incorrect privilege assignment
https://notcve.org/view.php?id=CVE-2025-4374
06 May 2025 — A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository. • https://access.redhat.com/security/cve/CVE-2025-4374 • CWE-266: Incorrect Privilege Assignment •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4373 – Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
https://notcve.org/view.php?id=CVE-2025-4373
06 May 2025 — A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. • https://access.redhat.com/security/cve/CVE-2025-4373 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3910 – Org.keycloak.authentication: two factor authentication bypass
https://notcve.org/view.php?id=CVE-2025-3910
29 Apr 2025 — A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. • https://access.redhat.com/errata/RHSA-2025:4335 • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3501 – Org.keycloak.protocol.services: keycloak hostname verification
https://notcve.org/view.php?id=CVE-2025-3501
29 Apr 2025 — A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. • https://access.redhat.com/errata/RHSA-2025:4335 • CWE-297: Improper Validation of Certificate with Host Mismatch •