CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2025-4404 – Freeipa: idm: privilege escalation from host to domain admin in freeipa
https://notcve.org/view.php?id=CVE-2025-4404
17 Jun 2025 — A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leadin... • https://access.redhat.com/errata/RHSA-2025:9184 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2025-48798 – Gimp: multiple use after free in xcf parser
https://notcve.org/view.php?id=CVE-2025-48798
27 May 2025 — A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues. Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened. For the stable ... • https://access.redhat.com/security/cve/CVE-2025-48798 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2025-48797 – Gimp: multiple heap buffer overflows in tga parser
https://notcve.org/view.php?id=CVE-2025-48797
27 May 2025 — A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow. Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened. For th... • https://access.redhat.com/security/cve/CVE-2025-48797 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2025-4948 – Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
https://notcve.org/view.php?id=CVE-2025-4948
19 May 2025 — A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpected... • https://access.redhat.com/security/cve/CVE-2025-4948 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-3932 – thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking
https://notcve.org/view.php?id=CVE-2025-3932
14 May 2025 — It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. • https://bugzilla.mozilla.org/show_bug.cgi?id=1960412 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2025-3909 – thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
https://notcve.org/view.php?id=CVE-2025-3909
14 May 2025 — Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling Ja... • https://bugzilla.mozilla.org/show_bug.cgi?id=1958376 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-3875 – thunderbird: Sender Spoofing via Malformed From Header in Thunderbird
https://notcve.org/view.php?id=CVE-2025-3875
14 May 2025 — Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server all... • https://bugzilla.mozilla.org/show_bug.cgi?id=1950629 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2025-3891 – Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
https://notcve.org/view.php?id=CVE-2025-3891
29 Apr 2025 — A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise ... • https://access.redhat.com/security/cve/CVE-2025-3891 • CWE-248: Uncaught Exception •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2025-46421 – Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server
https://notcve.org/view.php?id=CVE-2025-46421
24 Apr 2025 — A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. • https://access.redhat.com/security/cve/CVE-2025-46421 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-46420 – Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
https://notcve.org/view.php?id=CVE-2025-46420
24 Apr 2025 — A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/security/cve/CVE-2025-46420 • CWE-401: Missing Release of Memory after Effective Lifetime •