2025-08-16 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-24975 | FirebirdSQL - firebird | Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf. | CVSS3.1: 7.1 - HIGH | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: partial | Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External | github |
| CVE-2023-43683 | n/a - n/a | An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters. | CNA n/a CVSS3.1: 6.5 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2023-5342 | undefined - undefinedRed Hat - Red Hat Enterprise Linux 10Red Hat - Red Hat Enterprise Linux 7Red Hat - Red Hat Enterprise Linux 8Red Hat - Red Hat Enterprise Linux 9 | The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. | CVSS3.1: 4.1 - MEDIUM | 0 1 2 3 | Exploitation: noneAutomatable: noTechnical Impact: partial | Shim: expired secure boot certificate | github |
| CVE-2025-26709 | ZTE - F50 | There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface | CVSS3.1: 5.7 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Unauthorized Access Vulnerability in ZTE F50 | github |
This post is licensed under CC BY 4.0 by the author.