Search CVE reports
1 – 10 of 24201 results
CVE-2025-3085
Medium priorityNot in release
A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of...
1 affected package
mongodb
| Package | 24.04 LTS |
|---|---|
| mongodb | Not in release |
CVE-2025-3084
Medium priorityNot in release
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0...
1 affected package
mongodb
| Package | 24.04 LTS |
|---|---|
| mongodb | Not in release |
CVE-2025-3083
Medium priorityNot in release
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB...
1 affected package
mongodb
| Package | 24.04 LTS |
|---|---|
| mongodb | Not in release |
CVE-2025-3082
Medium priorityNot in release
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB...
1 affected package
mongodb
| Package | 24.04 LTS |
|---|---|
| mongodb | Not in release |
CVE-2025-30673
Medium prioritySub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may...
1 affected package
libsub-handlesvia-perl
| Package | 24.04 LTS |
|---|---|
| libsub-handlesvia-perl | Needs evaluation |
CVE-2025-3035
Medium priorityBy first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2025-3034
Medium priorityMemory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2025-3033
Medium priorityAfter selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2025-3032
Medium priorityLeaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |
CVE-2025-3031
Medium priorityAn attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Not affected |