It was discovered that Tomcat incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause tomcat9 to consume
resources, leading to a denial of service.

Read More

USN-6885-1 fixed a vulnerability in Apache. The patch
for CVE-2024-38474 was incomplete and caused regressions.
This update provides the fix for that issue.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server mod_rewrite module
incorrectly handled certain substitutions. A remote attacker could
possibly use this issue to execute scripts in directories not directly
reachable by any URL, or cause a denial of service. Some environments
may require using the new UnsafeAllow3F flag to handle unsafe
substitutions. (CVE-2024-38474)

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2761.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2760.

Read More

This vulnerability allows remote attackers to create arbitrary XML schema files on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2024-55597.

Read More

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the vulnerability is triggered only when an administrator performs an install of the product. The ZDI has assigned a CVSS rating of 4.4. The following CVEs are assigned: CVE-2025-27529.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Exim. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-30232.

Read More

It was discovered that libdbd-mysql-perl did not correctly handle certain
SQL queries. An attacker could possibly use this issue to cause a denial
of service. (CVE-2016-1249)

It was discovered that libdbd-mysql-perl did not correctly handle certain
memory operations, which could lead to a use-after-free vulnerability. A
remote attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2016-1251, CVE-2017-10788)

It was discovered that libdbd-mysql-perl did not properly enforce SSL
connections depending on the mysql_ssl setting. A machine-in-the-middle
attacker could possibly use this issue to spoof servers. (CVE-2017-10789)

Read More