|Vulnerability|Element|Version|Summary|CVSS V3.x|CVSS V2.0|WIP|
|---|---|---|---|---|---|---|
|[CVE-2020-25207](https://nvd.nist.gov/vuln/detail/CVE-2020-25207)|gnomeos-deps/toolbox.bst|0.1.1|JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.|9.8|10.0|None|
|[CVE-2013-7381](https://nvd.nist.gov/vuln/detail/CVE-2013-7381)|sdk/libnotify.bst|0.8.6|libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.|9.8|7.5|None|
|[CVE-2022-22912](https://nvd.nist.gov/vuln/detail/CVE-2022-22912)|core-deps/plist.bst|2.2.0|Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution.|9.8|7.5|None|
|[CVE-2022-29155](https://nvd.nist.gov/vuln/detail/CVE-2022-29155)|core-deps/openldap.bst|2.6.0|In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.|9.8|7.5|None|
|[CVE-2025-26623](https://nvd.nist.gov/vuln/detail/CVE-2025-26623)|core-deps/exiv2.bst|0.28.1|Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.|9.8||None|
|[CVE-2025-3277](https://nvd.nist.gov/vuln/detail/CVE-2025-3277)|components/sqlite.bst|3.46.1|An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.|9.8||None|
|[CVE-2025-47436](https://nvd.nist.gov/vuln/detail/CVE-2025-47436)|components/orc.bst|0.4.41|Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.|9.8||None|
|[CVE-2025-6965](https://nvd.nist.gov/vuln/detail/CVE-2025-6965)|components/sqlite.bst|3.46.1|There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.|9.8||None|
|[CVE-2025-57052](https://nvd.nist.gov/vuln/detail/CVE-2025-57052)|core-deps/cjson.bst|1.7.17|cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.|9.8||None|
|[CVE-2020-1171](https://nvd.nist.gov/vuln/detail/CVE-2020-1171)|components/python3.bst|3.12.12|A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.|8.8|9.3|None|
|[CVE-2023-43641](https://nvd.nist.gov/vuln/detail/CVE-2023-43641)|core-deps/libcue.bst|2.2.1|libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.|8.8||None|
|[CVE-2024-49050](https://nvd.nist.gov/vuln/detail/CVE-2024-49050)|components/python3.bst|3.12.12|Visual Studio Code Python Extension Remote Code Execution Vulnerability|8.8||None|
|[CVE-2024-36600](https://nvd.nist.gov/vuln/detail/CVE-2024-36600)|core-deps/libcdio.bst|2.1.0|Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.|8.4||None|
|[CVE-2025-43012](https://nvd.nist.gov/vuln/detail/CVE-2025-43012)|gnomeos-deps/toolbox.bst|0.1.1|In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible|8.3||None|
|[CVE-2019-17498](https://nvd.nist.gov/vuln/detail/CVE-2019-17498)|core-deps/libssh2.bst|1.9.0|In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.|8.1|5.8|None|
|[CVE-2023-3297](https://nvd.nist.gov/vuln/detail/CVE-2023-3297)|core-deps/accountsservice.bst|23.13.9|In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.|8.1||None|
|[CVE-2025-47219](https://nvd.nist.gov/vuln/detail/CVE-2025-47219)|components/gstreamer-plugins-ugly.bst|1.24.12|In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.|8.1||None|
|[CVE-2025-58060](https://nvd.nist.gov/vuln/detail/CVE-2025-58060)|components/cups-base.bst|2.4.10|OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.|8.0||None|
|[CVE-2020-1192](https://nvd.nist.gov/vuln/detail/CVE-2020-1192)|components/python3.bst|3.12.12|A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.|7.8|9.3|None|
|[CVE-2020-17163](https://nvd.nist.gov/vuln/detail/CVE-2020-17163)|components/python3.bst|3.12.12|Visual Studio Code Python Extension Remote Code Execution Vulnerability|7.8||None|
|[CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045)|core-deps/graphviz.bst|2.47.1|Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.|7.8||None|
|[CVE-2024-55549](https://nvd.nist.gov/vuln/detail/CVE-2024-55549)|components/libxslt.bst|1.1.42|xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.|7.8||None|
|[CVE-2025-24855](https://nvd.nist.gov/vuln/detail/CVE-2025-24855)|components/libxslt.bst|1.1.42|numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.|7.8||None|
|[CVE-2025-2759](https://nvd.nist.gov/vuln/detail/CVE-2025-2759)|components/gstreamer-plugins-ugly.bst|1.24.12|GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.|7.8||None|
|[CVE-2025-49714](https://nvd.nist.gov/vuln/detail/CVE-2025-49714)|components/python3.bst|3.12.12|Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.|7.8||None|
|[CVE-2024-31755](https://nvd.nist.gov/vuln/detail/CVE-2024-31755)|core-deps/cjson.bst|1.7.17|cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.|7.6||None|
|[CVE-2020-25013](https://nvd.nist.gov/vuln/detail/CVE-2020-25013)|gnomeos-deps/toolbox.bst|0.1.1|JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.|7.5|5.0|None|
|[CVE-2020-27569](https://nvd.nist.gov/vuln/detail/CVE-2020-27569)|gnomeos-deps/openvpn.bst|2.6.12|Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.|7.5|5.0|None|
|[CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357)|sdk-deps/sassc.bst|3.6.2|Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.|7.5||None|
|[CVE-2025-2704](https://nvd.nist.gov/vuln/detail/CVE-2025-2704)|gnomeos-deps/openvpn.bst|2.6.12|OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase|7.5||None|
|[CVE-2025-6021](https://nvd.nist.gov/vuln/detail/CVE-2025-6021)|components/libxml2.bst|2.13.9|A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.|7.5||None|
|[CVE-2025-52194](https://nvd.nist.gov/vuln/detail/CVE-2025-52194)|components/sndfile.bst|1.2.2|A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.|7.5||None|
|[CVE-2019-18368](https://nvd.nist.gov/vuln/detail/CVE-2019-18368)|gnomeos-deps/toolbox.bst|0.1.1|In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.|7.3|7.5|None|
|[CVE-2025-5914](https://nvd.nist.gov/vuln/detail/CVE-2025-5914)|components/libarchive.bst|3.7.4|A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.|7.3||None|
|[CVE-2022-2989](https://nvd.nist.gov/vuln/detail/CVE-2022-2989)|components/podman.bst|5.6.2|An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.|7.1||None|
|[CVE-2025-4478](https://nvd.nist.gov/vuln/detail/CVE-2025-4478)|core-deps/freerdp.bst|3.14.1|A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.|7.1||None|
|[CVE-2025-5222](https://nvd.nist.gov/vuln/detail/CVE-2025-5222)|components/icu.bst|75.1|A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.|7.0||None|
|[CVE-2025-43013](https://nvd.nist.gov/vuln/detail/CVE-2025-43013)|gnomeos-deps/toolbox.bst|0.1.1|In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible|6.9||None|
|[CVE-2023-40660](https://nvd.nist.gov/vuln/detail/CVE-2023-40660)|gnomeos-deps/opensc.bst|0.22.0|A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.|6.6||None|
|[CVE-2025-47183](https://nvd.nist.gov/vuln/detail/CVE-2025-47183)|components/gstreamer-plugins-ugly.bst|1.24.12|In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.|6.6||None|
|[CVE-2023-33460](https://nvd.nist.gov/vuln/detail/CVE-2023-33460)|components/yajl.bst|2.1.0|There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.|6.5||None|
|[CVE-2023-4969](https://nvd.nist.gov/vuln/detail/CVE-2023-4969)|components/opencl.bst|2.3.4|A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.|6.5||None|
|[CVE-2024-45993](https://nvd.nist.gov/vuln/detail/CVE-2024-45993)|components/giflib.bst|5.2.2|Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.|6.5||None|
|[CVE-2024-50613](https://nvd.nist.gov/vuln/detail/CVE-2024-50613)|components/sndfile.bst|1.2.2|libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.|6.5||None|
|[CVE-2025-58364](https://nvd.nist.gov/vuln/detail/CVE-2025-58364)|components/cups-base.bst|2.4.10|OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.|6.5||None|
|[CVE-2024-9177](https://nvd.nist.gov/vuln/detail/CVE-2024-9177)|gnomeos-deps/toolbox.bst|0.1.1|The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.|6.4||None|
|[CVE-2025-1594](https://nvd.nist.gov/vuln/detail/CVE-2025-1594)|components/ffmpeg.bst|7.0.3|A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.|6.3|7.5|None|
|[CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469)|components/avahi-base.bst|0.8|A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.|6.2||None|
|[CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470)|components/avahi-base.bst|0.8|A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.|6.2||None|
|[CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471)|components/avahi-base.bst|0.8|A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.|6.2||None|
|[CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472)|components/avahi-base.bst|0.8|A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.|6.2||None|
|[CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473)|components/avahi-base.bst|0.8|A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.|6.2||None|
|[CVE-2025-43014](https://nvd.nist.gov/vuln/detail/CVE-2025-43014)|gnomeos-deps/toolbox.bst|0.1.1|In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation|6.1||None|
|[CVE-2019-14959](https://nvd.nist.gov/vuln/detail/CVE-2019-14959)|gnomeos-deps/toolbox.bst|0.1.1|JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.|5.9|4.3|None|
|[CVE-2025-49133](https://nvd.nist.gov/vuln/detail/CVE-2025-49133)|gnomeos-deps/libtpms.bst|0.9.6|Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.|5.9||None|
|[CVE-2023-5992](https://nvd.nist.gov/vuln/detail/CVE-2023-5992)|gnomeos-deps/opensc.bst|0.22.0|A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.|5.6||None|
|[CVE-2025-5702](https://nvd.nist.gov/vuln/detail/CVE-2025-5702)|bootstrap/glibc.bst|2.40|The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.|5.6||None|
|[CVE-2025-5745](https://nvd.nist.gov/vuln/detail/CVE-2025-5745)|bootstrap/glibc.bst|2.40|The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.|5.6||None|
|[CVE-2025-47806](https://nvd.nist.gov/vuln/detail/CVE-2025-47806)|components/gstreamer-plugins-ugly.bst|1.24.12|In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.|5.6||None|
|[CVE-2025-47808](https://nvd.nist.gov/vuln/detail/CVE-2025-47808)|components/gstreamer-plugins-ugly.bst|1.24.12|In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.|5.6||None|
|[CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255)|core-deps/qemu.bst|9.1.0|A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.|5.5|2.1|None|
|[CVE-2021-3468](https://nvd.nist.gov/vuln/detail/CVE-2021-3468)|components/avahi-base.bst|0.8|A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.|5.5|2.1|None|
|[CVE-2024-24826](https://nvd.nist.gov/vuln/detail/CVE-2024-24826)|core-deps/exiv2.bst|0.28.1|Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.|5.5||None|
|[CVE-2024-25112](https://nvd.nist.gov/vuln/detail/CVE-2024-25112)|core-deps/exiv2.bst|0.28.1|Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.|5.5||None|
|[CVE-2025-47807](https://nvd.nist.gov/vuln/detail/CVE-2025-47807)|components/gstreamer-plugins-ugly.bst|1.24.12|In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.|5.5||None|
|[CVE-2025-54080](https://nvd.nist.gov/vuln/detail/CVE-2025-54080)|core-deps/exiv2.bst|0.28.1|Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.|5.5||None|
|[CVE-2025-55304](https://nvd.nist.gov/vuln/detail/CVE-2025-55304)|core-deps/exiv2.bst|0.28.1|Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.|5.5||None|
|[CVE-2023-40661](https://nvd.nist.gov/vuln/detail/CVE-2023-40661)|gnomeos-deps/opensc.bst|0.22.0|Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow
compromise key generation, certificate loading, and other card management operations during enrollment.|5.4||None|
|[CVE-2025-7545](https://nvd.nist.gov/vuln/detail/CVE-2025-7545)|bootstrap/binutils.bst|2.45|A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.|5.3|4.3|None|
|[CVE-2025-7546](https://nvd.nist.gov/vuln/detail/CVE-2025-7546)|bootstrap/binutils.bst|2.45|A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.|5.3|4.3|None|
|[CVE-2025-8176](https://nvd.nist.gov/vuln/detail/CVE-2025-8176)|components/libtiff.bst|4.6.0|A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.|5.3|4.3|None|
|[CVE-2025-8177](https://nvd.nist.gov/vuln/detail/CVE-2025-8177)|components/libtiff.bst|4.6.0|A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.|5.3|4.3|None|
|[CVE-2025-11082](https://nvd.nist.gov/vuln/detail/CVE-2025-11082)|bootstrap/binutils.bst|2.45|A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".|5.3|4.3|None|
|[CVE-2025-11083](https://nvd.nist.gov/vuln/detail/CVE-2025-11083)|bootstrap/binutils.bst|2.45|A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".|5.3|4.3|None|
|[CVE-2024-24943](https://nvd.nist.gov/vuln/detail/CVE-2024-24943)|gnomeos-deps/toolbox.bst|0.1.1|In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image|5.3||None|
|[CVE-2024-39695](https://nvd.nist.gov/vuln/detail/CVE-2024-39695)|core-deps/exiv2.bst|0.28.1|Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.|5.3||None|
|[CVE-2022-48481](https://nvd.nist.gov/vuln/detail/CVE-2022-48481)|gnomeos-deps/toolbox.bst|0.1.1|In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible|5.2||None|
|[CVE-2025-48174](https://nvd.nist.gov/vuln/detail/CVE-2025-48174)|components/libavif.bst|1.1.1|In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.|4.5||None|
|[CVE-2025-48175](https://nvd.nist.gov/vuln/detail/CVE-2025-48175)|components/libavif.bst|1.1.1|In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.|4.5||None|
|[CVE-2023-7256](https://nvd.nist.gov/vuln/detail/CVE-2023-7256)|core-deps/libpcap.bst|1.10.1|In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.|4.4||None|
|[CVE-2024-8006](https://nvd.nist.gov/vuln/detail/CVE-2024-8006)|core-deps/libpcap.bst|1.10.1|Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.|4.4||None|
|[CVE-2022-4603](https://nvd.nist.gov/vuln/detail/CVE-2022-4603)|core-deps/ppp.bst|2.4.9|A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.|4.3||None|
|[CVE-2025-42921](https://nvd.nist.gov/vuln/detail/CVE-2025-42921)|gnomeos-deps/toolbox.bst|0.1.1|In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin|4.2||None|
|[CVE-2025-25724](https://nvd.nist.gov/vuln/detail/CVE-2025-25724)|components/libarchive.bst|3.7.4|list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.|4.0||None|
|[CVE-2025-5915](https://nvd.nist.gov/vuln/detail/CVE-2025-5915)|components/libarchive.bst|3.7.4|A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.|3.9||None|
|[CVE-2025-5916](https://nvd.nist.gov/vuln/detail/CVE-2025-5916)|components/libarchive.bst|3.7.4|A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.|3.9||None|
|[CVE-2025-5918](https://nvd.nist.gov/vuln/detail/CVE-2025-5918)|components/libarchive.bst|3.7.4|A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.|3.9||None|
|[CVE-2024-1454](https://nvd.nist.gov/vuln/detail/CVE-2024-1454)|gnomeos-deps/opensc.bst|0.22.0|The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.|3.4||None|
|[CVE-2025-1373](https://nvd.nist.gov/vuln/detail/CVE-2025-1373)|components/ffmpeg.bst|7.0.3|A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.|3.3|1.7|None|
|[CVE-2025-11081](https://nvd.nist.gov/vuln/detail/CVE-2025-11081)|bootstrap/binutils.bst|2.45|A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.|3.3|1.7|None|
|[CVE-2025-11412](https://nvd.nist.gov/vuln/detail/CVE-2025-11412)|bootstrap/binutils.bst|2.45|A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.|3.3|1.7|None|
|[CVE-2025-11413](https://nvd.nist.gov/vuln/detail/CVE-2025-11413)|bootstrap/binutils.bst|2.45|A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.|3.3|1.7|None|
|[CVE-2025-11414](https://nvd.nist.gov/vuln/detail/CVE-2025-11414)|bootstrap/binutils.bst|2.45|A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.|3.3|1.7|None|
|[CVE-2025-11494](https://nvd.nist.gov/vuln/detail/CVE-2025-11494)|bootstrap/binutils.bst|2.45|A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.|3.3|1.7|None|
|[CVE-2025-11495](https://nvd.nist.gov/vuln/detail/CVE-2025-11495)|bootstrap/binutils.bst|2.45|A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.|3.3|1.7|None|
|[CVE-2025-11839](https://nvd.nist.gov/vuln/detail/CVE-2025-11839)|bootstrap/binutils.bst|2.45|A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.|3.3|1.7|None|
|[CVE-2025-11840](https://nvd.nist.gov/vuln/detail/CVE-2025-11840)|bootstrap/binutils.bst|2.45|A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.|3.3|1.7|None|
|[CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386)|core-deps/qemu.bst|9.1.0|A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.|3.3||None|
|[CVE-2023-53154](https://nvd.nist.gov/vuln/detail/CVE-2023-53154)|core-deps/cjson.bst|1.7.17|parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.|2.9||None|
|[CVE-2025-43966](https://nvd.nist.gov/vuln/detail/CVE-2025-43966)|components/libheif.bst|1.18.2|libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.|2.9||None|
|[CVE-2025-43967](https://nvd.nist.gov/vuln/detail/CVE-2025-43967)|components/libheif.bst|1.18.2|libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.|2.9||None|
|[CVE-2025-5917](https://nvd.nist.gov/vuln/detail/CVE-2025-5917)|components/libarchive.bst|3.7.4|A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.|2.8||None|
|[CVE-2025-30258](https://nvd.nist.gov/vuln/detail/CVE-2025-30258)|components/gnupg.bst|2.5.1|In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."|2.7||None|
|[CVE-2024-13978](https://nvd.nist.gov/vuln/detail/CVE-2024-13978)|components/libtiff.bst|4.6.0|A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.|2.5|1.0|None|
|[CVE-2025-8534](https://nvd.nist.gov/vuln/detail/CVE-2025-8534)|components/libtiff.bst|4.6.0|A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."|2.5|1.0|None|
|[CVE-2007-1397](https://nvd.nist.gov/vuln/detail/CVE-2007-1397)|gnomeos-deps/fish.bst|3.7.1|Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.||10.0|None|
|[CVE-2008-3844](https://nvd.nist.gov/vuln/detail/CVE-2008-3844)|components/openssh.bst|10.2|Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.||9.3|None|
|[CVE-2011-2411](https://nvd.nist.gov/vuln/detail/CVE-2011-2411)|core-deps/samba.bst|4.22.4|Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.||9.0|None|
|[CVE-2008-0731](https://nvd.nist.gov/vuln/detail/CVE-2008-0731)|components/apparmor-base.bst|4.1.2|The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task.||7.5|None|
|[CVE-2009-0032](https://nvd.nist.gov/vuln/detail/CVE-2009-0032)|components/cups-base.bst|2.4.10|CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.||6.9|None|
|[CVE-2019-12280](https://nvd.nist.gov/vuln/detail/CVE-2019-12280)|gnomeos-deps/toolbox.bst|0.1.1|PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.||6.8|None|
|[CVE-2005-0238](https://nvd.nist.gov/vuln/detail/CVE-2005-0238)|core/epiphany.bst|48.5|The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.||5.0|None|
|[CVE-2007-0998](https://nvd.nist.gov/vuln/detail/CVE-2007-0998)|core-deps/qemu.bst|9.1.0|The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.||4.3|None|
|[CVE-2008-1033](https://nvd.nist.gov/vuln/detail/CVE-2008-1033)|components/cups-base.bst|2.4.10|The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."||2.1|None|
|[CVE-2025-3887](https://nvd.nist.gov/vuln/detail/CVE-2025-3887)|components/gstreamer-plugins-ugly.bst|1.24.12|GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.|||None|
|[CVE-2025-59777](https://nvd.nist.gov/vuln/detail/CVE-2025-59777)|components/libmicrohttpd.bst|1.0.2|NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.|||None|
|[CVE-2025-62689](https://nvd.nist.gov/vuln/detail/CVE-2025-62689)|components/libmicrohttpd.bst|1.0.2|NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.|||None|
|Elements missing version data|Data|
|---|---|
|core-deps/mobile-broadband-provider-info.bst|https://download.gnome.org/sources/mobile-broadband-provider-info/20240407/mobile-broadband-provider-info-20240407.tar.xz
|core-deps/osinfo-db.bst|https://releases.pagure.org/libosinfo/osinfo-db-20250606.tar.xz
|components/tex-gyre-fonts.bst|https://mirrors.ctan.org/fonts/tex-gyre.zip
|gnomeos-deps/alsa-ucm-conf.bst|https://github.com/alsa-project/alsa-ucm-conf/archive/b0497ca4b508d6f894d78b16e0e06616a2a36c16.tar.gz
|gnomeos-deps/android-udev-rules.bst|https://github.com/M0Rf30/android-udev-rules/archive/20210425.tar.gz
|gnomeos-deps/flathub-config.bst|https://flathub.org/repo/flathub.flatpakrepo
|gnomeos-deps/gnome-nightly-config.bst|https://nightly.gnome.org/gnome-nightly.flatpakrepo
|gnomeos-deps/noto-cjk.bst|https://github.com/notofonts/noto-cjk/releases/download/Serif2.001/04_NotoSerifCJKOTC.zip
|bootstrap/gnu-config.bst|https://git.savannah.gnu.org/git/config.git a2287c3041a3f2a204eb942e09c015eab00dc7dd
|components/ca-certificates.bst|https://src.fedoraproject.org/rpms/ca-certificates.git 91af9300e9ca630b72f466b317bc489446838db8
|components/podman-config.bst|https://github.com/projectatomic/registries.git da9a9c87781823f45401ca49da04e269c9e3100e
|components/polkit-base.bst|https://github.com/polkit-org/polkit.git 126-0-gd627b0d1e1108563658dabe3fb8d2a065e64df10
|gnomeos-deps/deviced.bst|https://gitlab.gnome.org/chergert/deviced.git 8bb61199a689bfc02fe07b02edda2039d1999d1f
|gnomeos-deps/foundry.bst|https://gitlab.gnome.org/chergert/foundry.git d04ebb74009ce2dcc98b5e2e81ec01081acb0ae7
|components/libfdk-aac.bst|https://gitlab.freedesktop.org/wtaymans/fdk-aac-stripped 0fc0e0e0b89de3becd5f099eae725f13eeecc0d1
|components/dmidecode.bst|https://git.savannah.gnu.org/git/dmidecode.git dmidecode-3-6-0-g51b1ecc262e4d0a45994f7a736ca1ab77b10480b
|components/libnl.bst|https://github.com/thom311/libnl.git libnl3_11_0-0-gc7edc38f8e335c18c5e17451d2cb19b9b8d0b48f
|components/google-crosextra-caladea.bst|https://github.com/huertatipografica/Caladea.git 336a529cfad3d103d6527752686f8331d13e820a
|components/google-crosextra-carlito.bst|https://github.com/googlefonts/carlito.git 3a810cab78ebd6e2e4eed42af9e8453c4f9b850a
|components/linux-firmware.bst|https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git 20251111-0-g6fc940781a013ad837ed8fea326d2b897467bbc3
|components/wireless-regdb-bin.bst|https://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git master-2023-09-01-0-g991b1ef696b7a034a5bf001cf31ab7735888c6e1
|components/efivar.bst|https://github.com/rhboot/efivar.git 39-0-gc47820c37ac26286559ec004de07d48d05f3308c
|components/foomatic-db.bst|https://github.com/OpenPrinting/foomatic-db.git 20240504-3-g9a7a08318598fea569cf073489709899c9af6143
|gnomeos-deps/vpnc-scripts.bst|https://gitlab.com/openconnect/vpnc-scripts.git 4ed41c21e3857f96ab935b45092bbb07c3ccd5be
|gnomeos-deps/vpnc.bst|https://github.com/streambinder/vpnc.git d0fd23d9432d54e7f354ecf3ced1e35d92d3dbde
|components/wpa-supplicant.bst|https://w1.fi/hostap.git hostap_2_11-0-gd945ddd368085f255e68328f2d3b020ceea359af
|components/sudo.bst|https://github.com/sudo-project/sudo.git SUDO_1_9_16p2-0-g172cbd968e6fe5f64d3384896a90c0a1aa73238d