Security Vulnerabilities - CVEs Published In February 2025
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-02-25
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
CVSS Score
5.4
EPSS Score
0.004
Published
2025-02-25
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVSS Score
8.5
EPSS Score
0.007
Published
2025-02-25
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-02-25
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-02-25
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-02-25
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-02-25
Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-25
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-02-25
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth authorization has already been established. Version 10.0.18 contains a patch. As a workaround, one may disable any "Mail servers" authentication provider configured to use an Oauth connection provided by the OauthIMAP plugin.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-25