Security Vulnerabilities - CVEs Published In February 2025
Out-of-bounds write vulnerability in the emcom module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-02-06
Vulnerability of incomplete verification information in the VPN service module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-06
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-02-06
Arbitrary write vulnerability in the Gallery module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-06
Out-of-bounds read vulnerability in the interpreter string module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
2.8
EPSS Score
0.0
Published
2025-02-06
Vulnerability of improper log information control in the UI framework module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-02-06
Identity verification vulnerability in the ParamWatcher module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-02-06
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service.
Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.
CVSS Score
6.5
EPSS Score
0.006
Published
2025-02-06
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-02-06
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations
Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.
CVSS Score
8.6
EPSS Score
0.009
Published
2025-02-06