git: 26d54384e9ef - main - security/vuxml: document kea vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 29 May 2025 15:09:06 UTC
The branch main has been updated by brd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=26d54384e9ef6cb647d4de0790c71674fb9e1d4f
commit 26d54384e9ef6cb647d4de0790c71674fb9e1d4f
Author: Brad Davis <brd@FreeBSD.org>
AuthorDate: 2025-05-29 15:06:28 +0000
Commit: Brad Davis <brd@FreeBSD.org>
CommitDate: 2025-05-29 15:08:48 +0000
security/vuxml: document kea vulnerabilities
---
security/vuxml/vuln/2025.xml | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 6fdfc63101a3..1ae5e0c9072e 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -33,6 +33,37 @@
</dates>
</vuln>
+ <vuln vid="34744aab-3bf7-11f0-b81c-001b217e4ee5">
+ <topic>ISC KEA -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>kea</name>
+ <range><lt>2.6.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Internet Systems Consortium, Inc. reports:</p>
+ <blockquote cite="https://kb.isc.org/docs/">
+ <p><ul>
+ <li>Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801</li>
+ <li>Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802</li>
+ <li>Insecure file permissions can result in confidential information leakage https://kb.isc.org/docs/cve-2025-32803</li>
+ </ul></p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-32801</cvename>
+ <cvename>CVE-2025-32802</cvename>
+ <cvename>CVE-2025-32803</cvename>
+ </references>
+ <dates>
+ <discovery>2025-05-28</discovery>
+ <entry>2025-05-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="45eb98d6-3b13-11f0-97f7-b42e991fc52e">
<topic>grafana -- XSS vulnerability</topic>
<affects>