CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-3030 – firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
https://notcve.org/view.php?id=CVE-2025-3030
01 Apr 2025 — Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9. Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of m... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-3029 – firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters
https://notcve.org/view.php?id=CVE-2025-3029
01 Apr 2025 — A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9. A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. A flaw was... • https://bugzilla.mozilla.org/show_bug.cgi?id=1952213 • CWE-290: Authentication Bypass by Spoofing CWE-346: Origin Validation Error •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-3028 – firefox: thunderbird: Use-after-free triggered by XSLTProcessor
https://notcve.org/view.php?id=CVE-2025-3028
01 Apr 2025 — JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9. JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. An update for firefox is now ava... • https://bugzilla.mozilla.org/show_bug.cgi?id=1941002 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29069
https://notcve.org/view.php?id=CVE-2025-29069
01 Apr 2025 — A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a third-party calling program, not in lcms. • https://github.com/mm2/Little-CMS/issues/476 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29070
https://notcve.org/view.php?id=CVE-2025-29070
01 Apr 2025 — A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color management, is there only as a helper for low-level programming and inves... • https://github.com/mm2/Little-CMS/issues/475 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2926 – HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2926
28 Mar 2025 — A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5384 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2925 – HDF5 H5MM.c H5MM_realloc double free
https://notcve.org/view.php?id=CVE-2025-2925
28 Mar 2025 — A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5383 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2924 – HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2924
28 Mar 2025 — A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2923 – HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2923
28 Mar 2025 — A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27552 – DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm
https://notcve.org/view.php?id=CVE-2025-27552
26 Mar 2025 — DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. • https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •