CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27551 – DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm
https://notcve.org/view.php?id=CVE-2025-27551
26 Mar 2025 — DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. • https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47516 – Pagure: argument injection in pagurerepo.log()
https://notcve.org/view.php?id=CVE-2024-47516
25 Mar 2025 — A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. • https://access.redhat.com/security/cve/CVE-2024-47516 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27830 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27830
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708241 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27831 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27831
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708132 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27832 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27832
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708133 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27833 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27833
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708259 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27834 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27834
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708253 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27835 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27835
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708131 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27836 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27836
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708192 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27837
https://notcve.org/view.php?id=CVE-2025-27837
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. • https://bugs.ghostscript.com/show_bug.cgi?id=708238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •