CVSS: 2.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13978 – LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference
https://notcve.org/view.php?id=CVE-2024-13978
01 Aug 2025 — A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. • http://www.libtiff.org • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-45768
https://notcve.org/view.php?id=CVE-2025-45768
31 Jul 2025 — pyjwt v2.10.1 was discovered to contain weak encryption. Se descubrió que pyjwt v2.10.1 contenía un cifrado débil. pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement). • https://gist.github.com/ZupeiNie/6f65e564f2067b876321d3dfdbb76569 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-45770
https://notcve.org/view.php?id=CVE-2025-45770
31 Jul 2025 — jwt v5.4.3 was discovered to contain weak encryption. Se descubrió que jwt v5.4.3 contenía un cifrado débil. jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record. • https://gist.github.com/ZupeiNie/cd88c827eef11a1618f8baacccd240fb • CWE-326: Inadequate Encryption Strength •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53022
https://notcve.org/view.php?id=CVE-2025-53022
30 Jul 2025 — TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade (FWU) module does not validate the length field of the Type-Length-Value (TLV) structure for dependent components against the maximum allowed size. If the length specified in the TLV exceeds the size of the buffer allocated on the stack, the FWU module will overwrite the buffer (and potentially other stack da... • https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/heads/main/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c#257 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8264
https://notcve.org/view.php?id=CVE-2025-8264
29 Jul 2025 — Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database. **Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUERY option configured. Mitigation C... • https://github.com/Z-Hub/Z-Push/blob/af25a2169a50d6e05a5916d1e8b2b6cd17011c98/src/backend/imap/user_identity.php%23L211C9-L214C25 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8283 – Netavark: podman: netavark may resolve hostnames to unexpected hosts
https://notcve.org/view.php?id=CVE-2025-8283
28 Jul 2025 — A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained ... • https://access.redhat.com/security/cve/CVE-2025-8283 • CWE-15: External Control of System or Configuration Setting •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-8177 – LibTIFF thumbnail.c setrow buffer overflow
https://notcve.org/view.php?id=CVE-2025-8177
26 Jul 2025 — A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. • http://www.libtiff.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2025-8176 – LibTIFF tiffmedian.c get_histogram use after free
https://notcve.org/view.php?id=CVE-2025-8176
26 Jul 2025 — A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. • http://www.libtiff.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-8114 – : null pointer dereference in libssh kex session id calculation
https://notcve.org/view.php?id=CVE-2025-8114
24 Jul 2025 — A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. Se encontró una falla en libssh, una librería que implementa el protocolo SSH. Al calcular el ID de sesión durante el proceso de intercambio de claves (KEX), un fallo de asignación en las funciones criptográficas puede provocar ... • https://access.redhat.com/security/cve/CVE-2025-8114 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-8058 – glibc: Double free in glibc
https://notcve.org/view.php?id=CVE-2025-8058
23 Jul 2025 — The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. A double-free vulnerability has been discovered in glibc (GNU C Library). • https://sourceware.org/bugzilla/show_bug.cgi?id=33185 • CWE-415: Double Free •