CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2025-48797 – Gimp: multiple heap buffer overflows in tga parser
https://notcve.org/view.php?id=CVE-2025-48797
27 May 2025 — A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow. Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened. For th... • https://access.redhat.com/security/cve/CVE-2025-48797 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-48796 – Gimp: stack-based buffer overflows in file-ico
https://notcve.org/view.php?id=CVE-2025-48796
27 May 2025 — A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2025-48796 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-5269 – firefox: thunderbird: Memory safety bug
https://notcve.org/view.php?id=CVE-2025-5269
27 May 2025 — Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11. Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1924108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-5268 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-5268
27 May 2025 — Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Firefox ESR < 128.11. Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that wit... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0CVE-2025-5263 – firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
https://notcve.org/view.php?id=CVE-2025-5263
27 May 2025 — Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11. Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. A flaw was found in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1960745 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4057 – Activemq-artemis-operator: amq broker operator starting credentials reuse
https://notcve.org/view.php?id=CVE-2025-4057
26 May 2025 — A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. Se detectó una falla en ActiveMQ Artemis. La contraseña generada por activemq-artemis-operator no se regenera entre dependencias CR separadas. This is the multiarch release of the AMQ Broker 7.13.0 aligned Operator and associated container images on Red Hat Enterprise Linux 9 for the OpenShift Container Platform. • https://access.redhat.com/security/cve/CVE-2025-4057 • CWE-1391: Use of Weak Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5024 – Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus
https://notcve.org/view.php?id=CVE-2025-5024
22 May 2025 — A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd. • https://access.redhat.com/security/cve/CVE-2025-5024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4969 – Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c
https://notcve.org/view.php?id=CVE-2025-4969
21 May 2025 — A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read). This update for libsoup fixes the following issues. Fixed off-by-one out-of-bounds read may lead to infoleak. • https://access.redhat.com/security/cve/CVE-2025-4969 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47711 – Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
https://notcve.org/view.php?id=CVE-2025-47711
20 May 2025 — There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service. Existe una falla en el servidor nbdkit al gestionar las respuestas de sus complementos sobre el estado de los bloques de datos. Si un cliente realiza una solicitud específica para un ra... • https://access.redhat.com/security/cve/CVE-2025-47711 • CWE-193: Off-by-one Error •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47712 – Nbd: nbdkit: integer overflow triggers an assertion resulting in denial of service
https://notcve.org/view.php?id=CVE-2025-47712
20 May 2025 — A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service. Existe una falla en el filtro "blocksize" de nbdkit que puede activarse con un tipo específico de solicitud de cliente. Cuando un cliente solicita información sobre el estado del bloque para un rango de datos muy grande, super... • https://access.redhat.com/security/cve/CVE-2025-47712 • CWE-190: Integer Overflow or Wraparound •