CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4982 – Pagure: path traversal in view_issue_raw_file()
https://notcve.org/view.php?id=CVE-2024-4982
12 May 2025 — A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server. • https://access.redhat.com/security/cve/CVE-2024-4982 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4981 – Pagure: _update_file_in_git() follows symbolic links in temporary clones
https://notcve.org/view.php?id=CVE-2024-4981
12 May 2025 — A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo. • https://access.redhat.com/security/cve/CVE-2024-4981 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26846
https://notcve.org/view.php?id=CVE-2025-26846
12 May 2025 — An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. • https://www.znuny.com • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4207 – PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
https://notcve.org/view.php?id=CVE-2025-4207
08 May 2025 — Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. • https://www.postgresql.org/support/security/CVE-2025-4207 • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26842
https://notcve.org/view.php?id=CVE-2025-26842
08 May 2025 — An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog. • https://www.znuny.org/en/advisories/zsa-2025-01 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26844
https://notcve.org/view.php?id=CVE-2025-26844
08 May 2025 — An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. • https://www.znuny.com • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26845
https://notcve.org/view.php?id=CVE-2025-26845
08 May 2025 — An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script. • https://www.znuny.com • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31177 – Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one
https://notcve.org/view.php?id=CVE-2025-31177
07 May 2025 — gnuplot is affected by a heap buffer overflow at function utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31177 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47153
https://notcve.org/view.php?id=CVE-2025-47153
01 May 2025 — Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does... • https://bugzilla.redhat.com/show_bug.cgi?id=892601 • CWE-1102: Reliance on Machine-Dependent Data Representation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4093 – firefox: thunderbird: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10
https://notcve.org/view.php?id=CVE-2025-4093
29 Apr 2025 — Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1894100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •