CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4982 – Pagure: path traversal in view_issue_raw_file()
https://notcve.org/view.php?id=CVE-2024-4982
12 May 2025 — A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server. • https://access.redhat.com/security/cve/CVE-2024-4982 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4981 – Pagure: _update_file_in_git() follows symbolic links in temporary clones
https://notcve.org/view.php?id=CVE-2024-4981
12 May 2025 — A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo. • https://access.redhat.com/security/cve/CVE-2024-4981 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22247 – Insecure file handling vulnerability
https://notcve.org/view.php?id=CVE-2025-22247
12 May 2025 — VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. It was discovered that Open VM Tools incorrectly handled certain file operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26846
https://notcve.org/view.php?id=CVE-2025-26846
12 May 2025 — An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. • https://www.znuny.com • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4207 – PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
https://notcve.org/view.php?id=CVE-2025-4207
08 May 2025 — Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. • https://www.postgresql.org/support/security/CVE-2025-4207 • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26842
https://notcve.org/view.php?id=CVE-2025-26842
08 May 2025 — An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog. • https://www.znuny.org/en/advisories/zsa-2025-01 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26844
https://notcve.org/view.php?id=CVE-2025-26844
08 May 2025 — An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. • https://www.znuny.com • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26845
https://notcve.org/view.php?id=CVE-2025-26845
08 May 2025 — An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script. • https://www.znuny.com • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31177 – Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one
https://notcve.org/view.php?id=CVE-2025-31177
07 May 2025 — gnuplot is affected by a heap buffer overflow at function utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31177 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47153
https://notcve.org/view.php?id=CVE-2025-47153
01 May 2025 — Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does... • https://bugzilla.redhat.com/show_bug.cgi?id=892601 • CWE-1102: Reliance on Machine-Dependent Data Representation •