CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2926 – HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2926
28 Mar 2025 — A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5384 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2925 – HDF5 H5MM.c H5MM_realloc double free
https://notcve.org/view.php?id=CVE-2025-2925
28 Mar 2025 — A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5383 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2924 – HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2924
28 Mar 2025 — A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2923 – HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2923
28 Mar 2025 — A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27552 – DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm
https://notcve.org/view.php?id=CVE-2025-27552
26 Mar 2025 — DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. • https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27551 – DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm
https://notcve.org/view.php?id=CVE-2025-27551
26 Mar 2025 — DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. • https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47516 – Pagure: argument injection in pagurerepo.log()
https://notcve.org/view.php?id=CVE-2024-47516
25 Mar 2025 — A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. • https://access.redhat.com/security/cve/CVE-2024-47516 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27830 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27830
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708241 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27833 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27833
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708259 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27834 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27834
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708253 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •