Security Vulnerabilities - CVEs Published In March 2025
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin.
If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.
This issue affects Apache Kylin: from 4.0.0 through 5.0.1.
Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-03-27
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-03-27
An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-27
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27
libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27
An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27
libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27