CVSS: 7.0EPSS: 1%CPEs: 23EXPL: 0CVE-2025-2784 – Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
https://notcve.org/view.php?id=CVE-2025-2784
03 Apr 2025 — A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. It was discovered that libsoup could be made to read out of bounds. An attacker could possibly use this issue to cause applications using libsoup to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2025-2784 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2025-24213 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24213
31 Mar 2025 — This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. • https://support.apple.com/en-us/122371 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 1CVE-2024-8176 – Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
https://notcve.org/view.php?id=CVE-2024-8176
14 Mar 2025 — A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. It was discovered that Expat could crash due to stack overflow when p... • https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176 • CWE-674: Uncontrolled Recursion •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://support.apple.com/en-us/122281 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0686 – Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat
https://notcve.org/view.php?id=CVE-2025-0686
03 Mar 2025 — A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds... • https://access.redhat.com/security/cve/CVE-2025-0686 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0685 – Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
https://notcve.org/view.php?id=CVE-2025-0685
03 Mar 2025 — A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffe... • https://access.redhat.com/security/cve/CVE-2025-0685 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0684 – Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
https://notcve.org/view.php?id=CVE-2025-0684
03 Mar 2025 — A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs... • https://access.redhat.com/security/cve/CVE-2025-0684 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2025-0678 – Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
https://notcve.org/view.php?id=CVE-2025-0678
03 Mar 2025 — A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during d... • https://access.redhat.com/security/cve/CVE-2025-0678 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2024-45782 – Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
https://notcve.org/view.php?id=CVE-2024-45782
03 Mar 2025 — A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass. • https://access.redhat.com/security/cve/CVE-2024-45782 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 4.1EPSS: 0%CPEs: 16EXPL: 0CVE-2024-45778 – Grub2: fs/bfs: integer overflow in the bfs parser.
https://notcve.org/view.php?id=CVE-2024-45778
03 Mar 2025 — A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash. • https://access.redhat.com/security/cve/CVE-2024-45778 • CWE-190: Integer Overflow or Wraparound •