CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2025-4404 – Freeipa: idm: privilege escalation from host to domain admin in freeipa
https://notcve.org/view.php?id=CVE-2025-4404
17 Jun 2025 — A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leadin... • https://access.redhat.com/errata/RHSA-2025:9184 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49794 – Libxml: heap use after free (uaf) leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49794
16 Jun 2025 — A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. • https://access.redhat.com/security/cve/CVE-2025-49794 • CWE-825: Expired Pointer Dereference •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-6170 – Libxml2: stack buffer overflow in xmllint interactive shell command handling
https://notcve.org/view.php?id=CVE-2025-6170
16 Jun 2025 — A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. • https://access.redhat.com/security/cve/CVE-2025-6170 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49795 – Libxml: null pointer dereference leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49795
16 Jun 2025 — A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. • https://access.redhat.com/security/cve/CVE-2025-49795 • CWE-825: Expired Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49796 – Libxml: type confusion leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49796
16 Jun 2025 — A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. • https://access.redhat.com/security/cve/CVE-2025-49796 • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6052 – Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring
https://notcve.org/view.php?id=CVE-2025-6052
13 Jun 2025 — A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. • https://access.redhat.com/security/cve/CVE-2025-6052 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6035 – Gimp: gimp integer overflow
https://notcve.org/view.php?id=CVE-2025-6035
13 Jun 2025 — A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. • https://access.redhat.com/security/cve/CVE-2025-6035 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-6021 – Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
https://notcve.org/view.php?id=CVE-2025-6021
12 Jun 2025 — A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. • https://access.redhat.com/security/cve/CVE-2025-6021 • CWE-121: Stack-based Buffer Overflow •
CVSS: 3.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-5914 – Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
https://notcve.org/view.php?id=CVE-2025-5914
09 Jun 2025 — A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. Se ha identificado una vulnerabilidad en la librería libarchive, específicamente en la función archive_read_format_rar_seek_data... • https://access.redhat.com/security/cve/CVE-2025-5914 • CWE-415: Double Free •
CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5918 – Libarchive: reading past eof may be triggered for piped file streams
https://notcve.org/view.php?id=CVE-2025-5918
09 Jun 2025 — A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition. Se ha identificado una vulnerabilidad en la librería libarchive. Esta falla puede activarse cuando se canalizan flujos de archivos a bsdtar, lo que podría permitir la... • https://access.redhat.com/security/cve/CVE-2025-5918 • CWE-125: Out-of-bounds Read •