CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2025-32989 – Gnutls: vulnerability in gnutls sct extension parsing
https://notcve.org/view.php?id=CVE-2025-32989
09 Jul 2025 — A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.... • https://access.redhat.com/errata/RHSA-2025:16115 • CWE-295: Improper Certificate Validation •
CVSS: 8.5EPSS: 0%CPEs: 34EXPL: 0CVE-2025-32990 – Gnutls: vulnerability in gnutls certtool template parsing
https://notcve.org/view.php?id=CVE-2025-32990
09 Jul 2025 — A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name entries containing an otherName. A remote attacker could use this... • https://access.redhat.com/security/cve/CVE-2025-32990 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6141 – GNU ncurses parse_entry.c postprocess_termcap stack-based overflow
https://notcve.org/view.php?id=CVE-2025-6141
16 Jun 2025 — A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. • https://invisible-island.net/ncurses/NEWS.html#index-t20250329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5899 – GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap
https://notcve.org/view.php?id=CVE-2025-5899
09 Jun 2025 — A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing • CWE-590: Free of Memory not on the Heap •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5898 – GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-5898
09 Jun 2025 — A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1ZigqDFZQn5YUWFLu1V2juDGWQgbJFAtX/view?usp=sharing • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-5745 – openSUSE Security Advisory - openSUSE-SU-2025:15222-1
https://notcve.org/view.php?id=CVE-2025-5745
05 Jun 2025 — The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. It was discovered that the GNU C Library incorrectly handled the strcmp imple... • https://sourceware.org/bugzilla/show_bug.cgi?id=33060 • CWE-665: Improper Initialization •
CVSS: 5.6EPSS: 0%CPEs: 10EXPL: 0CVE-2025-5702 – glibc: Vector register overwrite bug in glibc
https://notcve.org/view.php?id=CVE-2025-5702
05 Jun 2025 — The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. A flaw was found in the optimized strcmp glibc function for the Power10 CPU ar... • https://sourceware.org/bugzilla/show_bug.cgi?id=33056 • CWE-404: Improper Resource Shutdown or Release CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 45EXPL: 1CVE-2025-5245 – GNU Binutils objdump debug.c debug_type_samep memory corruption
https://notcve.org/view.php?id=CVE-2025-5245
27 May 2025 — A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=16004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 45EXPL: 1CVE-2025-5244 – GNU Binutils ld elflink.c elf_gc_sweep memory corruption
https://notcve.org/view.php?id=CVE-2025-5244
27 May 2025 — A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. • https://sourceware.org/bugzilla/attachment.cgi?id=16010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5001 – GNU PSPP pspp-convert.c calloc integer overflow
https://notcve.org/view.php?id=CVE-2025-5001
20 May 2025 — A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. • https://drive.google.com/file/d/12IIt8eR591Z8O1ABOCkT_jdXSWaBxMZx/view?usp=drive_link • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •