CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-59378
https://notcve.org/view.php?id=CVE-2025-59378
15 Sep 2025 — In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended). • https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 1CVE-2025-8746 – GNU libopts __strstr_sse2 memory corruption
https://notcve.org/view.php?id=CVE-2025-8746
09 Aug 2025 — A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 1CVE-2025-8736 – GNU cflow Lexer c.c yylex buffer overflow
https://notcve.org/view.php?id=CVE-2025-8736
08 Aug 2025 — A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/17lkJ5bSiQZoXLTg3bK-rGBt3kahN9Xse/view?usp=drive_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.8EPSS: 0%CPEs: 9EXPL: 1CVE-2025-8735 – GNU cflow Lexer c.c yylex null pointer dereference
https://notcve.org/view.php?id=CVE-2025-8735
08 Aug 2025 — A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1Q_rDQSEl3cBu6SUbfqr9pV9cHgvKcXFI/view?usp=drive_link • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8225 – GNU Binutils DWARF Section dwarf.c process_debug_info memory leak
https://notcve.org/view.php?id=CVE-2025-8225
27 Jul 2025 — A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. • https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 4CVE-2025-8224 – GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
https://notcve.org/view.php?id=CVE-2025-8224
27 Jul 2025 — A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=15680 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8058 – glibc: Double free in glibc
https://notcve.org/view.php?id=CVE-2025-8058
23 Jul 2025 — The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. A double-free vulnerability has been discovered in glibc (GNU C Library). • https://sourceware.org/bugzilla/show_bug.cgi?id=33185 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7546 – GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-7546
13 Jul 2025 — A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=16118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7545 – GNU Binutils objcopy.c copy_section heap-based overflow
https://notcve.org/view.php?id=CVE-2025-7545
13 Jul 2025 — A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=16117 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-45582 – Red Hat Security Advisory 2026-0135-03
https://notcve.org/view.php?id=CVE-2025-45582
11 Jul 2025 — GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mecha... • https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md • CWE-24: Path Traversal: '../filedir' •