CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-8028 – Large branch table could lead to truncated instruction
https://notcve.org/view.php?id=CVE-2025-8028
22 Jul 2025 — On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: On arm64, a WASM br_table... • https://bugzilla.mozilla.org/show_bug.cgi?id=1971581 • CWE-1332: Improper Handling of Faults that Lead to Instruction Skips •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-8027 – JavaScript engine only wrote partial return value to stack
https://notcve.org/view.php?id=CVE-2025-8027
22 Jul 2025 — On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit platforms, IonMonkey-JIT only wrote 32 bits of the 64-bit retu... • https://bugzilla.mozilla.org/show_bug.cgi?id=1968423 • CWE-457: Use of Uninitialized Variable •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-51591
https://notcve.org/view.php?id=CVE-2025-51591
11 Jul 2025 — A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-serve... • http://jgm.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0CVE-2025-6395 – Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
https://notcve.org/view.php?id=CVE-2025-6395
09 Jul 2025 — A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system. A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Na... • https://access.redhat.com/security/cve/CVE-2025-6395 • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 0%CPEs: 36EXPL: 0CVE-2025-32988 – Gnutls: vulnerability in gnutls othername san export
https://notcve.org/view.php?id=CVE-2025-32988
09 Jul 2025 — A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in ... • https://access.redhat.com/errata/RHSA-2025:16115 • CWE-415: Double Free •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2025-32989 – Gnutls: vulnerability in gnutls sct extension parsing
https://notcve.org/view.php?id=CVE-2025-32989
09 Jul 2025 — A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.... • https://access.redhat.com/errata/RHSA-2025:16115 • CWE-295: Improper Certificate Validation •
CVSS: 8.5EPSS: 0%CPEs: 34EXPL: 0CVE-2025-32990 – Gnutls: vulnerability in gnutls certtool template parsing
https://notcve.org/view.php?id=CVE-2025-32990
09 Jul 2025 — A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name entries containing an otherName. A remote attacker could use this... • https://access.redhat.com/security/cve/CVE-2025-32990 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-7345 – Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf
https://notcve.org/view.php?id=CVE-2025-7345
08 Jul 2025 — A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. It was discovered that GDK-Pixbuf incorrectly handled certain GIF files. An attacker could possibly use this issue to expose sensitive info... • https://access.redhat.com/security/cve/CVE-2025-7345 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-5449 – Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service
https://notcve.org/view.php?id=CVE-2025-5449
05 Jul 2025 — A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service. Se detectó una falla en la lógica de decodificación de mensajes del servidor SFTP de libssh. El problema se debe a una comprobación incorrecta de la longitud del paquete, lo que per... • https://access.redhat.com/security/cve/CVE-2025-5449 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2025-5987 – Libssh: invalid return code for chacha20 poly1305 with openssl backend
https://notcve.org/view.php?id=CVE-2025-5987
05 Jul 2025 — A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes. Ro... • https://access.redhat.com/security/cve/CVE-2025-5987 • CWE-393: Return of Wrong Status Code •