CVSS: 8.5EPSS: %CPEs: 4EXPL: 0CVE-2025-8067 – Udisks: out-of-bounds read in udisks daemon
https://notcve.org/view.php?id=CVE-2025-8067
28 Aug 2025 — A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lo... • https://access.redhat.com/security/cve/CVE-2025-8067 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8941 – Linux-pam: incomplete fix for cve-2025-6020
https://notcve.org/view.php?id=CVE-2025-8941
13 Aug 2025 — A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. • https://access.redhat.com/security/cve/CVE-2025-8941 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.7EPSS: 0%CPEs: 27EXPL: 0CVE-2025-8556 – Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results
https://notcve.org/view.php?id=CVE-2025-8556
06 Aug 2025 — A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. Se detectó una falla en la implementación de la curva elíptica FourQ de CIRCL. Esta vulnerabilidad permite a un atacante comprometer la seguridad de la sesión mediante la inyección de puntos de orden inferior y una validación incorrecta de puntos durante el intercambio de c... • https://access.redhat.com/security/cve/CVE-2025-8556 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8283 – Netavark: podman: netavark may resolve hostnames to unexpected hosts
https://notcve.org/view.php?id=CVE-2025-8283
28 Jul 2025 — A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained ... • https://access.redhat.com/security/cve/CVE-2025-8283 • CWE-15: External Control of System or Configuration Setting •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4056 – Glib: glib crash after long command line
https://notcve.org/view.php?id=CVE-2025-4056
28 Jul 2025 — A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. Se encontró una falla en GLib. En plataformas Windows, puede producirse una denegación de servicio si una aplicación intenta generar un programa mediante líneas de comando largas. • https://access.redhat.com/security/cve/CVE-2025-4056 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-8114 – : null pointer dereference in libssh kex session id calculation
https://notcve.org/view.php?id=CVE-2025-8114
24 Jul 2025 — A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. Se encontró una falla en libssh, una librería que implementa el protocolo SSH. Al calcular el ID de sesión durante el proceso de intercambio de claves (KEX), un fallo de asignación en las funciones criptográficas puede provocar ... • https://access.redhat.com/security/cve/CVE-2025-8114 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-7519 – Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-7519
14 Jul 2025 — A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly. • https://access.redhat.com/security/cve/CVE-2025-7519 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-7424 – Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
https://notcve.org/view.php?id=CVE-2025-7424
10 Jul 2025 — A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. macOS Sequoia 15.6 addresses bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://access.redhat.com/security/cve/CVE-2025-7424 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2025-7425 – Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
https://notcve.org/view.php?id=CVE-2025-7425
10 Jul 2025 — A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterpri... • https://access.redhat.com/security/cve/CVE-2025-7425 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-6395 – Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
https://notcve.org/view.php?id=CVE-2025-6395
09 Jul 2025 — A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system. A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Na... • https://access.redhat.com/security/cve/CVE-2025-6395 • CWE-476: NULL Pointer Dereference •