CVSS: 7.4EPSS: %CPEs: 2EXPL: 0CVE-2025-32914 – Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process
https://notcve.org/view.php?id=CVE-2025-32914
14 Apr 2025 — A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. • https://access.redhat.com/security/cve/CVE-2025-32914 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2025-32912 – Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication
https://notcve.org/view.php?id=CVE-2025-32912
14 Apr 2025 — A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. • https://access.redhat.com/security/cve/CVE-2025-32912 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2025-32910 – Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication
https://notcve.org/view.php?id=CVE-2025-32910
14 Apr 2025 — A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. • https://access.redhat.com/security/cve/CVE-2025-32910 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: %CPEs: 2EXPL: 0CVE-2025-32909 – Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c
https://notcve.org/view.php?id=CVE-2025-32909
14 Apr 2025 — A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash. • https://access.redhat.com/security/cve/CVE-2025-32909 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2025-32908 – Libsoup: denial of service on libsoup through http/2 server
https://notcve.org/view.php?id=CVE-2025-32908
14 Apr 2025 — A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS). • https://access.redhat.com/security/cve/CVE-2025-32908 • CWE-115: Misinterpretation of Input •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2025-32907 – Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header
https://notcve.org/view.php?id=CVE-2025-32907
14 Apr 2025 — A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. • https://access.redhat.com/security/cve/CVE-2025-32907 • CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2025-32906 – Libsoup: out of bounds reads in soup_headers_parse_request()
https://notcve.org/view.php?id=CVE-2025-32906
14 Apr 2025 — A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. • https://access.redhat.com/security/cve/CVE-2025-32906 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2025-32913 – Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header
https://notcve.org/view.php?id=CVE-2025-32913
14 Apr 2025 — A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function. • https://access.redhat.com/security/cve/CVE-2025-32913 • CWE-476: NULL Pointer Dereference •
CVSS: 3.7EPSS: 0%CPEs: 10EXPL: 0CVE-2025-3416 – Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
https://notcve.org/view.php?id=CVE-2025-3416
08 Apr 2025 — A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. • https://access.redhat.com/security/cve/CVE-2025-3416 • CWE-416: Use After Free •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3360 – Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
https://notcve.org/view.php?id=CVE-2025-3360
07 Apr 2025 — A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. • https://access.redhat.com/security/cve/CVE-2025-3360 • CWE-190: Integer Overflow or Wraparound •