CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 0CVE-2025-9900 – Libtiff: libtiff write-what-where
https://notcve.org/view.php?id=CVE-2025-9900
23 Sep 2025 — A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Xudong... • https://access.redhat.com/security/cve/CVE-2025-9900 • CWE-123: Write-what-where Condition •
CVSS: 8.5EPSS: 0%CPEs: 32EXPL: 0CVE-2025-9566 – Podman: podman kube play command may overwrite host files
https://notcve.org/view.php?id=CVE-2025-9566
05 Sep 2025 — There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1 There's a vulnerability in podman where an attack... • https://access.redhat.com/errata/RHSA-2025:15900 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 23EXPL: 0CVE-2025-6032 – Podman: podman missing tls verification
https://notcve.org/view.php?id=CVE-2025-6032
24 Jun 2025 — A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. Red Hat OpenShift Container Platform release 4.19.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a buffer overflow vulnerability. • https://access.redhat.com/security/cve/CVE-2025-6032 • CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 0%CPEs: 51EXPL: 0CVE-2025-49794 – Libxml: heap use after free (uaf) leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49794
16 Jun 2025 — A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the
CVSS: 9.4EPSS: 1%CPEs: 50EXPL: 0CVE-2025-49796 – Libxml: type confusion leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49796
16 Jun 2025 — A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use... • https://access.redhat.com/security/cve/CVE-2025-49796 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2025-6035 – Gimp: gimp integer overflow
https://notcve.org/view.php?id=CVE-2025-6035
13 Jun 2025 — A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. • https://access.redhat.com/security/cve/CVE-2025-6035 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 2%CPEs: 64EXPL: 0CVE-2025-6021 – Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
https://notcve.org/view.php?id=CVE-2025-6021
12 Jun 2025 — A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. Ahmed L... • https://access.redhat.com/security/cve/CVE-2025-6021 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 2CVE-2025-5914 – Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
https://notcve.org/view.php?id=CVE-2025-5914
09 Jun 2025 — A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. Se ha identificado una vulnerabilidad en la librería libarchive, específicamente en la función archive_read_format_rar_seek_data... • https://packetstorm.news/files/id/214358 • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •
CVSS: 4.7EPSS: 0%CPEs: 32EXPL: 1CVE-2025-4598 – Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
https://notcve.org/view.php?id=CVE-2025-4598
29 May 2025 — A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access... • https://packetstorm.news/files/id/215332 • CWE-364: Signal Handler Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2025-46397 – Xfig: xfig: stack-overflow allows possible code execution via local input manipulation
https://notcve.org/view.php?id=CVE-2025-46397
23 Apr 2025 — Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function. A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function. These are all security issues fixed in the transfig-3.2.9a-3.1 package on the GA media of openSUSE Tumbleweed. • https://sourceforge.net/p/mcj/tickets/192 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •