CVSS: 6.2EPSS: 0%CPEs: 35EXPL: 0CVE-2025-49175 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
https://notcve.org/view.php?id=CVE-2025-49175
17 Jun 2025 — A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. USN-7573-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Nils Emmerich discovered that the X.Org X Server incorrectly handled certain memory operations. • https://access.redhat.com/security/cve/CVE-2025-49175 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 35EXPL: 0CVE-2025-49176 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
https://notcve.org/view.php?id=CVE-2025-49176
17 Jun 2025 — A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check. This update for xorg-x11-server fixes the following issues. Out-of-bounds access in X Rendering extension (Animated cursors). Integer overflow in Big Requests Extension. • https://access.redhat.com/security/cve/CVE-2025-49176 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 35EXPL: 0CVE-2025-49178 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
https://notcve.org/view.php?id=CVE-2025-49178
17 Jun 2025 — A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service. This update for xorg-x11-server fixes the following issues. Out-of-bounds access in X Rendering extension (Animated cursors). Integer overflow in Big Requests Extension. • https://access.redhat.com/security/cve/CVE-2025-49178 • CWE-667: Improper Locking •
CVSS: 7.3EPSS: 0%CPEs: 34EXPL: 0CVE-2025-49179 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
https://notcve.org/view.php?id=CVE-2025-49179
17 Jun 2025 — A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks. This update for xorg-x11-server fixes the following issues. Out-of-bounds access in X Rendering extension (Animated cursors). Integer overflow in Big Requests Extension. • https://access.redhat.com/security/cve/CVE-2025-49179 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-49180 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
https://notcve.org/view.php?id=CVE-2025-49180
17 Jun 2025 — A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate. USN-7573-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Nils Emmerich discovered that the X.Org X Server incorrectly handled certain memory operations. • https://access.redhat.com/security/cve/CVE-2025-49180 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 5CVE-2025-6019 – Libblockdev: lpe from allow_active to root in libblockdev via udisks
https://notcve.org/view.php?id=CVE-2025-6019
17 Jun 2025 — A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a l... • https://packetstorm.news/files/id/207433 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.4EPSS: 0%CPEs: 28EXPL: 0CVE-2025-49794 – Libxml: heap use after free (uaf) leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49794
16 Jun 2025 — A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. These are all security issues fixed in the libxml2-2-2.13.8-2.1 package on the GA media of openSUSE Tumbleweed. • https://access.redhat.com/security/cve/CVE-2025-49794 • CWE-825: Expired Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 27EXPL: 0CVE-2025-49796 – Libxml: type confusion leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49796
16 Jun 2025 — A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. These are all security issues fixed in the libxml2-2-2.13.8-2.1 package on the GA media of openSUSE Tumbleweed. • https://access.redhat.com/security/cve/CVE-2025-49796 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2025-6021 – Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
https://notcve.org/view.php?id=CVE-2025-6021
12 Jun 2025 — A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. An update for libxml2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include buffer overflow, denial of service, integer overflow, and use-after-free vulnerabilities. • https://access.redhat.com/security/cve/CVE-2025-6021 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22247 – Insecure file handling vulnerability
https://notcve.org/view.php?id=CVE-2025-22247
12 May 2025 — VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. USN-7508-1 fixed a vulnerability in Open VM Tools. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •