CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 1CVE-2024-8176 – Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
https://notcve.org/view.php?id=CVE-2024-8176
14 Mar 2025 — A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. It was discovered that Expat could crash due to stack overflow when p... • https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176 • CWE-674: Uncontrolled Recursion •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 2CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://packetstorm.news/files/id/200957 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26601 – Xorg: xwayland: use-after-free in syncinittrigger()
https://notcve.org/view.php?id=CVE-2025-26601
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server... • https://access.redhat.com/security/cve/CVE-2025-26601 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26600 – Xorg: xwayland: use-after-free in playreleasedevents()
https://notcve.org/view.php?id=CVE-2025-26600
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of devi... • https://access.redhat.com/security/cve/CVE-2025-26600 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26599 – Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
https://notcve.org/view.php?id=CVE-2025-26599
25 Feb 2025 — An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obta... • https://access.redhat.com/security/cve/CVE-2025-26599 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26598 – Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
https://notcve.org/view.php?id=CVE-2025-26598
25 Feb 2025 — An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the abilit... • https://access.redhat.com/security/cve/CVE-2025-26598 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26597 – Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
https://notcve.org/view.php?id=CVE-2025-26597
25 Feb 2025 — A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged... • https://access.redhat.com/security/cve/CVE-2025-26597 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26596 – Xorg: xwayland: heap overflow in xkbwritekeysyms()
https://notcve.org/view.php?id=CVE-2025-26596
25 Feb 2025 — A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the XkbSizeKeySyms function. The is... • https://access.redhat.com/security/cve/CVE-2025-26596 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26595 – Xorg: xwayland: buffer overflow in xkbvmodmasktext()
https://notcve.org/view.php?id=CVE-2025-26595
25 Feb 2025 — A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t... • https://access.redhat.com/security/cve/CVE-2025-26595 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26594 – X.org: xwayland: use-after-free of the root cursor
https://notcve.org/view.php?id=CVE-2025-26594
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the h... • https://access.redhat.com/security/cve/CVE-2025-26594 • CWE-416: Use After Free •