CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26595 – Xorg: xwayland: buffer overflow in xkbvmodmasktext()
https://notcve.org/view.php?id=CVE-2025-26595
25 Feb 2025 — A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t... • https://access.redhat.com/security/cve/CVE-2025-26595 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26594 – X.org: xwayland: use-after-free of the root cursor
https://notcve.org/view.php?id=CVE-2025-26594
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the h... • https://access.redhat.com/security/cve/CVE-2025-26594 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0690 – Grub2: read: integer overflow may lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-0690
24 Feb 2025 — The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. • https://access.redhat.com/security/cve/CVE-2025-0690 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 1%CPEs: 27EXPL: 0CVE-2025-0624 – Grub2: net: out-of-bounds write in grub_net_search_config_file()
https://notcve.org/view.php?id=CVE-2025-0624
19 Feb 2025 — A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot inf... • https://access.redhat.com/security/cve/CVE-2025-0624 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 17EXPL: 0CVE-2025-0622 – Grub2: command/gpg: use-after-free due to hooks not being removed on module unload
https://notcve.org/view.php?id=CVE-2025-0622
18 Feb 2025 — A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0622 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 17EXPL: 0CVE-2024-45776 – Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.
https://notcve.org/view.php?id=CVE-2024-45776
18 Feb 2025 — When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections. • https://access.redhat.com/security/cve/CVE-2024-45776 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 51%CPEs: 31EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. It was discovered that the OpenSSH client incorrectly handled ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2022-28693 – hw: cpu: Intel: information disclosure via local access
https://notcve.org/view.php?id=CVE-2022-28693
14 Feb 2025 — Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-420: Unprotected Alternate Channel •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2025-1244 – Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
https://notcve.org/view.php?id=CVE-2025-1244
12 Feb 2025 — A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a ... • https://access.redhat.com/security/cve/CVE-2025-1244 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2024-12133 – Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
https://notcve.org/view.php?id=CVE-2024-12133
10 Feb 2025 — A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. USN-7275-1 fixed vulnerabilities in Libtasn1. This update provides the corresponding updates for Ubuntu 24.04 LTS. • https://access.redhat.com/security/cve/CVE-2024-12133 • CWE-407: Inefficient Algorithmic Complexity •