CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-5318 – Libssh: out-of-bounds read in sftp_handle()
https://notcve.org/view.php?id=CVE-2025-5318
24 Jun 2025 — A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. • https://access.redhat.com/security/cve/CVE-2025-5318 • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-6032 – Podman: podman missing tls verification
https://notcve.org/view.php?id=CVE-2025-6032
24 Jun 2025 — A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. • https://access.redhat.com/security/cve/CVE-2025-6032 • CWE-295: Improper Certificate Validation •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-6019 – Libblockdev: lpe from allow_active to root in libblockdev via udisks
https://notcve.org/view.php?id=CVE-2025-6019
19 Jun 2025 — A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a l... • https://access.redhat.com/security/cve/CVE-2025-6019 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49180 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
https://notcve.org/view.php?id=CVE-2025-49180
17 Jun 2025 — A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate. USN-7573-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Nils Emmerich discovered that the X.Org X Server incorrectly handled certain memory operations. • https://access.redhat.com/security/cve/CVE-2025-49180 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49179 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
https://notcve.org/view.php?id=CVE-2025-49179
17 Jun 2025 — A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks. Nils Emmerich discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, obtain sensitive information, or possibly execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-49179 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49178 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
https://notcve.org/view.php?id=CVE-2025-49178
17 Jun 2025 — A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service. • https://access.redhat.com/security/cve/CVE-2025-49178 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49177 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode
https://notcve.org/view.php?id=CVE-2025-49177
17 Jun 2025 — A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. • https://access.redhat.com/security/cve/CVE-2025-49177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49176 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
https://notcve.org/view.php?id=CVE-2025-49176
17 Jun 2025 — A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check. • https://access.redhat.com/security/cve/CVE-2025-49176 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49175 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
https://notcve.org/view.php?id=CVE-2025-49175
17 Jun 2025 — A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. USN-7573-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Nils Emmerich discovered that the X.Org X Server incorrectly handled certain memory operations. • https://access.redhat.com/security/cve/CVE-2025-49175 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6199 – Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
https://notcve.org/view.php?id=CVE-2025-6199
17 Jun 2025 — A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. • https://access.redhat.com/security/cve/CVE-2025-6199 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •