CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-62229 – Xorg: xmayland: use-after-free in xpresentnotify structure creation
https://notcve.org/view.php?id=CVE-2025-62229
29 Oct 2025 — A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability t... • https://access.redhat.com/security/cve/CVE-2025-62229 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-62230 – Xorg: xwayland: use-after-free in xkb client resource removal
https://notcve.org/view.php?id=CVE-2025-62230
29 Oct 2025 — A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target... • https://access.redhat.com/security/cve/CVE-2025-62230 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2025-62231 – Xorg: xmayland: value overflow in xkbsetcompatmap()
https://notcve.org/view.php?id=CVE-2025-62231
29 Oct 2025 — A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in ord... • https://access.redhat.com/security/cve/CVE-2025-62231 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2025-9640 – Samba: vfs_streams_xattr uninitialized memory write possible
https://notcve.org/view.php?id=CVE-2025-9640
15 Oct 2025 — A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability. USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Andrew Walker discovered that Samba incorrectly initi... • https://access.redhat.com/security/cve/CVE-2025-9640 • CWE-908: Use of Uninitialized Resource •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2025-10230 – Samba: command injection in wins server hook script
https://notcve.org/view.php?id=CVE-2025-10230
15 Oct 2025 — A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresp... • https://access.redhat.com/security/cve/CVE-2025-10230 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 1%CPEs: 42EXPL: 0CVE-2025-41244 – Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
https://notcve.org/view.php?id=CVE-2025-41244
29 Sep 2025 — VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine (VM) could exploit this vulnerability to gain root privileges ... • http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149 • CWE-267: Privilege Defined With Unsafe Actions CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-9900 – Libtiff: libtiff write-what-where
https://notcve.org/view.php?id=CVE-2025-9900
23 Sep 2025 — A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Xudong... • https://access.redhat.com/security/cve/CVE-2025-9900 • CWE-123: Write-what-where Condition •
CVSS: 8.5EPSS: 0%CPEs: 21EXPL: 0CVE-2025-8067 – Udisks: out-of-bounds read in udisks daemon
https://notcve.org/view.php?id=CVE-2025-8067
28 Aug 2025 — A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lo... • https://access.redhat.com/errata/RHSA-2025:15017 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2025-8177 – LibTIFF thumbnail.c setrow buffer overflow
https://notcve.org/view.php?id=CVE-2025-8177
26 Jul 2025 — A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. • http://www.libtiff.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2025-8176 – LibTIFF tiffmedian.c get_histogram use after free
https://notcve.org/view.php?id=CVE-2025-8176
26 Jul 2025 — A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. • http://www.libtiff.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •