CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22872 – Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
https://notcve.org/view.php?id=CVE-2025-22872
16 Apr 2025 — The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts). • https://go.dev/cl/662715 •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49737
https://notcve.org/view.php?id=CVE-2022-49737
16 Mar 2025 — In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. • https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1081338;filename=dix-Hold-input-lock-for-AttachDevice.patch;msg=5 • CWE-413: Improper Resource Locking •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22870 – HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
https://notcve.org/view.php?id=CVE-2025-22870
12 Mar 2025 — Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable. • https://go.dev/cl/654697 • CWE-20: Improper Input Validation CWE-115: Misinterpretation of Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22868 – Unexpected memory consumption during token parsing in golang.org/x/oauth2
https://notcve.org/view.php?id=CVE-2025-22868
26 Feb 2025 — An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed ... • https://go.dev/cl/652155 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22869 – Potential denial of service in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2025-22869
26 Feb 2025 — SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange. ... • https://go.dev/cl/652135 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26601 – Xorg: xwayland: use-after-free in syncinittrigger()
https://notcve.org/view.php?id=CVE-2025-26601
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server... • https://access.redhat.com/security/cve/CVE-2025-26601 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26600 – Xorg: xwayland: use-after-free in playreleasedevents()
https://notcve.org/view.php?id=CVE-2025-26600
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of devi... • https://access.redhat.com/security/cve/CVE-2025-26600 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26599 – Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
https://notcve.org/view.php?id=CVE-2025-26599
25 Feb 2025 — An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obta... • https://access.redhat.com/security/cve/CVE-2025-26599 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26598 – Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
https://notcve.org/view.php?id=CVE-2025-26598
25 Feb 2025 — An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the abilit... • https://access.redhat.com/security/cve/CVE-2025-26598 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26597 – Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
https://notcve.org/view.php?id=CVE-2025-26597
25 Feb 2025 — A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged... • https://access.redhat.com/security/cve/CVE-2025-26597 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •