8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.7%
Software: xorg-x11-server 1.20.4
OS: rosa-server79
package_evr_string: xorg-x11-server-common-1.20.4-16.
CVE-ID: CVE-2022-4283
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-memory accesses on subsequent XkbGetKbdByName requests. This issue can lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it
CVE-ID: CVE-2022-46340
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the paging handler for the XTest extension’s XTestFakeInput request can corrupt the stack if GenericEvents with lengths greater than 32 bytes are sent via an XTestFakeInput request. This issue can lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server. This issue does not affect systems where the client and server use the same byte order.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it
CVE-ID: CVE-2022-46341
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XIPassiveUngrab request handler accesses out-of-memory memory when called with a high keycode or button code. This issue could lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it
CVE-ID: CVE-2022-46342
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This vulnerability occurs because the XvdiSelectVideoNotify request handler can perform writes to memory after it has been freed. This flaw could lead to local privilege escalation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update command
CVE-ID: CVE-2022-46343
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the ScreenSaverSetAttributes request handler can perform writes to memory after it has been freed. This issue could lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update command
CVE-ID: CVE-2022-46344
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XIChangeProperty request handler has issues with length validation, resulting in out-of-memory reads and potential information disclosure. This issue could lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it
CVE-ID: CVE-2022-3550
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability classified as critical has been discovered in X.org Server. The _GetCountedString function of the xkb/xkb.c file is affected by this vulnerability. The manipulation results in a buffer overflow.
CVE-STATUS: Fixed
CVE-REV: Execute yum update command to close.
CVE-ID: CVE-2022-3551
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability classified as a problem has been discovered in X.org Server. The issue affects the ProcXkbGetKbdByName function of the xkb/xkb.c file. The manipulation results in a memory leak.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it