ROSA LABROSA-SA-2024-2351Advisory ROSA-SA-2024-2351
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.8%
Software: xorg-x11-server 0.19.4
OS: rosa-server79
package_evr_string: xorg-x11-server-0.19.4-2.res7
CVE-ID: CVE-2023-6816
BDU-ID: 2024-00405
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the DeviceFocusEvent and XIQueryPointer functions of the X Window System X.Org Server implementation is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update xorg-x11-server command
CVE-ID: CVE-2024-0229
BDU-ID: 2024-00676
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Run yum update xorg-x11-server to close.
CVE-ID: CVE-2024-21885
BDU-ID: 2024-00667
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the XISendDeviceHierarchyEvent function of the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is associated with a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update xorg-x11-server command.
CVE-ID: CVE-2024-21886
BDU-ID: 2024-00675
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the DisableDevice function of the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is associated with a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update xorg-x11-server command.
CVE-ID: CVE-2024-0408
BDU-ID: 2024-00638
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the GLX PBuffer Handler component of the X Window System X.Org Server implementation is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update xorg-x11-server command
CVE-ID: CVE-2024-0409
BDU-ID: 2024-00639
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Privates Handler component of the X Window System X.Org Server implementation is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update xorg-x11-server command.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.8%