Update Server Security Vulnerabilities
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs....
7.8CVSS
7.7AI Score
0.0004EPSS
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...
7.3CVSS
7AI Score
0.0005EPSS
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...
7.3CVSS
7AI Score
0.0005EPSS
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
8.8CVSS
7.2AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.005EPSS
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or...
7.8CVSS
8.3AI Score
0.0004EPSS
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding...
7.8CVSS
8.4AI Score
0.0004EPSS
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in...
5.5CVSS
7.5AI Score
0.0004EPSS
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or...
7.8CVSS
7.9AI Score
0.0004EPSS
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...
8.3CVSS
9.6AI Score
0.008EPSS
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading....
9.8CVSS
7.1AI Score
0.002EPSS
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive...
7.5CVSS
7.3AI Score
0.004EPSS
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is...
7.8CVSS
8.3AI Score
0.266EPSS
8CVSS
8.1AI Score
0.001EPSS
8CVSS
7.3AI Score
0.001EPSS
8CVSS
7.3AI Score
0.001EPSS
8CVSS
7.3AI Score
0.001EPSS
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...
6.9AI Score
0.001EPSS
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing...
7.8CVSS
6.6AI Score
0.001EPSS
8CVSS
8.8AI Score
0.001EPSS
5.7CVSS
5.5AI Score
0.002EPSS
8CVSS
7.6AI Score
0.003EPSS
8CVSS
7.8AI Score
0.001EPSS
8CVSS
7.8AI Score
0.001EPSS
8CVSS
7.8AI Score
0.001EPSS
8.8CVSS
9.3AI Score
0.005EPSS
8.8CVSS
9.1AI Score
0.02EPSS
8CVSS
8.9AI Score
0.001EPSS
8CVSS
8.9AI Score
0.001EPSS
8.8CVSS
9.2AI Score
0.001EPSS
9.8CVSS
9.2AI Score
0.003EPSS
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan...
5.9CVSS
6.2AI Score
0.001EPSS
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the...
5.5AI Score
0.001EPSS
8.8CVSS
9AI Score
0.107EPSS
8CVSS
8.6AI Score
0.001EPSS
7.2CVSS
7.8AI Score
0.016EPSS
8.8CVSS
8.7AI Score
0.516EPSS
8.8CVSS
9.2AI Score
0.008EPSS
8.8CVSS
9.2AI Score
0.012EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.002EPSS
8CVSS
7.6AI Score
0.012EPSS
8CVSS
7.7AI Score
0.029EPSS
8CVSS
7.7AI Score
0.033EPSS
8CVSS
7.7AI Score
0.033EPSS
7.8CVSS
8.6AI Score
0.0004EPSS