Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Xwayland Security Vulnerabilities

cve
cve

CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for...

7.8CVSS

7.8AI Score

0.001EPSS

2023-10-25 08:15 PM
154
cve
cve

CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the othe...

4.7CVSS

5AI Score

0.0004EPSS

2023-10-25 08:15 PM
149
cve
cve

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

7.8CVSS

8AI Score

0.273EPSS

2023-12-13 07:15 AM
130
cve
cve

CVE-2023-6478

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

7.6CVSS

7.4AI Score

0.002EPSS

2023-12-13 07:15 AM
125
cve
cve

CVE-2023-6816

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading ...

9.8CVSS

9.5AI Score

0.002EPSS

2024-01-18 05:15 AM
158
cve
cve

CVE-2024-0408

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as...

5.5CVSS

6.4AI Score

0.0004EPSS

2024-01-18 04:15 PM
160
cve
cve

CVE-2024-0409

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

7.8CVSS

8.1AI Score

0.0004EPSS

2024-01-18 04:15 PM
155