Lucene search
K

16 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in xwayland, xorg-server

A flaw was discovered in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

6.1CVSS7.1AI score0.00361EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in xwayland, xorg-server

A buffer overflow vulnerability was discovered in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or NULL, if no match is found. However, if no matching device ID is found, the code will return the last eleme...

7.8CVSS7.6AI score0.00369EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 10:36 a.m.11 views

EUVD-2026-34817

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS5.4AI score0.0014EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/05 10:36 a.m.51 views

CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS0.0014EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:31 a.m.7 views

CVE-2026-50257

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...

7.8CVSS5.4AI score0.00142EPSS
Exploits0References11
OSV
OSV
added 2026/05/28 3:43 p.m.8 views

RLSA-2026:19343 Important: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling...

7.8CVSS5.8AI score0.0038EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/26 3:13 a.m.11 views

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.8AI score0.00264EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/13 4:3 p.m.5 views

xorg: xwayland: Use-after-free in SyncInitTrigger()

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

7.8CVSS5.7AI score0.00359EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.3 views

xorg: xwayland: Use-after-free in PlayReleasedEvents()

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free...

7.8CVSS5.7AI score0.00359EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/04/17 6:39 a.m.9 views

xorg: xwayland: Heap overflow in XkbWriteKeySyms()

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms differs from what is written in XkbWriteKeySyms, which may lead to a heap-based buffer overflow...

7.8CVSS7.3AI score0.00399EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/03/17 4:23 a.m.3 views

xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey()

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...

7.8CVSS6AI score0.00485EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/03/17 3:17 a.m.4 views

xorg: xwayland: Use of uninitialized pointer in compRedirectWindow()

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow will return a BadAlloc error without validating the window tree marked just before, which leaves the...

7.8CVSS5.7AI score0.00369EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/03/10 12:50 p.m.4 views

X.Org: Xwayland: Use-after-free of the root cursor

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free...

7.8CVSS5.7AI score0.00359EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/03/10 12:40 p.m.4 views

xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching...

7.8CVSS5.8AI score0.00369EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.5 views

The vulnerability of the ProcXkbGetKbdByName function in the xkb/xkb.c component of the Wayland protocol for X.Org XWayland, which is part of the X Window System X.Org Server, allows a malicious actor to cause a service failure.

The vulnerability of the ProcXkbGetKbdByName function in the xkb/xkb.c component of the Wayland protocol for X.Org XWayland, which is part of the X Window System X.Org Server, is related to improper memory release before deleting the last reference. Exploiting this vulnerability allows a remote...

6.8CVSS6.3AI score0.01681EPSS
Exploits0References8Affected Software5
OSV
OSV
added 2023/10/25 4:57 p.m.3 views

USN-6453-1 xorg-server, xwayland vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. CVE-2023-5367 Sri discovered that the X.Org X Server incorrectl...

7.8CVSS6.9AI score0.00715EPSS
Exploits0References3
Rows per page
Query Builder