MiracleLinux 9 : tigervnc-1.14.1-8.el9_6 (AXSA:2025-10563:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10563:07 advisory. xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors CVE-2025-49175...

CVE-2023-22670

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it ...

CVE-2023-22669

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2023-22670

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it ...

CVE-2023-22669

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

Heap overflow

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2023-22669

Open Design Alliance Drawings SDK (ODA) is affected by CVE-2023-22669 in versions prior to 2023.6, with a heap-based buffer overflow in DWG parsing that could allow code execution in the context of the current process. The issue is documented with CVSS v3.1 base score 7.8 (HIGH). Mitigation: upgr...

SUSE CVE-2016-7952

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service infinite loop via a reply in the 1 XRecordStartOfData, 2 XRecordEndOfData, or 3 XRecordClientDied category without a client sequence and with attached data...

PT-2023-6728 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2023.6 Description: The issue is related to a heap-based buffer overflow in the parsing of DWG files. This occurs due to a lack of proper validation of the length of user-supplied XRecord da...

xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability

A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

USN-4488-1 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14346 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could...

DEBIAN-CVE-2016-7952

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service infinite loop via a reply in the 1 XRecordStartOfData, 2 XRecordEndOfData, or 3 XRecordClientDied category without a client sequence and with attached data...