10 matches found
AZL-64227 CVE-2025-49180 affecting package xorg-x11-server for versions less than 1.20.10-16
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...
AZL-64235 CVE-2025-49175 affecting package xorg-x11-server for versions less than 1.20.10-16
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...
CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15
CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15. A patched version of the package is available...
AZL-57404 CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms differs from what is written in XkbWriteKeySyms, which may lead to a heap-based buffer overflow...
AZL-57479 CVE-2025-26597 affecting package xorg-x11-server for versions less than 1.20.10-15
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...
AZL-39349 CVE-2024-31080 affecting package xorg-x11-server for versions less than 1.20.10-11
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...
AZL-33351 CVE-2024-0409 affecting package xorg-x11-server for versions less than 1.20.10-12
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
AZL-28695 CVE-2023-39319 affecting package golang for versions less than 1.20.10-1
The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...
AZL-52735 CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...
AZL-44478 CVE-2023-1393 affecting package xorg-x11-server for versions less than 1.20.10-6
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window aka COW, the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-fr...