Astra Linux - уязвимость в xwayland, xorg-server

A flaw was discovered in the handling of animated cursors by the X Rendering extension. If a client does not provide any cursors, the server assumes that at least one is present. This can lead to an out-of-bounds read and potential crash...

CLSA-2026-1778110872 xorg-x11-server-Xwayland: Fix of 3 CVEs

CVE-2024-0408: fix XSELinux crash by calling XACE hooks when creating GLX buffers - CVE-2025-49175: fix out-of-bounds read in animated cursor creation when client provides zero cursors - CVE-2025-49178: fix possible client request hang caused by leftover bytes-to-ignore when sharing input buffer...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1515)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1515 advisory. In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been...

CVE-2026-23249 xfs: check for deleted cursors when revalidating two btrees

In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.313 Vulnerability Details CVEID:CVE-2025-49177 DESCRIPTION: A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a clie...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2026-006181)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006181 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to...

MiracleLinux 7 : xorg-x11-server-1.20.4-99.0.6.el7.AXS7 (AXSA:2025-10912:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10912:05 advisory. CVE-2025-49178: fix request handling flaw causing potential denial of service CVEs: CVE-2025-49178 A flaw was found in the X server's request...

TencentOS Server 4: xorg-x11-server-Xwayland (TSSA-2025:0757)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0757 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: xorg-x11-server (TSSA-2025:0760)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0760 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

AIX is vulnerable to a denial of service (CVE-2025-49175 CVE-2025-49178) and an integer overflow (CVE-2025-49176 CVE-2025-49179)

IBM SECURITY ADVISORY First Issued: Mon Oct 13 08:46:48 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/xorgadvisory4.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2025-49175, CVE-2025-49178 and an integer...

AIX : Multiple Vulnerabilities (IJ55665)

The version of AIX installed on the remote host is prior to APAR IJ55665. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55665 advisory. - A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflo...

EUVD-2011-1211

Malware in sbrugna...

Unity Linux 20.1060a / 20.1070a Security Update: tigervnc (UTSA-2025-986126)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986126 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to...

BIT-MONGODB-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...

EUVD-2025-18502

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-49175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leadi...

Linux Distros Unpatched Vulnerability : CVE-2025-6713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the...

Azure Linux 3.0 Security Update: xorg-x11-server / xorg-x11-server-Xwayland (CVE-2025-49175)

The version of xorg-x11-server / xorg-x11-server-Xwayland installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49175 advisory. - A flaw was found in the X Rendering extension's handling of animated...

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

...

CLSA-2025-1752921642 tigervnc: Fix of CVE-2025-49175

CVE-2025-49175: fix out-of-bounds read in handling of animated cursors...