Astra Linux - уязвимость в xorg-server

A heap buffer overflow flaw was discovered in the DisableDevice function of the X.Org server. This issue may cause an application to crash, or in some cases, lead to remote code execution in SSH X11 forwarding environments...

ALPINE-CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding...

xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

AZL-44700 CVE-2023-6377 affecting package xorg-x11-server 1.20.10-6

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

PT-2023-8328 · Unknown +10 · Xorg-X11-Server +10

Name of the Vulnerable Software and Affected Versions: xorg-x11-server affected versions not specified Description: A flaw was found in xorg-server, related to the handling of XKB button actions, which can result in out-of-bounds memory reads and writes when querying or changing these actions, su...

dbus bug fix and enhancement update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Bug Fixes and Enhancements: dbus-x11 could start per-connect session bus when user does ssh X11 DISPLAY forwarding BZ1916124...

CVE-2016-1908

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...

openssh may set DISPLAY even if it's unable to listen on respective port

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 IPv4 and sniffing a cookie sent by Emacs...