xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

Astra Linux - уязвимость в xwayland, xorg-server

A flaw was discovered in the X.Org X server’s X Keyboard Xkb extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, resulting in a use-after-free condition. This can cause memory corruption or a crash when affected...

CVE-2026-34352

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...

CVE-2025-54304

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from...

CVE-2025-54304

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from...

Thermo Fisher Ion Torrent OneTouch 2 安全漏洞

The Thermo Fisher Ion Torrent OneTouch 2 is a fully automated sequencing template preparation instrument from Thermo Fisher, USA. A security vulnerability exists in Thermo Fisher Ion Torrent OneTouch 2 version INS1005527, which stems from the X11 display server listening to all network interfaces...

PT-2025-49041

Name of the Vulnerable Software and Affected Versions Thermo Fisher Ion Torrent OneTouch 2 INS1005527 affected versions not specified Description An issue exists on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices where an X11 display server starts when the device is powered on. This serve...

xorg: xmayland: Use-after-free in XPresentNotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

RHSA-2025:20960 Red Hat Security Advisory: xorg-x11-server-Xwayland security update

Bulletin has no description...

RHSA-2025:19623 Red Hat Security Advisory: xorg-x11-server-Xwayland update

Bulletin has no description...

CVE-2025-34501

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...

EUVD-2006-6713

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2025-984875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984875 advisory. A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed- sized buffer on the stack and copies the names of the virtual...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

AZL-64232 CVE-2025-49176 affecting package xorg-x11-server for versions less than 1.20.10-16

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...

xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey()

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...

CLSA-2025-1743071343 tigervnc: Fix of CVE-2025-26601

CVE-2025-26601: xorg-x11-server: fix use-after-free issue by adding check to ensure new sync object is added before alarm triggers...