58 matches found
EUVD-2006-6713
Malware in sbrugna...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2025-984875)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984875 advisory. A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed- sized buffer on the stack and copies the names of the virtual...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...
AZL-64232 CVE-2025-49176 affecting package xorg-x11-server for versions less than 1.20.10-16
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...
xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey()
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...
CLSA-2025-1743071343 tigervnc: Fix of CVE-2025-26601
CVE-2025-26601: xorg-x11-server: fix use-after-free issue by adding check to ensure new sync object is added before alarm triggers...
xorg: xwayland: Use-after-free in PlayReleasedEvents()
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free...
xorg: xwayland: Use-after-free in PlayReleasedEvents()
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free...
AZL-57298 CVE-2025-26599 affecting package xorg-x11-server 1.20.10-6
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow will return a BadAlloc error without validating the window tree marked just before, which leaves the...
UBUNTU-CVE-2025-26597
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...
xorg-x11-server: Use-after-free bug in DestroyWindow
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is warped from within a window on one screen to the root window of the othe...
m-privacy TightGate-Pro Server Security Vulnerability
The m-privacy TightGate-Pro Server is a remote control browser system from the German company m-privacy. A security vulnerability exists in m-privacy TightGate-Pro Server versions prior to 2.0.406g, which originates from an easily compromised access control on X11 server sockets, allowing an...
AZL-45255 CVE-2023-5574 affecting package xorg-x11-server 1.20.10-6
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode. If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be...
xorg-x11-server: XkbGetKbdByName use-after-free
A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs...
xorg-x11-server: ScreenSaverSetAttributes use-after-free
A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X...
xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c
A flaw was found in the xorg-x11-server package. The ProcXkbGetKbdByName function in xkb/xkb.c does not release allocated data when an error is encountered, allowing for a memory leak...
UBUNTU-CVE-2022-47024
A null pointer dereference issue was discovered in function guix11createblankmouse in guix11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts...
The vulnerability of the Display Key Combination Fast Access swhkd implementation in the Wayland server display protocol is related to deficiencies in the system’s controlled area segmentation. This allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Display Key Combination Fast Access SWHKD in the Wayland display server protocol is related to deficiencies in the system’s controlled area segmentation when processing files with the -c parameter. Exploiting this vulnerability can allow an intruder to gain unauthorized...