Astra Linux - уязвимость в dpkg

In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...

AZL-64196 CVE-2025-49176 affecting package xorg-x11-server 1.20.10-6

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...

CVE-2023-46653

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...

CVE-2024-9632 affecting package xorg-x11-server for versions less than 1.20.10-13

CVE-2024-9632 affecting package xorg-x11-server for versions less than 1.20.10-13. A patched version of the package is available...

AZL-44382 CVE-2024-31083 affecting package xorg-x11-server 1.20.10-6

A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...

AZL-33352 CVE-2024-0408 affecting package xorg-x11-server for versions less than 1.20.10-14

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...

PT-2023-7932

Name of the Vulnerable Software and Affected Versions Go versions 1.21.3 and earlier, 1.20.10 and earlier Description The issue is related to the IsLocal function not correctly detecting reserved device names in some cases on Windows. Specifically, reserved names followed by spaces, such as "COM1...

Jenkins Plugin lambdatest-automation Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A security vulnerability...

AZL-28694 CVE-2023-39318 affecting package golang for versions less than 1.20.10-1

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...

AZL-44346 CVE-2022-46343 affecting package xorg-x11-server 1.20.10-6

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution f...

AZL-44250 CVE-2022-3551 affecting package xorg-x11-server 1.20.10-6

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability...

dpkg 路径遍历漏洞

dpkg is a package management tool for Debian. A path traversal vulnerability exists in dpkg, which stems from a directory traversal issue. The following products and versions are affected: 1.21.8, 1.20.10, 1.19.8, 1.18.26...

Debian: Security Advisory (DSA-5147-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2021-1373)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2020-14360

A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-14360

The CVE-2020-14360 vulnerability affects the X.Org Server (XKB Xserver extension). It stems from an out-of-bounds access in XkbSetMap, which may allow privilege escalation and impact confidentiality, integrity, and availability. Public advisories (e.g., Arch Linux ASA-202012-6 and AlmaLinux 2021 ...

Updated x11-server packages fix security vulnerabilities

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability CVE-2020-14360. A flaw was found in...

DEBIAN-CVE-2020-25712

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

X.Org X Server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.org X Server. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

UBUNTU-CVE-2020-14360

A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...