RHEL 9 : tigervnc (RHSA-2026:21741)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21741 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

RLSA-2026:19343 Important: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling...

Astra Linux - уязвимость в xorg-server

A flaw was discovered in the X.Org Server Overlay Window. A use-after-free could lead to local privilege escalation. If a client explicitly destroys the compositor overlay window also known as COW, the Xserver will retain a dangling pointer to that window in the CompScreen structure, which will...

MiracleLinux 3 : xorg-x11-server-1.1.1-48.76.1.0.1.AXS3 (AXSA:2010-270:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-270:03 advisory. The X.Org X11 X server Security issues fixed with this release: CVE-2010-1166 No description available at the time of writing, please use the link provided...

X.Org Server present_create_notifies Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

EUVD-2016-8796

Malware in sbrugna...

xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching...

X.Org和Xwayland 安全漏洞

X.Org is an open source free software from the X.Org Foundation.Xwayland is an open source communication protocol from Xwayland that specifies how a display server communicates with its clients. A security vulnerability exists in X.Org and Xwayland that stems from the XkbVModMaskText function...

xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

CVE-2023-6816 Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leadin...

USN-6587-1 xorg-server, xwayland vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. CVE-2023-6816 Jan-Nikl...

UBUNTU-CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

A vulnerability was found in X.Org Server. This flaw occurs if a client explicitly destroys the compositor overlay window aka COW, where Xserver leaves a dangling pointer to that window in the CompScreen structure, which will later trigger a use-after-free issue. The Overlay Window use-after-free...

USN-6453-1 xorg-server, xwayland vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. CVE-2023-5367 Sri discovered that the X.Org X Server incorrectl...

SUSE CVE-2015-1804

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service out-of-bounds memory access and possibly execute arbitrary co...

DEBIAN-CVE-2022-46343

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution f...

MGASA-2018-0421 Updated x11-server packages fix security vulnerability

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

X.Org libXvMC Memory Corruption Vulnerability

X.Org libXvMC is an Xlib-based client library proprietary to the X-Video Motion Compensation API operated by the X.Org Foundation. A memory corruption vulnerability exists in X.Org libXvMC 1.0.9 and earlier versions, which can be exploited by an attacker to execute arbitrary code and cause a deni...

xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests

Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges...

libXfont: integer overflows calculating memory needs for xfs replies

Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server...