123 matches found
CVE-2021-26955
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on unvalidated bytes from an X server...
CVE-2021-26958
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...
CVE-2020-36205
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur...
CVE-2020-28044
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...
xcb-util-cursor bug fix and enhancement update
An update is available for xcb-util-cursor. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
RHBA-2014:1376 Red Hat Bug Fix Advisory: xcb-util, xorg-x11-drivers, and mesa bug fix and enhancement update
Bulletin has no description...
OESA-2024-1537 qt5-qtbase security update
This package provides base tools, such as string, xml, and network handling. Security Fixes: Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should...
SUSE CVE-2023-45935
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...
OESA-2022-2022 libX11 security update
The libX11-devel package contains libraries and header files for libX11. Security Fixes: A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function XFreeX11XCBStructure of the file xcbdisp.c. The manipulation of the argument dpy leads to memory leak. ...
PT-2022-22899 · X.Org +1 · Libx11 +1
Name of the Vulnerable Software and Affected Versions: X.org libX11 affected versions not specified Description: A memory leak issue was found in the function XFreeX11XCBStructure of the file xcb disp.c. The manipulation of the argument dpy leads to this issue. Recommendations: Apply a patch to f...
Fedora: Security Advisory for golang-github-burntsushi-xgb (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-burntsushi-xgb-0-0.15.20210108git5f9e7b3.fc35
XGB is the X Go Binding, which is a low-level API to communicate with the core X protocol and many of the X extensions. It is closely modeled after XCB and xpyb...
[SECURITY] Fedora 36 Update: golang-github-burntsushi-xgb-0-0.15.20210108git5f9e7b3.fc36
XGB is the X Go Binding, which is a low-level API to communicate with the core X protocol and many of the X extensions. It is closely modeled after XCB and xpyb...
new packages: xcb-util-renderutil
An update is available for xcb-util-renderutil. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...
new packages: xcb-util-image
An update is available for xcb-util-image. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
new packages: xcb-util
An update is available for xcb-util. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpris...
AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +425 more potentially affected by CVE-2021-26955 +3 more via xcb (>=0.10.1 <=0.9.0)
xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: CVE-2021-26955, CVE-2021-26956, CVE-2021-26957, CVE-2021-26958 Source advisory: OSV:GHSA-MP6R-FGW2-RXFX...
GHSA-MP6R-FGW2-RXFX Arbitrary return types in xcb
The function xcb::xproto::GetPropertyReply::value returns a slice of type T where T is an unconstrained type parameter. The raw bytes received from the X11 server are interpreted as the requested type. The users of the xcb crate are advised to only call this function with the intended types. Thes...
Arbitrary return types in xcb
The function xcb::xproto::GetPropertyReply::value returns a slice of type T where T is an unconstrained type parameter. The raw bytes received from the X11 server are interpreted as the requested type. The users of the xcb crate are advised to only call this function with the intended types. Thes...
AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +425 more potentially affected by CVE-2021-26955 +3 more via xcb (>=0.10.1 <=0.9.0)
xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: CVE-2021-26955, CVE-2021-26956, CVE-2021-26957, CVE-2021-26958 Source advisory: OSV:GHSA-3288-CWGW-CH86...