xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

Astra Linux - уязвимость в xorg-server

A flaw was discovered in xorg-server. Changing the actions of XKB buttons, such as moving between the touchpad and the mouse, can lead to out-of-bounds memory reads and writes. This may allow for local privilege escalation or potential remote code execution, especially in cases where X11 forwardi...

tigervnc security update

An update is available for tigervnc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing VNC is a remote display system which allows users ...

CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

MiracleLinux 8 : tigervnc-1.12.0-9.el8.3 (AXSA:2023-5248:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5248:06 advisory. xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability CVE-2023-1393 Tenable has extracted the preceding...

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-1269)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1269 advisory. A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that...

Important: xorg-x11-server-Xwayland

Issue Overview: A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potential...

EUVD-2023-58618

Malicious code in bioql PyPI...

xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...

Astra Linux – Vulnerability in xwayland, xorg-server

A use-after-free flaw was discovered in X.Org and Xwayland. When a device is removed while it is still frozen, the events queued for that device remain active even after the device is freed. Playing back those events will lead to a use-after-free...

Important: tigervnc

Issue Overview: A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions wher...

xorg-x11-server: SELinux unlabeled GLX PBuffer

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...

xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

AZL-34214 CVE-2024-0229 affecting package xorg-x11-server for versions less than 1.20.10-12

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leadin...

xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

The vulnerability of the PrivatesHandler component in the X Window System X.Org Server allows a hacker to execute arbitrary code.

The vulnerability of the PrivatesHandler component in the X Window System X.Org Server implementation is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...