Lucene search

K

69 matches found

CVE
CVE
added 2024/01/18 5:15 a.m.420 views

CVE-2023-6816

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading ...

9.8CVSS9.5AI score0.03081EPSS
CVE
CVE
added 2024/01/18 4:15 p.m.416 views

CVE-2024-0409

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

7.8CVSS8.1AI score0.00015EPSS
CVE
CVE
added 2024/01/18 4:15 p.m.406 views

CVE-2024-0408

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as...

5.5CVSS6.4AI score0.00017EPSS
CVE
CVE
added 2024/02/09 7:16 a.m.389 views

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or re...

7.8CVSS8.2AI score0.00291EPSS
CVE
CVE
added 2023/03/27 9:15 p.m.312 views

CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs pri...

7.8CVSS7.9AI score0.00577EPSS
CVE
CVE
added 2020/08/05 2:15 p.m.309 views

CVE-2020-14347

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

5.5CVSS6.3AI score0.0002EPSS
CVE
CVE
added 2020/09/15 2:15 p.m.282 views

CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.7AI score0.00062EPSS
CVE
CVE
added 2021/01/20 4:15 p.m.269 views

CVE-2020-14360

A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.7AI score0.00066EPSS
CVE
CVE
added 2020/12/15 5:15 p.m.267 views

CVE-2020-25712

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.9AI score0.00081EPSS
CVE
CVE
added 2020/09/15 7:15 p.m.261 views

CVE-2020-14362

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.9AI score0.00103EPSS
CVE
CVE
added 2018/10/25 8:29 p.m.258 views

CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root p...

7.2CVSS7AI score0.07312EPSS
CVE
CVE
added 2020/09/15 7:15 p.m.256 views

CVE-2020-14361

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.9AI score0.00103EPSS
CVE
CVE
added 2020/09/15 7:15 p.m.252 views

CVE-2020-14346

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.6AI score0.00082EPSS
CVE
CVE
added 2021/04/26 3:15 p.m.240 views

CVE-2021-3472

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.3AI score0.00093EPSS
CVE
CVE
added 2023/10/25 8:15 p.m.207 views

CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for...

7.8CVSS8.2AI score0.00064EPSS
CVE
CVE
added 2023/10/25 8:15 p.m.204 views

CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the othe...

4.7CVSS6.4AI score0.00075EPSS
CVE
CVE
added 2023/03/30 9:15 p.m.201 views

CVE-2023-1393

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-fr...

7.8CVSS7.7AI score0.0006EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.197 views

CVE-2021-4010

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.4AI score0.00048EPSS
CVE
CVE
added 2023/12/13 7:15 a.m.190 views

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

7.8CVSS8.3AI score0.0036EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.167 views

CVE-2021-4008

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.6AI score0.00045EPSS
CVE
CVE
added 2023/12/13 7:15 a.m.167 views

CVE-2023-6478

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

7.6CVSS7.9AI score0.01017EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.163 views

CVE-2021-4009

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.6AI score0.00055EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.161 views

CVE-2021-4011

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.6AI score0.00061EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.159 views

CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return ea...

7.8CVSS7.7AI score0.00037EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.152 views

CVE-2025-26599

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the val...

7.8CVSS7AI score0.00037EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.140 views

CVE-2025-26600

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

7.8CVSS7.1AI score0.00037EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.134 views

CVE-2025-26598

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching de...

7.8CVSS7.4AI score0.00042EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.133 views

CVE-2025-26596

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

7.8CVSS7.5AI score0.00037EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.129 views

CVE-2017-12184

xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.00843EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.129 views

CVE-2025-26594

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

7.8CVSS7.1AI score0.00037EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.128 views

CVE-2017-12181

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.00843EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.128 views

CVE-2025-26597

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...

7.8CVSS7.5AI score0.00037EPSS
CVE
CVE
added 2017/10/10 1:30 a.m.126 views

CVE-2017-13723

In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

7.8CVSS7.5AI score0.00136EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.123 views

CVE-2017-12176

xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.0095EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.123 views

CVE-2017-12177

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.8AI score0.0095EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.123 views

CVE-2017-12185

xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.00843EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.123 views

CVE-2017-12186

xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.00754EPSS
CVE
CVE
added 2017/10/10 1:30 a.m.122 views

CVE-2017-13721

In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

4.7CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2025/02/25 4:15 p.m.122 views

CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

7.8CVSS7.6AI score0.00037EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.121 views

CVE-2017-12178

xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.0095EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.120 views

CVE-2017-12183

xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.0095EPSS
CVE
CVE
added 2022/10/17 1:15 p.m.120 views

CVE-2022-3550

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability ...

8.8CVSS7.2AI score0.00272EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.119 views

CVE-2017-12187

xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.00773EPSS
CVE
CVE
added 2023/10/25 8:15 p.m.118 views

CVE-2023-5574

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be tr...

7CVSS7.1AI score0.00035EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.116 views

CVE-2017-12179

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.8AI score0.00843EPSS
CVE
CVE
added 2008/01/18 11:0 p.m.115 views

CVE-2007-6427

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

9.3CVSS9.8AI score0.03789EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.115 views

CVE-2017-12182

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.0095EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.114 views

CVE-2017-12180

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.0095EPSS
CVE
CVE
added 2019/10/16 11:15 a.m.110 views

CVE-2019-17624

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is invo...

7.8CVSS8.2AI score0.16233EPSS
CVE
CVE
added 2022/10/17 1:15 p.m.107 views

CVE-2022-3551

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability i...

6.5CVSS6.3AI score0.00355EPSS
Total number of security vulnerabilities69