Latest x.org x server Vulnerabilities

CVE-2023-6478
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
redhat/xorg-server<21.1.10
redhat/xwayland<23.2.3
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<21.1.10
ubuntu/xorg-server<2:1.20.13-1ubuntu1~20.04.12
and 26 more
CVE-2023-6377
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
redhat/xorg-server<21.1.10
redhat/xwayland<23.2.3
Redhat Enterprise Linux Eus=9.2
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
and 27 more
CVE-2023-5380
Xorg-x11-server: use-after-free bug in destroywindow
ubuntu/xorg-server<2:1.15.1-0ubuntu2.11+
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<21.1.9
ubuntu/xorg-server<2:1.20.13-1ubuntu1~20.04.9
ubuntu/xorg-server<2:21.1.4-2ubuntu1.7~22.04.2
and 14 more
CVE-2023-5574
Xorg-x11-server: use-after-free bug in damagedestroy
redhat/xorg-server<21.1.9
X.Org X Server>=1.13.0
Redhat Enterprise Linux=7.0
CVE-2023-5367
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
debian/xorg-server<=2:1.20.4-1+deb10u4<=2:1.20.11-1+deb11u6
debian/xwayland<=2:22.1.9-1
ubuntu/xorg-server<2:1.15.1-0ubuntu2.11+
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<21.1.9
and 27 more
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write i...
redhat/xorg-server<21.1.7
X.Org X Server<21.1.7
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.1
and 30 more
CVE-2022-46344
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential...
X.Org X Server=1.20.4
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=36
and 9 more
CVE-2022-46343
CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free The handler for the ScreenSaverSetAttributes request may write to memory after it has been freed.
X.Org X Server=1.20.4
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=36
and 4 more
CVE-2022-46342
CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free The handler for the XvdiSelectVideoNotify request may write to memory after it has been freed.
X.Org X Server=1.20.4
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=36
and 4 more
CVE-2022-46341
CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access The handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button co...
X.Org X Server=1.20.4
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=36
and 4 more
CVE-2022-46340
CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow The swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths...
X.Org X Server=1.20.4
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=36
and 4 more
CVE-2022-3551
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory...
debian/xorg-server<=2:1.20.4-1+deb10u4
debian/xwayland
X.Org X Server<21.1.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
and 2 more
CVE-2022-3550
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It ...
debian/xorg-server<=2:1.20.4-1+deb10u4
debian/xwayland
X.Org X Server<21.1.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
and 2 more
CVE-2022-3553
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to...
X.Org X Server
CVE-2021-4011
X.Org Server SwapCreateRegister Out-Of-Bounds Access Local Privilege Escalation Vulnerability
X.Org X Server<1.20.14
X.Org X Server=21.1.0
X.Org X Server=21.1.1
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 23 more
CVE-2021-4008
X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access Privilege Escalation Vulnerability
X.Org X Server<1.20.14
X.Org X Server=21.1.0
X.Org X Server=21.1.1
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 23 more
CVE-2021-4009
X.Org Server SProcXFixesCreatePointerBarrier Out-Of-Bounds Access Local Privilege Escalation Vulnerability
X.Org X Server<1.20.14
X.Org X Server=21.1.0
X.Org X Server=21.1.1
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 23 more
CVE-2021-4010
X.Org Server SProcScreenSaverSuspend Out-Of-Bounds Access Local Privilege Escalation Vulnerability
X.Org X Server<1.20.14
X.Org X Server=21.1.0
X.Org X Server=21.1.1
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=10.0
and 18 more
CVE-2021-3472
X.Org Server XChangeFeedbackControl Integer Underflow Privilege Escalation Vulnerability
X.Org Server
debian/xorg-server
X.Org X Server<1.20.11
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 4 more
CVE-2020-25697
While X11 servers authenticate their clients, X11 clients *do not* authenticate the server. This can be exploited to take control of an X application by impersonating the server it is expecting to co...
X.Org X Server
CVE-2020-25712
X.Org xserver is vulnerable to a heap-based buffer overflow, caused by insufficient checks on input of the XkbSetDeviceInfo request. By sending a specially-crafted request, a remote attacker could ove...
redhat/xorg-x11-server<1.20.10
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
X.Org X Server<1.20.10
Redhat Enterprise Linux=8.0
CVE-2020-14360
X.Org xserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient checks on the lengths of the XkbSetMap request. By sending a specially-craft...
redhat/xorg-x11-server<1.20.10
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
X.Org X Server<1.20.10
CVE-2020-14345
X.Org Server XkbSetNames Out-Of-Bounds Access Privilege Escalation Vulnerability
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
X.Org X Server<1.20.9
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
and 11 more
CVE-2019-17624
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application c...
X.Org X Server<=1.20.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203