CVSS: 9.0EPSS: 1%CPEs: 8EXPL: 0CVE-2022-46343 – X.Org Server ScreenSaverSetAttributes Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46343
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque el controlador de la solicitud ScreenSaverSetAttributes puede escribir en la memoria una vez liberada.... • https://access.redhat.com/security/cve/CVE-2022-46343 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-46344 – X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-46344
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProper... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3550 – X.org Server xkb.c _GetCountedString buffer overflow
https://notcve.org/view.php?id=CVE-2022-3550
17 Oct 2022 — A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3551 – X.org Server xkb.c ProcXkbGetKbdByName memory leak
https://notcve.org/view.php?id=CVE-2022-3551
17 Oct 2022 — A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3553 – X.org Server xquartz X11Controller.m denial of service
https://notcve.org/view.php?id=CVE-2022-3553
17 Oct 2022 — A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4009 – X.Org Server SProcXFixesCreatePointerBarrier Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4009
17 Dec 2021 — A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de límites en la función SProcXFixesCreatePointerBarrier. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-4010 – X.Org Server SProcScreenSaverSuspend Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4010
17 Dec 2021 — A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de límites en la función SProcScreenSaverSuspend. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4011 – X.Org Server SwapCreateRegister Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4011
17 Dec 2021 — A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de límites en la función SwapCreateRegister. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4008 – X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4008
15 Dec 2021 — A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de límites en la función SProcRenderCompositeGlyphs. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25697
https://notcve.org/view.php?id=CVE-2020-25697
26 May 2021 — A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. Se encontró un fallo de escalada de privilegios en el servidor Xorg-x11 debido a una falta de autenticación para los clientes X11. Este fallo permite a un atacante tomar el control de una aplicación X al hacerse pasar por el servidor al que espera conectarse • http://www.openwall.com/lists/oss-security/2020/11/09/3 • CWE-306: Missing Authentication for Critical Function •