Search CVE reports
31 – 40 of 54 results
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to...
9 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | Not affected | Not affected |
| xorg-hwe-16.04 | — | — | Not in release | Not in release |
| xorg-server | — | — | Fixed | Fixed |
| xorg-server-hwe-16.04 | — | — | Not in release | Not in release |
| xorg-server-lts-utopic | — | — | Not in release | Not in release |
| xorg-server-hwe-18.04 | — | — | Not in release | Fixed |
| xorg-server-lts-vivid | — | — | Not in release | Not in release |
| xorg-server-lts-wily | — | — | Not in release | Not in release |
| xorg-server-lts-xenial | — | — | Not in release | Not in release |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data...
10 affected packages
xorg, xorg-hwe-16.04, xorg-hwe-18.04, xorg-server, xorg-server-hwe-16.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | Not affected | Not affected |
| xorg-hwe-16.04 | — | — | Not in release | Not in release |
| xorg-hwe-18.04 | — | — | Not in release | Not affected |
| xorg-server | — | — | Fixed | Fixed |
| xorg-server-hwe-16.04 | — | — | Not in release | Not in release |
| xorg-server-hwe-18.04 | — | — | Not in release | Fixed |
| xorg-server-lts-utopic | — | — | Not in release | Not in release |
| xorg-server-lts-vivid | — | — | Not in release | Not in release |
| xorg-server-lts-wily | — | — | Not in release | Not in release |
| xorg-server-lts-xenial | — | — | Not in release | Not in release |
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly...
9 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | Not affected | Not affected |
| xorg-hwe-16.04 | — | — | Not in release | Not in release |
| xorg-server | — | — | Not affected | Not affected |
| xorg-server-hwe-16.04 | — | — | Not in release | Not in release |
| xorg-server-hwe-18.04 | — | — | Not in release | Not affected |
| xorg-server-lts-utopic | — | — | Not in release | Not in release |
| xorg-server-lts-vivid | — | — | Not in release | Not in release |
| xorg-server-lts-wily | — | — | Not in release | Not in release |
| xorg-server-lts-xenial | — | — | Not in release | Not in release |
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical...
8 affected packages
xorg-server-lts-wily, xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server-lts-wily | — | — | — | Not in release |
| xorg | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | Not in release |
| xorg-server | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | Not in release |
| xorg-server-lts-utopic | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | Not in release |
Some fixes available 4 of 10
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp()...
10 affected packages
xorg-server, xorg-server-hwe-16.04, xorg-server-lts-quantal, xorg-server-lts-raring, xorg-server-lts-saucy...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
| xorg-server-hwe-16.04 | — | — | — | — |
| xorg-server-lts-quantal | — | — | — | — |
| xorg-server-lts-raring | — | — | — | — |
| xorg-server-lts-saucy | — | — | — | — |
| xorg-server-lts-trusty | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
| xorg-server-lts-vivid | — | — | — | — |
| xorg-server-lts-wily | — | — | — | — |
| xorg-server-lts-xenial | — | — | — | — |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or...
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-lts-utopic, xorg-server-lts-vivid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | — | — |
| xorg-hwe-16.04 | — | — | — | — |
| xorg-server | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
| xorg-server-lts-vivid | — | — | — | — |
| xorg-server-hwe-16.04 | — | — | — | — |
| xorg-server-lts-wily | — | — | — | — |
| xorg-server-lts-xenial | — | — | — | — |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients...
8 affected packages
xorg-server-lts-xenial, xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server-lts-xenial | — | — | — | — |
| xorg | — | — | — | — |
| xorg-hwe-16.04 | — | — | — | — |
| xorg-server | — | — | — | — |
| xorg-server-hwe-16.04 | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
| xorg-server-lts-vivid | — | — | — | — |
| xorg-server-lts-wily | — | — | — | — |
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
8 affected packages
xorg-server-lts-vivid, xorg-server-lts-wily, xorg-server-lts-xenial, xorg, xorg-hwe-16.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server-lts-vivid | — | — | — | — |
| xorg-server-lts-wily | — | — | — | — |
| xorg-server-lts-xenial | — | — | — | — |
| xorg | — | — | — | — |
| xorg-hwe-16.04 | — | — | — | — |
| xorg-server | — | — | — | — |
| xorg-server-hwe-16.04 | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
8 affected packages
xorg, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial, xorg-hwe-16.04...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | — | — |
| xorg-server | — | — | — | — |
| xorg-server-hwe-16.04 | — | — | — | — |
| xorg-server-lts-xenial | — | — | — | — |
| xorg-hwe-16.04 | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
| xorg-server-lts-vivid | — | — | — | — |
| xorg-server-lts-wily | — | — | — | — |
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | — | — |
| xorg-hwe-16.04 | — | — | — | — |
| xorg-server | — | — | — | — |
| xorg-server-hwe-16.04 | — | — | — | — |
| xorg-server-lts-xenial | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
| xorg-server-lts-vivid | — | — | — | — |
| xorg-server-lts-wily | — | — | — | — |