Search CVE reports
51 – 54 of 54 results
Some fixes available 5 of 6
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-lts-utopic, xorg-server-lts-vivid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | — | — |
| xorg-hwe-16.04 | — | — | — | — |
| xorg-server | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
| xorg-server-lts-vivid | — | — | — | — |
| xorg-server-lts-wily | — | — | — | — |
| xorg-server-lts-xenial | — | — | — | — |
| xorg-server-hwe-16.04 | — | — | — | — |
Some fixes available 5 of 9
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
6 affected packages
xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring, xorg-server-lts-saucy, xorg-server-lts-trusty, xorg-server-lts-utopic
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
| xorg-server-lts-quantal | — | — | — | — |
| xorg-server-lts-raring | — | — | — | — |
| xorg-server-lts-saucy | — | — | — | — |
| xorg-server-lts-trusty | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
7 affected packages
xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring, xorg-server-lts-saucy, xorg-server-lts-trusty...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
| xorg-server-lts-quantal | — | — | — | — |
| xorg-server-lts-raring | — | — | — | — |
| xorg-server-lts-saucy | — | — | — | — |
| xorg-server-lts-trusty | — | — | — | — |
| xorg-server-lts-utopic | — | — | — | — |
| xorg-server-lts-vivid | — | — | — | — |
Some fixes available 28 of 42
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value...
7 affected packages
vnc4, xorg-server-lts-raring, xorg-server-lts-utopic, xorg-server, xorg-server-lts-quantal...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vnc4 | Not in release | Not in release | Not in release | Vulnerable |
| xorg-server-lts-raring | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-utopic | Not in release | Not in release | Not in release | Not in release |
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xorg-server-lts-quantal | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-saucy | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-trusty | Not in release | Not in release | Not in release | Not in release |