Search CVE reports
91 – 100 of 124 results
Some fixes available 16 of 17
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows...
6 affected packages
nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331, nvidia-graphics-drivers-331-updates, xorg-server, xorg-server-lts-trusty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nvidia-graphics-drivers-304 | — | — | — | — |
| nvidia-graphics-drivers-304-updates | — | — | — | — |
| nvidia-graphics-drivers-331 | — | — | — | — |
| nvidia-graphics-drivers-331-updates | — | — | — | — |
| xorg-server | — | — | — | — |
| xorg-server-lts-trusty | — | — | — | — |
Some fixes available 1 of 4
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
2 affected packages
xorg, xorg-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg | — | — | — | — |
| xorg-server | — | — | — | — |
Some fixes available 5 of 6
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute...
3 affected packages
xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
| xorg-server-lts-quantal | — | — | — | — |
| xorg-server-lts-raring | — | — | — | — |
Some fixes available 5 of 6
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as...
2 affected packages
xorg-server, xorg-server-lts-quantal
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
| xorg-server-lts-quantal | — | — | — | — |
Some fixes available 6 of 8
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.
3 affected packages
xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
| xorg-server-lts-quantal | — | — | — | — |
| xorg-server-lts-raring | — | — | — | — |
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
1 affected package
xorg-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab.
1 affected package
xorg-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the...
1 affected package
xorg-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
Some fixes available 4 of 5
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission)...
1 affected package
xorg-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |
Some fixes available 4 of 5
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
1 affected package
xorg-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xorg-server | — | — | — | — |