Search CVE reports
31 – 40 of 74 results
Some fixes available 17 of 18
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | Fixed | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 17 of 18
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | Fixed | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 17 of 18
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | Fixed | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 13 of 15
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Not affected | Not affected | Fixed | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 12 of 14
A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Not affected | Not affected | Fixed | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 13 of 15
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Not affected | Not affected | Fixed | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 13 of 15
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Not affected | Not affected | Fixed | Not in release | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 20 of 22
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
11 affected packages
xorg, xwayland, xorg-server-hwe-16.04, xorg-server, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xwayland | Fixed | Fixed | Fixed | Not in release | Not in release |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
| xorg-server-lts-utopic | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-vivid | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-wily | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-xenial | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 20 of 22
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer...
11 affected packages
xorg, xwayland, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xwayland | Fixed | Fixed | Fixed | Not in release | Not in release |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
| xorg-server-lts-utopic | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-vivid | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-wily | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-xenial | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 19 of 22
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites...
11 affected packages
xorg, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xorg-hwe-16.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xwayland | Fixed | Fixed | Fixed | Not in release | Not in release |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | Not in release | Not affected |
| xorg-server-lts-utopic | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-vivid | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-wily | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-xenial | Not in release | Not in release | Not in release | Not in release | Not in release |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |