Search CVE reports
1 – 10 of 157 results
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 16
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 16
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 16
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition....
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 17 of 18
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 17 of 18
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |