X.Org X Server
Approved changes feed: RSS · Atom
cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | X.Org (4cd053ee-09df-594a-873d-dbd09ec2f899) |
|---|---|
| Product | X Server (886aecb6-f1b2-5d3d-bfbf-bfb474c3b23f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/xserver-xorg-core |
purl2cpe | 2026-06-01 10:14:02.410767 |
pkg:deb/ubuntu/xserver-xorg-core |
purl2cpe | 2026-06-01 10:14:02.410768 |
pkg:github/freedesktop/xorg-xserver |
purl2cpe | 2026-06-01 10:14:02.410770 |
pkg:rpm/opensuse/xserver-xorg-core |
purl2cpe | 2026-06-01 10:14:02.410771 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-34002 |
vulnerable | 2026-06-03 15:22:08.863638 |
Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling
MEDIUM (6.1)
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
Published: 2026-05-05T14:41:10.065Z
Updated: 2026-06-05T00:51:18.124Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-34000 |
vulnerable | 2026-06-03 15:22:08.855799 |
Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.
MEDIUM (6.1)
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
Published: 2026-05-05T14:41:05.468Z
Updated: 2026-06-05T00:51:12.643Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3553 |
vulnerable | 2026-06-03 14:47:58.697097 |
X.org Server xquartz X11Controller.m denial of service
LOW (3.5)
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.
Published: 2022-10-17T00:00:00.000Z
Updated: 2025-04-15T13:27:23.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25697 |
vulnerable | 2026-06-03 14:42:09.541649 |
Details available
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.
Published: 2021-05-26T12:08:12.000Z
Updated: 2024-08-04T15:40:36.622Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-4613 |
vulnerable | 2026-06-03 14:31:25.621271 |
Details available
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Published: 2014-02-05T19:00:00.000Z
Updated: 2024-08-07T00:09:19.491Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.