FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335xorg-server -- Multiple input validation failures in X server extensions

The X.org project reports:

All theses issuses can lead to local privileges elevation on systems where the X server is running privileged.

The handler for the XkbSetNames request does not validate the request length before accessing its contents.

An integer underflow exists in the handler for the XIChangeHierarchy request.

An integer underflow exist in the handler for the XkbSelectEvents request.

An integer underflow exist in the handler for the CreateRegister request of the X record extension.


Discovery 2020-08-25
Entry 2020-08-25
xorg-server
< 1.20.8_4,1

xephyr
< 1.20.8_4,1

xorg-vfbserver
< 1.20.8_4,1

xorg-nestserver
< 1.20.8_4,1

xwayland
< 1.20.8_4,1

xorg-dmx
< 1.20.8_4,1

CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports:

Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client.


Discovery 2020-07-31
Entry 2020-08-01
xorg-server
< 1.20.8_3,1

xephyr
< 1.20.8_3,1

xorg-vfbserver
< 1.20.8_3,1

xorg-nestserver
< 1.20.8_3,1

xwayland
< 1.20.8_3,1

xorg-dmx
< 1.20.8_3,1

https://lists.x.org/archives/xorg-announce/2020-July/003051.html
CVE-2020-14347
465db5b6-9c6d-11eb-8e8a-bc542f4bd1ddxorg-server -- Input validation failures in X server XInput extension

X.Org server security reports for release 1.20.11:

  • Fix XChangeFeedbackControl() request underflow

.


Discovery 2021-04-13
Entry 2021-04-13
xorg-server
< 1.20.11,1

xwayland
< 1.20.11,1

xwayland-devel
le 1.20.0.877

https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-1.20.11
76c8b690-340b-11eb-a2b7-54e1ad3d6335xorg-server -- Multiple input validation failures in X server XKB extension

The X.org project reports:

These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged.

Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server.

Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server.


Discovery 2020-12-01
Entry 2020-12-01
xorg-server
< 1.20.9_1,1

xephyr
< 1.20.9_1,1

xorg-vfbserver
< 1.20.9_1,1

xorg-nestserver
< 1.20.9_1,1

xwayland
< 1.20.9_2,1

xorg-dmx
< 1.20.9_1,1

https://lists.x.org/archives/xorg-announce/2020-December/003066.html
CVE-2020-14360
CVE-2020-25712