CVE-2026-50263
- EPSS 0.14%
- Veröffentlicht 05.06.2026 10:36:46
- Zuletzt bearbeitet 08.07.2026 20:16:51
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-50262
- EPSS 0.13%
- Veröffentlicht 05.06.2026 10:36:43
- Zuletzt bearbeitet 08.07.2026 20:16:51
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosu...
CVE-2026-50264
- EPSS 0.15%
- Veröffentlicht 05.06.2026 10:36:37
- Zuletzt bearbeitet 09.07.2026 13:17:27
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. Thi...
CVE-2026-50261
- EPSS 0.14%
- Veröffentlicht 05.06.2026 10:36:33
- Zuletzt bearbeitet 09.07.2026 13:17:27
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those cou...
CVE-2026-50260
- EPSS 0.15%
- Veröffentlicht 05.06.2026 10:36:30
- Zuletzt bearbeitet 09.07.2026 13:17:26
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. ...
CVE-2026-50259
- EPSS 0.17%
- Veröffentlicht 05.06.2026 10:31:39
- Zuletzt bearbeitet 09.07.2026 13:17:26
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-con...
CVE-2026-50258
- EPSS 0.16%
- Veröffentlicht 05.06.2026 10:31:39
- Zuletzt bearbeitet 09.07.2026 13:17:25
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel...
CVE-2026-50257
- EPSS 0.14%
- Veröffentlicht 05.06.2026 10:31:22
- Zuletzt bearbeitet 09.07.2026 13:17:25
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence ...
CVE-2026-50256
- EPSS 0.16%
- Veröffentlicht 05.06.2026 10:31:22
- Zuletzt bearbeitet 09.07.2026 13:17:25
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates...
CVE-2026-34002
- EPSS 0.49%
- Veröffentlicht 05.05.2026 16:16:11
- Zuletzt bearbeitet 08.06.2026 05:16:31
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes t...