threat
engine
.sh
Back
·
··:··
Home
/
Product
/
x.org xwayland
Product
x.org xwayland
16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-26601
< 24.1.6
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one aft
7.8
HIGH
CVE-2025-26600
< 24.1.6
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that dev
7.8
HIGH
CVE-2025-26599
< 24.1.6
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot
7.8
HIGH
CVE-2025-26598
< 24.1.6
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based
7.8
HIGH
CVE-2025-26597
< 24.1.6
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key
7.8
HIGH
CVE-2025-26596
< 24.1.6
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is writt
7.8
HIGH
CVE-2025-26595
< 24.1.6
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack
7.8
HIGH
CVE-2025-26594
< 24.1.6
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a cl
7.8
HIGH
CVE-2024-0229
< 23.2.4
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab
7.8
HIGH
CVE-2024-0409
< 23.2.4
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It u
7.8
HIGH
CVE-2024-0408
< 23.2.4
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabe
5.5
MEDIUM
CVE-2023-6816
< 23.2.4
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button current
9.8
CRITICAL
CVE-2023-6478
< 23.2.3
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an
7.6
HIGH
CVE-2023-6377
< 23.2.3
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in o
7.8
HIGH
CVE-2023-5380
< 23.2.2
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a
4.7
MEDIUM
CVE-2023-5367
< 23.2.2
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin