Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-50262 (GCVE-0-2026-50262)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:36 – Updated: 2026-06-09 14:37
VLAI
EPSS
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Summary
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50262 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485387 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:37:02.899907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:37:51.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:36:43.916Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50262"
},
{
"name": "RHBZ#2485387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485387"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50262",
"datePublished": "2026-06-05T10:36:43.916Z",
"dateReserved": "2026-06-04T14:55:24.012Z",
"dateUpdated": "2026-06-09T14:37:51.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-50262",
"date": "2026-06-16",
"epss": "0.00169",
"percentile": "0.06561"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-50262\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-06-05T12:16:39.770\",\"lastModified\":\"2026-06-15T13:40:21.960\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.23\",\"matchCriteriaId\":\"2F16F762-98D6-437F-8771-0F6C70AF65FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.1.12\",\"matchCriteriaId\":\"ED4EB1F5-9BBA-4751-9BC6-1639C7E02E0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-50262\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2485387\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.x.org/archives/xorg-announce/2026-June/003702.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://redhat.atlassian.net/browse/PSIRTSUPT-16950\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-50262\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-09T13:37:02.899907Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-09T13:37:07.388Z\"}}], \"cna\": {\"title\": \"Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes\", \"credits\": [{\"lang\": \"en\", \"value\": \"Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"xorg-x11-server-Xwayland\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"xorg-x11-server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"xorg-x11-server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"xorg-x11-server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"xorg-x11-server-Xwayland\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"xorg-x11-server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"xorg-x11-server-Xwayland\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-15T03:14:46.000Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-02T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2026-06-02T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-50262\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2485387\", \"name\": \"RHBZ#2485387\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145\"}, {\"url\": \"https://lists.x.org/archives/xorg-announce/2026-June/003702.html\"}, {\"url\": \"https://redhat.atlassian.net/browse/PSIRTSUPT-16950\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-05T10:36:43.916Z\"}, \"x_redhatCweChain\": \"CWE-125: Out-of-bounds Read\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-50262\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-09T14:37:51.935Z\", \"dateReserved\": \"2026-06-04T14:55:24.012Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2026-06-05T10:36:43.916Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0737
Vulnerability from certfr_avis - Published: 2026-06-11 - Updated: 2026-06-11
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | azl3 perl-DBI 1.643-3 versions antérieures à 1.643-4 | ||
| Microsoft | N/A | azl3 xorg-x11-server-Xwayland 24.1.6-4 versions antérieures à 24.1.12-1 | ||
| Microsoft | N/A | azl3 rrdtool 1.8.0-2 versions antérieures à 1.8.0-3 | ||
| Microsoft | N/A | azl3 perl-HTML-Parser 3.82-1 versions antérieures à 3.82-2 | ||
| Microsoft | N/A | azl3 gnutls 3.8.3-11 versions antérieures à 3.8.13-1 | ||
| Microsoft | N/A | azl3 ansible 2.17.11-1 versions antérieures à 2.17.11-2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 perl-DBI 1.643-3 versions ant\u00e9rieures \u00e0 1.643-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 xorg-x11-server-Xwayland 24.1.6-4 versions ant\u00e9rieures \u00e0 24.1.12-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rrdtool 1.8.0-2 versions ant\u00e9rieures \u00e0 1.8.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 perl-HTML-Parser 3.82-1 versions ant\u00e9rieures \u00e0 3.82-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gnutls 3.8.3-11 versions ant\u00e9rieures \u00e0 3.8.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 ansible 2.17.11-1 versions ant\u00e9rieures \u00e0 2.17.11-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50261"
},
{
"name": "CVE-2026-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50258"
},
{
"name": "CVE-2026-8829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8829"
},
{
"name": "CVE-2026-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50257"
},
{
"name": "CVE-2026-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5419"
},
{
"name": "CVE-2026-11332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11332"
},
{
"name": "CVE-2026-42015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42015"
},
{
"name": "CVE-2026-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50263"
},
{
"name": "CVE-2026-50260",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50260"
},
{
"name": "CVE-2026-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5260"
},
{
"name": "CVE-2026-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50262"
},
{
"name": "CVE-2026-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42013"
},
{
"name": "CVE-2026-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50256"
},
{
"name": "CVE-2026-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50259"
},
{
"name": "CVE-2026-43958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43958"
},
{
"name": "CVE-2026-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10879"
},
{
"name": "CVE-2026-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42012"
}
],
"initial_release_date": "2026-06-11T00:00:00",
"last_revision_date": "2026-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-05-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42012",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42012"
},
{
"published_at": "2026-05-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-5260",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5260"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50260",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50260"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50258",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50258"
},
{
"published_at": "2026-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43958",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43958"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-10879",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-10879"
},
{
"published_at": "2026-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-5419",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5419"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50257",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50257"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50261",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50261"
},
{
"published_at": "2026-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-11332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11332"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50259",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50259"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50263",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50263"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50262",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50262"
},
{
"published_at": "2026-05-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42013",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42013"
},
{
"published_at": "2026-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-8829",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8829"
},
{
"published_at": "2026-05-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42015",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42015"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-50256",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50256"
}
]
}
FKIE_CVE-2026-50262
Vulnerability from fkie_nvd - Published: 2026-06-05 12:16 - Updated: 2026-06-15 13:40
Severity
Summary
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2026-50262 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2485387 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145 | Patch | |
| secalert@redhat.com | https://lists.x.org/archives/xorg-announce/2026-June/003702.html | Mailing List, Vendor Advisory | |
| secalert@redhat.com | https://redhat.atlassian.net/browse/PSIRTSUPT-16950 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x.org | x_server | * | |
| x.org | xwayland | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F762-98D6-437F-8771-0F6C70AF65FD",
"versionEndExcluding": "21.1.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4EB1F5-9BBA-4751-9BC6-1639C7E02E0C",
"versionEndExcluding": "24.1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default."
}
],
"id": "CVE-2026-50262",
"lastModified": "2026-06-15T13:40:21.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Primary"
}
]
},
"published": "2026-06-05T12:16:39.770",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485387"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
GHSA-JX39-26RR-CWQP
Vulnerability from github – Published: 2026-06-05 12:31 – Updated: 2026-06-05 12:31
VLAI
Details
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
Severity
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-50262"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T12:16:39Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.",
"id": "GHSA-jx39-26rr-cwqp",
"modified": "2026-06-05T12:31:46Z",
"published": "2026-06-05T12:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50262"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-50262"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485387"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145"
},
{
"type": "WEB",
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"type": "WEB",
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2026-50262
Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-11 01:40Summary
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-50262.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes",
"tracking": {
"current_release_date": "2026-06-11T01:40:00.000Z",
"generator": {
"date": "2026-06-11T07:02:31.014Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-50262",
"initial_release_date": "2026-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-06-09T01:02:10.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-06-11T01:40:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 xorg-x11-server-Xwayland 0:24.1.6-4.azl3",
"product": {
"name": "\u003cazl3 xorg-x11-server-Xwayland 0:24.1.6-4.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 xorg-x11-server-Xwayland 0:24.1.6-4.azl3",
"product": {
"name": "azl3 xorg-x11-server-Xwayland 0:24.1.6-4.azl3",
"product_id": "21316"
}
}
],
"category": "product_name",
"name": "xorg-x11-server-Xwayland"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 xorg-x11-server-Xwayland 0:24.1.6-4.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 xorg-x11-server-Xwayland 0:24.1.6-4.azl3 as a component of Azure Linux 3.0",
"product_id": "21316-17084"
},
"product_reference": "21316",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-50262",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21316-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-50262.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T01:02:10.000Z",
"details": "0:24.1.12-1.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes"
}
]
}
WID-SEC-W-2025-0435
Vulnerability from csaf_certbund - Published: 2025-02-25 23:00 - Updated: 2026-06-04 22:00Summary
X.Org X11: Mehrere Schwachstellen ermöglichen nicht näher spezifizierte Auswirkungen, möglicherweise Codeausführung
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das X Window System dient der Erzeugung grafischer Oberflächen auf Unix Systemen.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in X.Org X11 ausnutzen, um nicht spezifizierte Effekte zu verursachen, was möglicherweise zur Ausführung von beliebigem Code führt.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenBSD OpenBSD 7.5
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.5
|
7.5 | |
|
Open Source X.Org X11 Xwayland <24.1.6
Open Source / X.Org X11
|
Xwayland <24.1.6 | ||
|
Open Source X.Org X11 server <21.1.16
Open Source / X.Org X11
|
server <21.1.16 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
OpenBSD OpenBSD 7.6
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.6
|
7.6 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
IGEL OS <12.7.0
IGEL / OS
|
<12.7.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Open Source Xming <7.7.1.13
Open Source / Xming
|
<7.7.1.13 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
References
64 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://seclists.org/oss-sec/2025/q1/159 | external |
| https://ubuntu.com/security/notices/USN-7299-1 | external |
| http://www.straightrunning.com/XmingNotes/changes.php | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://www.openbsd.org/errata76.html | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://lists.debian.org/debian-lts-announce/2025… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://lists.debian.org/debian-security-announce… | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://bodhi.fedoraproject.org/updates/FEDORA-20… | external |
| https://ubuntu.com/security/notices/USN-7299-2 | external |
| https://linux.oracle.com/errata/ELSA-2025-2500.html | external |
| https://access.redhat.com/errata/RHSA-2025:2502 | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://linux.oracle.com/errata/ELSA-2025-2502.html | external |
| https://access.redhat.com/errata/RHSA-2025:2500 | external |
| https://ubuntu.com/security/notices/USN-7299-3 | external |
| https://access.redhat.com/errata/RHSA-2025:2865 | external |
| https://access.redhat.com/errata/RHSA-2025:2874 | external |
| https://access.redhat.com/errata/RHSA-2025:2875 | external |
| https://access.redhat.com/errata/RHSA-2025:2880 | external |
| https://access.redhat.com/errata/RHSA-2025:2866 | external |
| https://access.redhat.com/errata/RHSA-2025:2861 | external |
| https://access.redhat.com/errata/RHSA-2025:2873 | external |
| https://access.redhat.com/errata/RHSA-2025:2879 | external |
| https://access.redhat.com/errata/RHSA-2025:2862 | external |
| https://ubuntu.com/security/notices/USN-7299-4 | external |
| https://alas.aws.amazon.com/AL2/ALAS-2025-2791.html | external |
| https://kb.igel.com/security-safety/current/isn-2… | external |
| https://linux.oracle.com/errata/ELSA-2025-2861.html | external |
| https://linux.oracle.com/errata/ELSA-2025-2879.html | external |
| https://access.redhat.com/errata/RHSA-2025:3976 | external |
| https://access.redhat.com/errata/RHSA-2025:7458 | external |
| https://access.redhat.com/errata/RHSA-2025:7163 | external |
| https://access.redhat.com/errata/RHSA-2025:7165 | external |
| https://www.dell.com/support/kbdoc/de-de/00032629… | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://lists.suse.com/pipermail/sle-security-upd… | external |
| https://security.gentoo.org/glsa/202506-04 | external |
| http://linux.oracle.com/errata/ELSA-2025-9304.html | external |
| https://linux.oracle.com/errata/ELSA-2025-7458.html | external |
| https://linux.oracle.com/errata/ELSA-2025-10360.html | external |
| https://www.dell.com/support/kbdoc/000376224 | external |
| https://errata.build.resf.org/RLSA-2025:7163 | external |
| http://linux.oracle.com/errata/ELSA-2025-22096.html | external |
| https://linux.oracle.com/errata/ELSA-2025-22040.html | external |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das X Window System dient der Erzeugung grafischer Oberfl\u00e4chen auf Unix Systemen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in X.Org X11 ausnutzen, um nicht spezifizierte Effekte zu verursachen, was m\u00f6glicherweise zur Ausf\u00fchrung von beliebigem Code f\u00fchrt.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0435 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0435.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0435 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0435"
},
{
"category": "external",
"summary": "X.Org Security Advisory vom 2025-02-25",
"url": "https://seclists.org/oss-sec/2025/q1/159"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7299-1 vom 2025-02-25",
"url": "https://ubuntu.com/security/notices/USN-7299-1"
},
{
"category": "external",
"summary": "Xming Changelog vom 2025-02-25",
"url": "http://www.straightrunning.com/XmingNotes/changes.php"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-FD490BCDCD vom 2025-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-fd490bcdcd"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-F2525743D6 vom 2025-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-f2525743d6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-B40B12A89E vom 2025-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-b40b12a89e"
},
{
"category": "external",
"summary": "OpenBSD Errata",
"url": "https://www.openbsd.org/errata76.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-065909F8C6 vom 2025-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-065909f8c6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-4A832BF2B1 vom 2025-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-4a832bf2b1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-2210D27149 vom 2025-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2210d27149"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0732-1 vom 2025-02-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TAWVWOHNPE3MMAI6UKCA47A6ZA5I434J/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0731-1 vom 2025-02-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CCWOXQOHRYOB3XBTE3E6CKLLTFNLQAMR/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0730-1 vom 2025-02-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZKUPIGIXHBM4MC4CXVLM3OB32L2TMUTV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0729-1 vom 2025-02-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5GTDDAPT2CXHXVOSK7DE6OWNPU5YPGYR/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0733-1 vom 2025-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020438.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0734-1 vom 2025-02-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020437.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0731-1 vom 2025-02-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CCWOXQOHRYOB3XBTE3E6CKLLTFNLQAMR/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14841-1 vom 2025-02-27",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DFXFWTIBYVEZW7776X7CR2CMJGQXCGXT/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4072 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0758-1 vom 2025-02-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/27GANBYQW25DQC6LDPTKCLJHEVLSI5SU/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-EF7FB833F2 vom 2025-03-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-ef7fb833f2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0757-1 vom 2025-02-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020459.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0739-1 vom 2025-02-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MV377NV3DYCGULIZJDMJOW3QERLQFGCB/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5872 vom 2025-02-28",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00034.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0740-1 vom 2025-02-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020454.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-A87BC329FE vom 2025-03-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-a87bc329fe"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7299-2 vom 2025-03-10",
"url": "https://ubuntu.com/security/notices/USN-7299-2"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-2500 vom 2025-03-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-2500.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2502 vom 2025-03-10",
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0818-1 vom 2025-03-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020494.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-2502 vom 2025-03-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-2502.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2500 vom 2025-03-10",
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7299-3 vom 2025-03-12",
"url": "https://ubuntu.com/security/notices/USN-7299-3"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2865 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2874 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2875 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2880 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2866 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2861 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2873 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2879 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2862 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7299-4 vom 2025-03-17",
"url": "https://ubuntu.com/security/notices/USN-7299-4"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2791 vom 2025-03-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2791.html"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2025-07 vom 2025-03-27",
"url": "https://kb.igel.com/security-safety/current/isn-2025-07-x-org-vulnerabilities"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-2861 vom 2025-04-01",
"url": "https://linux.oracle.com/errata/ELSA-2025-2861.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-2879 vom 2025-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-2879.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3976 vom 2025-04-17",
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7458 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7163 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7165 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20299-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021033.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20161-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021189.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202506-04 vom 2025-06-12",
"url": "https://security.gentoo.org/glsa/202506-04"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9304 vom 2025-06-28",
"url": "http://linux.oracle.com/errata/ELSA-2025-9304.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7458 vom 2025-07-07",
"url": "https://linux.oracle.com/errata/ELSA-2025-7458.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-10360 vom 2025-07-24",
"url": "https://linux.oracle.com/errata/ELSA-2025-10360.html"
},
{
"category": "external",
"summary": "Dell Security Update vom 2025-10-02",
"url": "https://www.dell.com/support/kbdoc/000376224"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:7163 vom 2025-10-04",
"url": "https://errata.build.resf.org/RLSA-2025:7163"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22096 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-22096.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22040 vom 2025-12-12",
"url": "https://linux.oracle.com/errata/ELSA-2025-22040.html"
}
],
"source_lang": "en-US",
"title": "X.Org X11: Mehrere Schwachstellen erm\u00f6glichen nicht n\u00e4her spezifizierte Auswirkungen, m\u00f6glicherweise Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2026-06-04T22:00:00.000+00:00",
"generator": {
"date": "2026-06-05T06:42:26.174+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2025-0435",
"initial_release_date": "2025-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian, SUSE und Fedora aufgenommen"
},
{
"date": "2025-03-09T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux, Red Hat und SUSE aufgenommen"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-16T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-25T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IGEL aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "15",
"summary": "Referenz(en) aufgenommen: EUVD-2025-5426, EUVD-2025-5425"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-12T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-07T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "26",
"summary": "Referenz(en) aufgenommen: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258, CVE-2026-50259, CVE-2026-50260, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263, CVE-2026-50264"
}
],
"status": "final",
"version": "26"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.4.0.0",
"product_id": "T045879"
}
},
{
"category": "product_version",
"name": "8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain 8.4.0.0",
"product_id": "T045879-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.4.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.10.1.70",
"product_id": "T045881"
}
},
{
"category": "product_version",
"name": "7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain 7.10.1.70",
"product_id": "T045881-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.70"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.13.1.40",
"product_id": "T047343"
}
},
{
"category": "product_version",
"name": "7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain 7.13.1.40",
"product_id": "T047343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.3.1.10",
"product_id": "T047344"
}
},
{
"category": "product_version",
"name": "8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain 8.3.1.10",
"product_id": "T047344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.3.1.10"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.7.0",
"product": {
"name": "IGEL OS \u003c12.7.0",
"product_id": "T017865"
}
},
{
"category": "product_version",
"name": "12.7.0",
"product": {
"name": "IGEL OS 12.7.0",
"product_id": "T017865-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "product_name",
"name": "OS"
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "server \u003c21.1.16",
"product": {
"name": "Open Source X.Org X11 server \u003c21.1.16",
"product_id": "T041408"
}
},
{
"category": "product_version",
"name": "server 21.1.16",
"product": {
"name": "Open Source X.Org X11 server 21.1.16",
"product_id": "T041408-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:x:x.org_x11:server__21.1.16"
}
}
},
{
"category": "product_version_range",
"name": "Xwayland \u003c24.1.6",
"product": {
"name": "Open Source X.Org X11 Xwayland \u003c24.1.6",
"product_id": "T041409"
}
},
{
"category": "product_version",
"name": "Xwayland 24.1.6",
"product": {
"name": "Open Source X.Org X11 Xwayland 24.1.6",
"product_id": "T041409-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:x:x.org_x11:xwayland__24.1.6"
}
}
}
],
"category": "product_name",
"name": "X.Org X11"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.7.1.13",
"product": {
"name": "Open Source Xming \u003c7.7.1.13",
"product_id": "T041420"
}
},
{
"category": "product_version",
"name": "7.7.1.13",
"product": {
"name": "Open Source Xming 7.7.1.13",
"product_id": "T041420-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:xming:7.7.1.13"
}
}
}
],
"category": "product_name",
"name": "Xming"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "OpenBSD OpenBSD 7.5",
"product_id": "T033898",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.5"
}
}
},
{
"category": "product_version",
"name": "7.6",
"product": {
"name": "OpenBSD OpenBSD 7.6",
"product_id": "T038347",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.6"
}
}
}
],
"category": "product_name",
"name": "OpenBSD"
}
],
"category": "vendor",
"name": "OpenBSD"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-26594",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26594"
},
{
"cve": "CVE-2025-26595",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26595"
},
{
"cve": "CVE-2025-26596",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26596"
},
{
"cve": "CVE-2025-26597",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26597"
},
{
"cve": "CVE-2025-26598",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26598"
},
{
"cve": "CVE-2025-26599",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26599"
},
{
"cve": "CVE-2025-26600",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26600"
},
{
"cve": "CVE-2025-26601",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2025-26601"
},
{
"cve": "CVE-2026-50256",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50256"
},
{
"cve": "CVE-2026-50257",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50257"
},
{
"cve": "CVE-2026-50258",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50258"
},
{
"cve": "CVE-2026-50259",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50259"
},
{
"cve": "CVE-2026-50260",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50260"
},
{
"cve": "CVE-2026-50261",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50261"
},
{
"cve": "CVE-2026-50262",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50262"
},
{
"cve": "CVE-2026-50263",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50263"
},
{
"cve": "CVE-2026-50264",
"product_status": {
"known_affected": [
"T033898",
"T041409",
"T041408",
"67646",
"T034583",
"T038347",
"T012167",
"T004914",
"T032255",
"74185",
"T039664",
"2951",
"T002207",
"T045879",
"T017865",
"T000126",
"T027843",
"T047343",
"398363",
"T045881",
"T041420",
"T047344"
]
},
"release_date": "2025-02-25T23:00:00.000+00:00",
"title": "CVE-2026-50264"
}
]
}
WID-SEC-W-2026-1774
Vulnerability from csaf_certbund - Published: 2026-06-01 22:00 - Updated: 2026-06-09 22:00Summary
X.Org X11 und Xwayland: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das X Window System dient der Erzeugung grafischer Oberflächen auf Unix Systemen.
Xwayland ist ein X-Server für die Ausführung von X-Clients unter Wayland Display Servern. Wayland ist ein Ersatz für X.11 Display-Server.
Angriff: Ein Angreifer kann mehrere Schwachstellen in X.Org X11 und Xwayland ausnutzen, um Informationen offenzulegen, um seine Privilegien zu erhöhen, um einen Denial of Service Angriff durchzuführen, und um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Xwayland <24.1.12
Open Source / Xwayland
|
<24.1.12 | ||
|
Open Source X.Org X11 Server <21.1.23
Open Source / X.Org X11
|
Server <21.1.23 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das X Window System dient der Erzeugung grafischer Oberfl\u00e4chen auf Unix Systemen.\r\nXwayland ist ein X-Server f\u00fcr die Ausf\u00fchrung von X-Clients unter Wayland Display Servern. Wayland ist ein Ersatz f\u00fcr X.11 Display-Server.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in X.Org X11 und Xwayland ausnutzen, um Informationen offenzulegen, um seine Privilegien zu erh\u00f6hen, um einen Denial of Service Angriff durchzuf\u00fchren, und um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1774 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1774.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1774 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1774"
},
{
"category": "external",
"summary": "X.Org Security Advisory vom 2026-06-01",
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2026-06-09",
"url": "https://msrc.microsoft.com/update-guide/"
}
],
"source_lang": "en-US",
"title": "X.Org X11 und Xwayland: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-09T22:00:00.000+00:00",
"generator": {
"date": "2026-06-10T07:21:02.391+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1774",
"initial_release_date": "2026-06-01T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
},
{
"date": "2026-06-07T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-34815, EUVD-2026-34820, EUVD-2026-34819, EUVD-2026-34818, EUVD-2026-34817, EUVD-2026-34816, EUVD-2026-34814, EUVD-2026-34813, EUVD-2026-34812"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Server \u003c21.1.23",
"product": {
"name": "Open Source X.Org X11 Server \u003c21.1.23",
"product_id": "T054960"
}
},
{
"category": "product_version",
"name": "Server 21.1.23",
"product": {
"name": "Open Source X.Org X11 Server 21.1.23",
"product_id": "T054960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:x:x.org_x11:server__21.1.23"
}
}
}
],
"category": "product_name",
"name": "X.Org X11"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1.12",
"product": {
"name": "Open Source Xwayland \u003c24.1.12",
"product_id": "T054961"
}
},
{
"category": "product_version",
"name": "24.1.12",
"product": {
"name": "Open Source Xwayland 24.1.12",
"product_id": "T054961-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:x.org:xwayland:24.1.12"
}
}
}
],
"category": "product_name",
"name": "Xwayland"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-50256",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50256"
},
{
"cve": "CVE-2026-50257",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50257"
},
{
"cve": "CVE-2026-50258",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50258"
},
{
"cve": "CVE-2026-50259",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50259"
},
{
"cve": "CVE-2026-50260",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50260"
},
{
"cve": "CVE-2026-50261",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50261"
},
{
"cve": "CVE-2026-50262",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50262"
},
{
"cve": "CVE-2026-50263",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50263"
},
{
"cve": "CVE-2026-50264",
"product_status": {
"known_affected": [
"T049210",
"T054961",
"T054960"
]
},
"release_date": "2026-06-01T22:00:00.000+00:00",
"title": "CVE-2026-50264"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…