Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-1393

Published: 30/03/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Xorg-server

Vulnerability Summary

This vulnerability allows local malicious users to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of overlay windows. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org xorg-server

fedoraproject fedora 36

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian Security Advisories: DSA-5380-1 xorg-server -- security update
Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the Xorg X server may result in privilege escalation if the X server is running under the root user For the stable distribution (bullseye), this problem has been fixed in version 2:12011-1+deb11u6 We recommend that you upgrade your xorg-server packages For th ...
Red Hat: Important: tigervnc security update
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has ra ...
Red Hat: Important: tigervnc and xorg-x11-server security update
Synopsis Important: tigervnc and xorg-x11-server security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7Red Hat Product S ...
Red Hat: Important: tigervnc security update
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has ra ...
Red Hat: Important: tigervnc security update
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having ...
Red Hat: Important: tigervnc security update
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Secur ...
Red Hat: Important: tigervnc security update
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has ra ...
Red Hat: Important: tigervnc security update
概述 Important: tigervnc security update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for tigervnc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as havin ...
Red Hat: Important: tigervnc security update
概述 Important: tigervnc security update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for tigervnc is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 ...
Red Hat: Moderate: xorg-x11-server-Xwayland security, bug fix, and enhancement update
Synopsis Moderate: xorg-x11-server-Xwayland security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9R ...
Red Hat: Moderate: xorg-x11-server security and bug fix update
Synopsis Moderate: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-416https://www.openwall.com/lists/oss-security/2023/03/29/1https://security.gentoo.org/glsa/202305-30https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SW2NRC3V53PIBXFPFBVWCOM2MDDILWQS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHJMSMK7G4GPLMKIGKXIOL2RTKU5VFWE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PSAAGI5V77FQXIT5PP4URP6BYQVCK5U5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NOYATGGPMT3COC7ELAJW5TG2PVS3AFR2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFUDSBSABRHQOX6TIQ5O3SNPFTPFQQP/https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5380https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://www.zerodayinitiative.com/advisories/ZDI-23-359/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook