Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: tigervnc

Found 36 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2024-0408
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 9 months, 4 weeks ago
Xorg-x11-server: selinux unlabeled glx pbuffer

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

References

Affected products

tigervnc
xwayland
  • ==23.2.4
xorg-server
  • <21.1.11
  • ==21.1.11
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

Untriaged
Permalink CVE-2025-49175
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 9 months, 4 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

References

Affected products

tigervnc
  • *
xwayland
  • <24.1.8
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

Untriaged
Permalink CVE-2025-49176
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 9 months, 4 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

References

Affected products

tigervnc
  • *
xwayland
  • <24.1.7
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

Untriaged
Permalink CVE-2023-6816
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 9 months, 4 weeks ago
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

References

Affected products

tigervnc
  • *
xwayland
  • ==23.2.4
xorg-server
  • ==21.1.11
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

Untriaged
Permalink CVE-2025-49179
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 9 months, 4 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

References

Affected products

tigervnc
  • *
xwayland
  • <24.1.7
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

Untriaged
Permalink CVE-2025-31027
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 10 months, 3 weeks ago
WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.

Affected products

tiger
  • =<2.0

Matching in nixpkgs

pkgs.libtiger

Rendering library for Kate streams using Pango and Cairo

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

pkgs.tigerbeetle

Financial accounting database designed to be distributed and fast

pkgs.tigerjython

Simple development environment for programming in Python

  • nixos-unstable 2.39
    • nixpkgs-unstable 2.39
    • nixos-unstable-small 2.39

Package maintainers

Untriaged
Permalink CVE-2024-21885
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 11 months, 3 weeks ago
Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

References

Affected products

tigervnc
  • *
xwayland
  • *
  • <23.2.4
  • ==23.2.4
xorg-server
  • ==1.21.1.7
  • ==21.1.11
  • *
  • <21.1.11
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

Dismissed
Permalink CVE-2025-31407
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 1 year ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year ago
  • @LeSuisse dismissed 1 year ago
WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.

Affected products

tiger
  • =<2.0

Matching in nixpkgs

pkgs.libtiger

Rendering library for Kate streams using Pango and Cairo

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

pkgs.tigerbeetle

Financial accounting database designed to be distributed and fast

pkgs.tigerjython

Simple development environment for programming in Python

  • nixos-unstable 2.39
    • nixpkgs-unstable 2.39
    • nixos-unstable-small 2.39

Package maintainers

Untriaged
Permalink CVE-2025-26595
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Xorg: xwayland: buffer overflow in xkbvmodmasktext()

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

References

Affected products

xserver
  • <21.1.16
  • <24.1.6
tigervnc
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

Untriaged
Permalink CVE-2025-26597
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Xorg: xwayland: buffer overflow in xkbchangetypesofkey()

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

References

Affected products

xserver
  • <21.1.16
  • <24.1.6
tigervnc
  • *
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL