Aggregates CVE and security vulnerability intelligence across all xcb_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-26958 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type. | [email protected] | 8.8 | 0.55% | 2021-02-09 | 2024-11-21 |
| CVE-2021-26957 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server. | [email protected] | 9.8 | 0.50% | 2021-02-09 | 2024-11-21 |
| CVE-2021-26956 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value. | [email protected] | 9.8 | 0.50% | 2021-02-09 | 2024-11-21 |
| CVE-2021-26955 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server. | [email protected] | 9.8 | 0.50% | 2021-02-09 | 2024-11-21 |
| CVE-2020-36205 | An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur. | [email protected] | 5.5 | 0.06% | 2021-01-26 | 2024-11-21 |