Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xorg\-Server
(X\.org)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 47 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-01-24 | CVE-2017-12177 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | Debian_linux, Xorg\-Server | 9.8 | ||
2018-01-24 | CVE-2017-12176 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | Debian_linux, Xorg\-Server | 9.8 | ||
2017-10-10 | CVE-2017-13721 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | Debian_linux, Xorg\-Server | 4.7 | ||
2017-07-06 | CVE-2017-10972 | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | Xorg\-Server | 6.5 | ||
2017-10-09 | CVE-2017-13723 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | Debian_linux, Xorg\-Server | 7.8 | ||
2017-07-06 | CVE-2017-10971 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | Xorg\-Server | 8.8 | ||
2015-07-01 | CVE-2015-3164 | The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. | Opensuse, Xorg\-Server | N/A | ||
2015-02-13 | CVE-2015-0255 | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | Opensuse, Xorg\-Server | N/A | ||
2007-09-11 | CVE-2007-4730 | Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. | Xorg\-Server | N/A | ||
2006-08-29 | CVE-2006-4447 | X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. | Emu\-Linux\-X87\-Xlibs, X11r6, X11r7, Xdm, Xf86dga, Xinit, Xload, Xorg\-Server, Xterm | N/A |