Product:

Xorg\-Server

(X\.org)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 47
Date Id Summary Products Score Patch Annotated
2018-01-24 CVE-2017-12177 xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Debian_linux, Xorg\-Server 9.8
2018-01-24 CVE-2017-12176 xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Debian_linux, Xorg\-Server 9.8
2017-10-10 CVE-2017-13721 In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. Debian_linux, Xorg\-Server 4.7
2017-07-06 CVE-2017-10972 Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. Xorg\-Server 6.5
2017-10-09 CVE-2017-13723 In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. Debian_linux, Xorg\-Server 7.8
2017-07-06 CVE-2017-10971 In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Xorg\-Server 8.8
2015-07-01 CVE-2015-3164 The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. Opensuse, Xorg\-Server N/A
2015-02-13 CVE-2015-0255 X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. Opensuse, Xorg\-Server N/A
2007-09-11 CVE-2007-4730 Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Xorg\-Server N/A
2006-08-29 CVE-2006-4447 X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. Emu\-Linux\-X87\-Xlibs, X11r6, X11r7, Xdm, Xf86dga, Xinit, Xload, Xorg\-Server, Xterm N/A