326 matches found
CVE-2020-14347
A flaw was found in the way the Xserver memory was not properly initialized. This issue leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges, this flaw results in a possible ASLR bypass...
xorg-server -- Pixel Data Uninitialized Memory Information Disclosure
The X.org project reports: Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws...
EulerOS 2.0 SP5 : libXfont (EulerOS-SA-2019-2539)
According to the versions of the libXfont package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection c...
openSUSE: Security Advisory for links (openSUSE-SU-2019:2185-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1026-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...
USN-3500-1 libxfont, libxfont1, libxfont2 vulnerability
It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files...
Debian DSA-4000-1 : xorg-server - security update
Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...
CVE-2017-13723
In X.Org Server aka xserver and xorg-server before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp...
CVE-2017-13723
CVE-2017-13723 affects X.Org Server (xorg-server) prior to 1.19.4. A local attacker authenticated to the X server can overflow a global buffer via injecting large or malformed XKB atoms and accessing them through xkbcomp, leading to crashes and potential privilege elevation when run as root. Docu...
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...
CVE-2015-3418
The ProcPutImage function in dix/dispatch.c in X.Org Server aka xserver and xorg-server before 1.16.4 allows attackers to cause a denial of service divide-by-zero and crash via a zero-height PutImage request...
CVE-2015-3418
CVE-2015-3418 affects the X.Org Server (xserver/xorg-server) ProcPutImage function in dix/dispatch.c and is exploitable via a zero-height PutImage request. Affected with versions prior to 1.16.4 may experience denial of service (divide-by-zero) or crash. Connected documents confirm this behavior ...
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Shellcode (68 bytes)
/ Title : Linux , Reverse Shell using Xterm , ///usr/bin/xterm -display 127.1.1.1:10 Date : 12-07-2016 Author : RTV Tested On : Ubuntu x86 shellcode :...
[SECURITY] [DLA 120-2] xorg-server regression update
Package : xorg-server Version : 2:1.7.7-18+deb6u3 CVE ID : CVE-2015-3418 Debian Bug : 774308 Andreas Cord-Landwehr reported an issue where the X.Org Xserver would often crash with an arithmetic exception when maximizing application windows. This issue CVE-2015-3418 is a regression which got...
DLA-218-1 xorg-server - security update
Bulletin has no description...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The x11-xserver-utils package in the Debian GNU/Linux operating system has multiple vulnerabilities. Exploiting these vulnerabilities may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
USN-2568-1 libx11, libxrender vulnerability
Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other...
CVE-2015-0255
X.Org X11-server (X.Org Server) is affected by CVE-2015-0255: in versions before 1.16.3 and 1.17.x before 1.17.1, a flaw in handling XkbSetGeometry requests can disclose memory or crash the server due to missing input validation. Root cause: improper validation of crafted XkbSetGeometry string le...