Lucene search

K
X.orgX Server

83 matches found

CVE
CVE
added 2018/01/24 3:29 p.m.118 views

CVE-2017-12187

xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.00773EPSS
CVE
CVE
added 2023/10/25 8:15 p.m.117 views

CVE-2023-5574

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be tr...

7CVSS7.1AI score0.00035EPSS
CVE
CVE
added 2008/01/18 11:0 p.m.115 views

CVE-2007-6427

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

9.3CVSS9.8AI score0.03789EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.114 views

CVE-2017-12179

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.8AI score0.00843EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.113 views

CVE-2017-12182

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.0095EPSS
CVE
CVE
added 2018/01/24 3:29 p.m.112 views

CVE-2017-12180

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8CVSS9.7AI score0.0095EPSS
CVE
CVE
added 2019/10/16 11:15 a.m.110 views

CVE-2019-17624

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is invo...

7.8CVSS8.2AI score0.16233EPSS
CVE
CVE
added 2022/10/17 1:15 p.m.105 views

CVE-2022-3551

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability i...

6.5CVSS6.3AI score0.00355EPSS
CVE
CVE
added 2015/02/13 3:59 p.m.103 views

CVE-2015-0255

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

6.4CVSS4AI score0.08186EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.95 views

CVE-2014-8098

The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index ...

6.5CVSS7.7AI score0.0101EPSS
CVE
CVE
added 2018/07/27 6:29 p.m.94 views

CVE-2017-2624

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a ...

7CVSS6.7AI score0.0011EPSS
CVE
CVE
added 2017/07/06 11:29 a.m.89 views

CVE-2017-10972

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

6.5CVSS6.9AI score0.0056EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.88 views

CVE-2014-8092

Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts,...

6.5CVSS7.7AI score0.01293EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.84 views

CVE-2014-8094

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers ...

6.5CVSS7.8AI score0.01042EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.83 views

CVE-2014-8091

X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer derefere...

4.3CVSS7.2AI score0.06313EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.82 views

CVE-2014-8093

Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request t...

6.5CVSS7.7AI score0.01297EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.82 views

CVE-2014-8097

The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (...

6.5CVSS7.7AI score0.01297EPSS
CVE
CVE
added 2017/07/06 11:29 a.m.82 views

CVE-2017-10971

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

8.8CVSS8.6AI score0.02313EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.81 views

CVE-2014-8095

The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the ...

6.5CVSS7.7AI score0.02305EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.79 views

CVE-2014-8096

The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code vi...

6.5CVSS7.6AI score0.01014EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.79 views

CVE-2014-8101

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or in...

6.5CVSS7.7AI score0.01269EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.79 views

CVE-2014-8102

The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitr...

6.5CVSS5.3AI score0.01115EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.78 views

CVE-2014-8099

The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or i...

6.5CVSS7.7AI score0.04564EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.76 views

CVE-2014-8100

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or i...

6.5CVSS7.7AI score0.01297EPSS
CVE
CVE
added 2016/12/13 4:59 p.m.73 views

CVE-2015-3418

The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

7.5CVSS7AI score0.00497EPSS
CVE
CVE
added 2014/02/05 7:55 p.m.68 views

CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

4.6CVSS6AI score0.00072EPSS
CVE
CVE
added 2025/03/16 1:15 a.m.63 views

CVE-2022-49737

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input loc...

7.7CVSS7AI score0.00083EPSS
CVE
CVE
added 2015/07/01 2:59 p.m.61 views

CVE-2015-3164

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

3.6CVSS7.1AI score0.00065EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.60 views

CVE-2014-8103

X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open...

6.5CVSS7.4AI score0.1445EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.56 views

CVE-2011-4029

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

1.9CVSS6.1AI score0.00572EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.55 views

CVE-2011-4028

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

1.2CVSS5.9AI score0.00114EPSS
CVE
CVE
added 2021/05/26 1:15 p.m.54 views

CVE-2020-25697

A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.

7CVSS7.1AI score0.00063EPSS
CVE
CVE
added 2022/10/17 1:15 p.m.47 views

CVE-2022-3553

A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053...

6.5CVSS5AI score0.0009EPSS
Total number of security vulnerabilities83