Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x.org xorg-server vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-14346
A flaw was found in xorg-x11-server prior to 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as sys...
X.org Xorg-server
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Canonical Ubuntu Linux 14.04
Redhat Enterprise Linux 8.0
7.8
CVSSv3
CVE-2020-14361
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
X.org Xorg-server
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Canonical Ubuntu Linux 14.04
Redhat Enterprise Linux 8.0
7.8
CVSSv3
CVE-2020-14362
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
X.org Xorg-server
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Canonical Ubuntu Linux 14.04
Redhat Enterprise Linux 8.0
NA
CVE-2007-6428
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver prior to 1.4.1 allows context-dependent malicious users to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
X.org Xserver
X.org Tog-cup
NA
CVE-2007-6429
Multiple integer overflows in X.Org Xserver prior to 1.4.1 allow context-dependent malicious users to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or ...
X.org Xserver
X.org Evi
X.org Mit-shm
NA
CVE-2012-0064
xkeyboard-config prior to 2.5 in X.Org prior to 7.6 enables certain XKB debugging functions by default, which allows physically proximate malicious users to bypass an X screen lock via keyboard combinations that break the input grab.
Xkeyboard Config Project Xkeyboard-config 2.0
X X.org X11 1.0
X X.org X11 3.0
X X.org X11 4.0
X X.org X11 5.0
X X.org X11 7.1
X X.org X11 7.2
X X.org X11 7.3
X X.org X11 7.4
X X.org X11 6.5.1
X X.org X11 6.6
X X.org X11 6.7
X X.org X11 6.8
Xkeyboard Config Project Xkeyboard-config
Xkeyboard Config Project Xkeyboard-config 2.2
X X.org X11 6.0
X X.org X11 6.3
X X.org X11 6.8.2
X X.org X11 7.0
X X.org X11 7.5
Xkeyboard Config Project Xkeyboard-config 2.3
Xkeyboard Config Project Xkeyboard-config 2.1
NA
CVE-2011-4028
The LockServer function in os/utils.c in X.Org xserver prior to 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
X.org X Server
X.org X Server 1.11.0
NA
CVE-2007-5958
X.Org Xserver prior to 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
X.org Xserver
1 EDB exploit
5.5
CVSSv3
CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
X.org Xorg-server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
NA
CVE-2007-5760
Array index error in the XFree86-Misc extension in X.Org Xserver prior to 1.4.1 allows context-dependent malicious users to execute arbitrary code via a PassMessage request containing a large array index.
Xfree86 Project Xfree86-misc
X.org Xserver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »