Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x.org x server vulnerabilities and exploits
(subscribe to this query)
169
VMScore
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
320
VMScore
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont up to and including 1.5.2 and 2.x prior to 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash o...
X.org Libxfont 2.0.0
X.org Libxfont 2.0.1
X.org Libxfont
890
VMScore
CVE-2012-2118
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows malicious users to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
X.org X11 1.11
505
VMScore
CVE-2007-5958
X.Org Xserver prior to 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
X.org Xserver
1 EDB exploit
465
VMScore
CVE-2011-4613
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Canonical Ubuntu Linux 11.10
Debian Debian Linux
Ubuntu Linux
X.org X Server -
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.04
1 EDB exploit
445
VMScore
CVE-2006-0197
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and previous versions, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-b...
X.org X.org
668
VMScore
CVE-2017-12176
xorg-x11-server prior to 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
X.org Xorg-server
668
VMScore
CVE-2017-12178
xorg-x11-server prior to 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 9.0
Debian Debian Linux 8.0
X.org Xorg-server
668
VMScore
CVE-2017-12179
xorg-x11-server prior to 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 9.0
Debian Debian Linux 8.0
X.org Xorg-server
668
VMScore
CVE-2017-12180
xorg-x11-server prior to 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
X.org Xorg-server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »