Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x.org x server - vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root...
X.org Xwayland
X.org X Server
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 11.0
Debian Debian Linux 12.0
7.1
CVSSv3
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont up to and including 1.5.2 and 2.x prior to 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash o...
X.org Libxfont 2.0.0
X.org Libxfont 2.0.1
X.org Libxfont
NA
CVE-2007-5958
X.Org Xserver prior to 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
X.org Xserver
1 EDB exploit
NA
CVE-2012-2118
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows malicious users to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
X.org X11 1.11
NA
CVE-2006-0197
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and previous versions, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-b...
X.org X.org
NA
CVE-2011-4613
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Canonical Ubuntu Linux 11.10
Debian Debian Linux
Ubuntu Linux
X.org X Server -
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.04
1 EDB exploit
9.8
CVSSv3
CVE-2017-12181
xorg-x11-server prior to 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
X.org Xorg-server
9.8
CVSSv3
CVE-2017-12186
xorg-x11-server prior to 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
X.org Xorg-server
7.8
CVSSv3
CVE-2017-13723
In X.Org Server (aka xserver and xorg-server) prior to 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkb...
X.org Xorg-server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-12180
xorg-x11-server prior to 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
X.org Xorg-server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »