Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x.org x server vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root...
X.org Xwayland
X.org X Server
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2007-5958
X.Org Xserver prior to 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
X.org Xserver
1 EDB exploit
7.1
CVSSv3
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont up to and including 1.5.2 and 2.x prior to 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash o...
X.org Libxfont 2.0.0
X.org Libxfont 2.0.1
X.org Libxfont
NA
CVE-2012-2118
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows malicious users to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
X.org X11 1.11
NA
CVE-2006-0197
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and previous versions, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-b...
X.org X.org
NA
CVE-2011-4613
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Canonical Ubuntu Linux 11.10
Debian Debian Linux
Ubuntu Linux
X.org X Server -
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.04
1 EDB exploit
9.8
CVSSv3
CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular num...
X.org Xwayland
X.org Xorg-server
Fedoraproject Fedora 39
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Debian Debian Linux 10.0
4.7
CVSSv3
CVE-2017-13721
In X.Org Server (aka xserver and xorg-server) prior to 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
X.org Xorg-server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2017-13723
In X.Org Server (aka xserver and xorg-server) prior to 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkb...
X.org Xorg-server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-12177
xorg-x11-server prior to 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
X.org Xorg-server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »