Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x.org xorg-server vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Debian Debian Linux
Redhat Fedora 10
Ubuntu Linux
Branden Robinson Xvfb-run 1.6.1
4.3
CVSSv2
CVE-2014-8091
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) prior to 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote malicious users to cause a denial of ser...
X.org Xorg-server
X.org X11 5.0
4.3
CVSSv2
CVE-2007-4730
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server prior to 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
X.org Xorg-server 1.02
X.org Xorg-server 1.3
X.org Xorg-server 1.2
X.org Xorg-server 1.01
X.org Xorg-server 1.1
4
CVSSv2
CVE-2017-10972
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server prior to 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
X.org Xorg-server
3.8
CVSSv2
CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont prior to 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
Mandrakesoft Mandrake Multi Network Firewall 2.0
X.org Libxfont 1.2.2
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux Desktop 3.0
Redhat Linux Advanced Workstation 2.1
Redhat Enterprise Linux 3.0
Redhat Fedora Core Core 1.0
Redhat Linux 9.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 4.0
Slackware Slackware Linux 9.0
Slackware Slackware Linux 9.1
Slackware Slackware Linux Current
Turbolinux Turbolinux Desktop 10.0
Ubuntu Ubuntu Linux 6.10
Ubuntu Ubuntu Linux 4.1
Ubuntu Ubuntu Linux 5.10
Ubuntu Ubuntu Linux 6.06 Lts
Rpath Linux 1
Openbsd Openbsd 3.9
Openbsd Openbsd 4.0
3.6
CVSSv2
CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x prior to 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Opensuse Opensuse 13.2
X.org Xorg-server 1.16.4
X.org Xorg-server 1.17.1
X.org Xorg-server 1.16.0
X.org Xorg-server 1.16.99.902
X.org Xorg-server 1.16.1
X.org Xorg-server 1.16.1.901
X.org Xorg-server 1.16.2.901
X.org Xorg-server 1.16.3
X.org Xorg-server 1.16.99.901
X.org Xorg-server 1.16.2
X.org Xorg-server 1.17.0
3.6
CVSSv2
CVE-2010-4819
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and previous versions allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization...
X X.org-xserver 1.7
X X.org-xserver
X X.org-xserver 1.7.6.902
X X.org-xserver 1.7.7
2.1
CVSSv2
CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
X.org Xorg-server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
1.9
CVSSv2
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
1.9
CVSSv2
CVE-2017-13721
In X.Org Server (aka xserver and xorg-server) prior to 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
X.org Xorg-server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »