Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x.org xorg-server vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Debian Debian Linux
Redhat Fedora 10
Ubuntu Linux
Branden Robinson Xvfb-run 1.6.1
383
VMScore
CVE-2014-8091
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) prior to 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote malicious users to cause a denial of ser...
X.org Xorg-server
X.org X11 5.0
383
VMScore
CVE-2007-4730
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server prior to 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
X.org Xorg-server 1.02
X.org Xorg-server 1.3
X.org Xorg-server 1.2
X.org Xorg-server 1.01
X.org Xorg-server 1.1
356
VMScore
CVE-2017-10972
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server prior to 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
X.org Xorg-server
338
VMScore
CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont prior to 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
Mandrakesoft Mandrake Multi Network Firewall 2.0
X.org Libxfont 1.2.2
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux Desktop 3.0
Redhat Linux Advanced Workstation 2.1
Redhat Enterprise Linux 3.0
Redhat Fedora Core Core 1.0
Redhat Linux 9.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 4.0
Slackware Slackware Linux 9.0
Slackware Slackware Linux 9.1
Slackware Slackware Linux Current
Turbolinux Turbolinux Desktop 10.0
Ubuntu Ubuntu Linux 6.10
Ubuntu Ubuntu Linux 4.1
Ubuntu Ubuntu Linux 5.10
Ubuntu Ubuntu Linux 6.06 Lts
Rpath Linux 1
Openbsd Openbsd 3.9
Openbsd Openbsd 4.0
320
VMScore
CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x prior to 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Opensuse Opensuse 13.2
X.org Xorg-server 1.16.4
X.org Xorg-server 1.17.1
X.org Xorg-server 1.16.0
X.org Xorg-server 1.16.99.902
X.org Xorg-server 1.16.1
X.org Xorg-server 1.16.1.901
X.org Xorg-server 1.16.2.901
X.org Xorg-server 1.16.3
X.org Xorg-server 1.16.99.901
X.org Xorg-server 1.16.2
X.org Xorg-server 1.17.0
320
VMScore
CVE-2010-4819
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and previous versions allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization...
X X.org-xserver 1.7
X X.org-xserver
X X.org-xserver 1.7.6.902
X X.org-xserver 1.7.7
195
VMScore
CVE-2011-4029
The LockServer function in os/utils.c in X.Org xserver prior to 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
X.org X Server 1.11.0
X.org X Server
1 EDB exploit
1 Github repository
187
VMScore
CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
X.org Xorg-server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
169
VMScore
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »