Filtered by vendor X.org
Subscriptions
Filtered by product X Server
Subscriptions
Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14346 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, X Server | 2025-08-29 | 7.8 High |
| A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2017-10971 | 1 X.org | 1 X Server | 2025-08-29 | N/A |
| In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | ||||
| CVE-2018-14665 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more | 2025-08-29 | N/A |
| A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. | ||||
| CVE-2017-12184 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12177 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12178 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12181 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12183 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2014-8095 | 3 Debian, Redhat, X.org | 4 Debian Linux, Enterprise Linux, X11 and 1 more | 2025-08-29 | N/A |
| The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. | ||||
| CVE-2015-3418 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2025-08-29 | N/A |
| The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. | ||||
| CVE-2017-12182 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12176 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12179 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12185 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12186 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-13721 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | ||||
| CVE-2020-14361 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, X Server | 2025-08-29 | 7.8 High |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-14362 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, X Server | 2025-08-29 | 7.8 High |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2017-12187 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2022-49737 | 1 X.org | 1 X Server | 2025-07-12 | 7.7 High |
| In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. | ||||