An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 7.1_1.1.0 |
Race condition in xterm allows local users to modify arbitrary files via the logging option.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 5.0 |
| x.org | x11 | * |
| x.org | xterm | * |
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11r6 | 6.7.0 |
| xfree86_project | xdm | cvs |
| gentoo | linux | 1.4 |
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11r6 | 6.7.0 |
| xfree86_project | x11r6 | 4.2.1 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.1 |
| xfree86_project | x11r6 | 4.1.11 |
| xfree86_project | x11r6 | 4.1.0 |
| openbsd | openbsd | 3.4 |
| suse | suse_linux | 8.2 |
| xfree86_project | x11r6 | 4.1.12 |
| xfree86_project | x11r6 | 4.0 |
| xfree86_project | x11r6 | 4.2.0 |
| xfree86_project | x11r6 | 3.3.6 |
| openbsd | openbsd | 3.5 |
| xfree86_project | x11r6 | 4.0.3 |
| x.org | x11r6 | 6.8 |
| xfree86_project | x11r6 | 4.0.2.11 |
| xfree86_project | x11r6 | 4.0.1 |
| xfree86_project | x11r6 | 4.3.0 |
| suse | suse_linux | 8 |
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11r6 | 6.7.0 |
| xfree86_project | x11r6 | 4.2.1 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.1 |
| xfree86_project | x11r6 | 4.1.11 |
| xfree86_project | x11r6 | 4.1.0 |
| openbsd | openbsd | 3.4 |
| suse | suse_linux | 8.2 |
| xfree86_project | x11r6 | 4.1.12 |
| xfree86_project | x11r6 | 4.0 |
| xfree86_project | x11r6 | 4.2.0 |
| xfree86_project | x11r6 | 3.3.6 |
| openbsd | openbsd | 3.5 |
| xfree86_project | x11r6 | 4.0.3 |
| x.org | x11r6 | 6.8 |
| xfree86_project | x11r6 | 4.0.2.11 |
| xfree86_project | x11r6 | 4.0.1 |
| xfree86_project | x11r6 | 4.3.0 |
| suse | suse_linux | 8 |
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 9.0 |
| lesstif | lesstif | 0.93.36 |
| xfree86_project | x11r6 | 3.3 |
| xfree86_project | x11r6 | 4.1.11 |
| lesstif | lesstif | 0.93.91 |
| xfree86_project | x11r6 | 3.3.3 |
| suse | suse_linux | 8.2 |
| xfree86_project | x11r6 | 4.0 |
| redhat | fedora_core | core_3.0 |
| lesstif | lesstif | 0.93.40 |
| xfree86_project | x11r6 | 3.3.4 |
| lesstif | lesstif | 0.93.94 |
| suse | suse_linux | 1.0 |
| suse | suse_linux | 9.2 |
| lesstif | lesstif | 0.93 |
| xfree86_project | x11r6 | 4.0.1 |
| x.org | x11r6 | 6.8.1 |
| xfree86_project | x11r6 | 4.3.0 |
| suse | suse_linux | 8 |
| lesstif | lesstif | 0.93.34 |
| x.org | x11r6 | 6.7.0 |
| xfree86_project | x11r6 | 4.2.1 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.1 |
| lesstif | lesstif | 0.93.12 |
| xfree86_project | x11r6 | 4.1.0 |
| lesstif | lesstif | 0.93.18 |
| xfree86_project | x11r6 | 4.1.12 |
| redhat | fedora_core | core_2.0 |
| xfree86_project | x11r6 | 4.2.0 |
| xfree86_project | x11r6 | 3.3.2 |
| xfree86_project | x11r6 | 3.3.6 |
| xfree86_project | x11r6 | 3.3.5 |
| xfree86_project | x11r6 | 4.0.3 |
| lesstif | lesstif | 0.93.96 |
| x.org | x11r6 | 6.8 |
| xfree86_project | x11r6 | 4.0.2.11 |
| gentoo | linux | * |
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 7.1 |
| suse | suse_linux | 9.0 |
| xfree86_project | x11r6 | 3.3 |
| xfree86_project | x11r6 | 3.3.3 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 8.0 |
| xfree86_project | x11r6 | 4.3.0.2 |
| xfree86_project | x11r6 | 4.0 |
| suse | suse_linux | 7.3 |
| redhat | enterprise_linux | 3.0 |
| redhat | fedora_core | core_3.0 |
| xfree86_project | x11r6 | 3.3.4 |
| lesstif | lesstif | 0.93.94 |
| redhat | enterprise_linux_desktop | 4.0 |
| xfree86_project | x11r6 | 4.0.1 |
| xfree86_project | x11r6 | 4.3.0 |
| x.org | x11r6 | 6.7.0 |
| redhat | enterprise_linux | 4.0 |
| xfree86_project | x11r6 | 4.2.1 |
| suse | suse_linux | 6.4 |
| xfree86_project | x11r6 | 4.1.0 |
| xfree86_project | x11r6 | 4.1.12 |
| xfree86_project | x11r6 | 3.3.6 |
| xfree86_project | x11r6 | 3.3.5 |
| xfree86_project | x11r6 | 4.0.3 |
| suse | suse_linux | 6.1 |
| redhat | enterprise_linux_desktop | 3.0 |
| xfree86_project | x11r6 | 4.3.0.1 |
| xfree86_project | x11r6 | 4.1.11 |
| mandrakesoft | mandrake_linux | 10.1 |
| suse | suse_linux | 6.3 |
| suse | suse_linux | 7.2 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| suse | suse_linux | 9.2 |
| x.org | x11r6 | 6.8.1 |
| altlinux | alt_linux | 2.3 |
| sgi | propack | 3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| redhat | fedora_core | core_2.0 |
| xfree86_project | x11r6 | 4.2.0 |
| xfree86_project | x11r6 | 3.3.2 |
| mandrakesoft | mandrake_linux | 10.2 |
| suse | suse_linux | 6.2 |
| x.org | x11r6 | 6.8 |
| xfree86_project | x11r6 | 4.0.2.11 |
| suse | suse_linux | 7.0 |
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x.org | * |
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11r7 | 1.0.1 |
| x.org | x11r7 | 1.0 |
| mandrakesoft | mandrake_linux | 2006 |
| redhat | fedora_core | core_5.0 |
| sun | solaris | 10.0 |
| x.org | x11r6 | 6.9 |
| suse | suse_linux | 10.0 |
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11r6 | 6.7.0 |
| x.org | x11r6 | 6.8 |
| x.org | x11r6 | 6.9 |
| x.org | x11r6 | 6.8.1 |
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libx11 | 1.0.3 |
| x.org | libx11 | 1.0.2 |
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.1 |
| canonical | ubuntu_linux | 7.04 |
| canonical | ubuntu_linux | 6.06 |
| debian | debian_linux | 4.0 |
| x.org | libx11 | * |
| canonical | ubuntu_linux | 6.10 |
Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_font_server | 1.0.2 |
| x.org | x_font_server | 1.0.4 |
| x.org | x_font_server | 1.0.1 |
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.11.0 |
| x.org | x_server | * |
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.11.0 |
| x.org | x_server | * |
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 1.11 |
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libxi | 1.6.99.1 |
| x.org | libxi | 1.7 |
| x.org | libxi | 1.5.0 |
| x.org | libxi | 1.6.2 |
| x.org | libxi | 1.5.99.2 |
| x.org | libxi | 1.6.0 |
| x.org | libxi | 1.6.1 |
| x.org | libxi | * |
| x.org | libxi | 1.5.99.3 |
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libxi | 1.6.99.1 |
| x.org | libxi | 1.7 |
| x.org | libxi | 1.5.0 |
| x.org | libxi | 1.6.2 |
| x.org | libxi | 1.5.99.2 |
| x.org | libxi | 1.6.0 |
| x.org | libxi | 1.6.1 |
| x.org | libxi | * |
| x.org | libxi | 1.5.99.3 |
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libxi | 1.6.99.1 |
| x.org | libxi | 1.7 |
| x.org | libxi | 1.5.0 |
| x.org | libxi | 1.6.2 |
| x.org | libxi | 1.5.99.2 |
| x.org | libxi | 1.6.0 |
| x.org | libxi | 1.6.1 |
| x.org | libxi | * |
| x.org | libxi | 1.5.99.3 |
Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x | libxv | 1.0.5 |
| x.org | libxv | 1.0.5 |
| x | libxv | 1.0.2 |
| x | libxv | 1.0.3 |
| x.org | libxv | 1.0.2 |
| x | libxv | * |
| x.org | libxv | 1.0.7 |
| x | libxv | 1.0.4 |
| x.org | libxv | 1.0.4 |
| x.org | libxv | 1.0.6 |
| x | libxv | 1.0.6 |
| x.org | libxv | 1.0.3 |
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libx11 | 1.5.0 |
| x.org | libx11 | 1.4.99.902 |
| x.org | x11 | 6.1 |
| x.org | libx11 | 1.4.3 |
| x.org | libx11 | 1.0.2 |
| x.org | libx11 | 1.1.99.1 |
| x.org | libx11 | 1.3.1 |
| x.org | libx11 | 1.3.4 |
| x.org | libx11 | 1.3.99.903 |
| x.org | x11 | 6.4 |
| x.org | libx11 | 1.1.4 |
| x.org | libx11 | 1.3.6 |
| canonical | ubuntu_linux | 14.04 |
| x.org | libx11 | 1.2 |
| x.org | libx11 | 1.2.1 |
| x.org | libx11 | 1.1.5 |
| x.org | libx11 | 1.5.99.902 |
| x.org | x11 | 6.0 |
| x.org | x11 | 6.8.1 |
| x.org | libx11 | 1.0.1 |
| x.org | libx11 | 1.4.0 |
| x.org | libx11 | 1.3.5 |
| x.org | libx11 | 1.1 |
| x.org | libx11 | 1.3.99.902 |
| x.org | x11 | 6.8.2 |
| x.org | libx11 | 1.3.2 |
| x.org | x11 | 6.6 |
| x.org | libx11 | 1.4.1 |
| canonical | ubuntu_linux | 14.10 |
| x.org | libx11 | 1.3 |
| x.org | libx11 | 1.4.99.901 |
| x.org | x11 | 6.3 |
| x.org | libx11 | 1.3.99.901 |
| x.org | libx11 | 1.3.3 |
| x.org | x11 | 6.8.0 |
| x.org | x11 | 6.7 |
| x.org | libx11 | 1.1.99.2 |
| x.org | libx11 | 1.4.2 |
| x.org | libx11 | 1.0.3 |
| x.org | x11 | 6.5.1 |
| x.org | libx11 | 1.4.4 |
| x.org | libx11 | 1.2.2 |
| x.org | libx11 | 1.5.99.901 |
| x.org | x11 | 6.9 |
| x.org | libx11 | 1.1.6 |
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 7.0 |
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 5.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xorg-server | * |
| x.org | x_server | * |
| x.org | x11 | 1.0 |
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 6.7 |
| x.org | xfree86 | 4.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.10.1 |
| x.org | xorg-server | 1.15.99.902 |
| x.org | xorg-server | 1.9.3.902 |
| x.org | xorg-server | 1.7.4.901 |
| x.org | xorg-server | 1.12.1.902 |
| x.org | xorg-server | 1.7.99.2 |
| x.org | x_server | 1.14.2 |
| x.org | xorg-server | 1.15.1 |
| x.org | x_server | 1.8.2.902 |
| x.org | xorg-server | 1.7.3.902 |
| x.org | x_server | 1.10.2.902 |
| x.org | x_server | 1.13.2.901 |
| x.org | xorg-server | 1.10.0.902 |
| x.org | xorg-server | 1.15.99.903 |
| x.org | x_server | 1.13.0.901 |
| x.org | x_server | 1.14.99.902 |
| x.org | x_server | 1.10.2.901 |
| x.org | x_server | 1.11.2.902 |
| x.org | xorg-server | 1.15.0 |
| x.org | x_server | 1.7.99.901 |
| x.org | x_server | 1.12.4 |
| x.org | xorg-server | 1.14.2 |
| x.org | x_server | 1.7.7 |
| x.org | xorg-server | 1.7.99.1 |
| x.org | x_server | 1.12.2 |
| x.org | xorg-server | 1.14.99.901 |
| x.org | x_server | 1.15.1 |
| x.org | xorg-server | 1.16.2.901 |
| x.org | xorg-server | 1.8.99.901 |
| x.org | x_server | 1.9.0.902 |
| x.org | x_server | 1.14.99.905 |
| x.org | xorg-server | 1.9.1 |
| x.org | x_server | 1.9.99.901 |
| x.org | xorg-server | 1.13.1.901 |
| x.org | xorg-server | 1.11.99.902 |
| x.org | xorg-server | 1.14.2.901 |
| x.org | x_server | 1.7.2.902 |
| x.org | xorg-server | 1.8.2.902 |
| x.org | x_server | 1.11.2 |
| x.org | x_server | 1.11.4 |
| x.org | xorg-server | 1.16.2.99.901 |
| x.org | x_server | 1.9.3.901 |
| x.org | x_server | 1.11.99.2 |
| x.org | x_server | 1.9.3.902 |
| x.org | x_server | 1.16.1.901 |
| x.org | xorg-server | 1.9.3.901 |
| x.org | x_server | 1.8.0 |
| x.org | x_server | 1.10.6 |
| x.org | x_server | 1.13.99.901 |
| x.org | x_server | 1.14.2.901 |
| x.org | x_server | 1.11.1.901 |
| x.org | x_server | 1.13.2.902 |
| x.org | xorg-server | 1.7.2.902 |
| x.org | xorg-server | 1.12.2.901 |
| x.org | xorg-server | 1.12.2.902 |
| x.org | x_server | 1.7.0 |
| x.org | x_server | 1.7.1.902 |
| x.org | xorg-server | 1.11.3 |
| x.org | xorg-server | 1.14.4 |
| x.org | xorg-server | 1.8.1.902 |
| x.org | xorg-server | 1.9.0 |
| x.org | xorg-server | 1.14.99.904 |
| x.org | xorg-server | 1.14.7 |
| x.org | xorg-server | 1.7.1.901 |
| x.org | xorg-server | 1.14.5 |
| x.org | xorg-server | 1.14.99.3 |
| x.org | x_server | 1.11.1.902 |
| x.org | x_server | 1.11.2.901 |
| x.org | x_server | 1.11.99.902 |
| x.org | x_server | 1.7.3.901 |
| x.org | xorg-server | 1.14.2.902 |
| x.org | x_server | 1.11.1 |
| x.org | x_server | 1.16.0 |
| x.org | xorg-server | 1.10.1 |
| x.org | xorg-server | 1.15.99.904 |
| x.org | xorg-server | 1.7.6.902 |
| x.org | xorg-server | 1.9.4.901 |
| x.org | xorg-server | 1.10.2.902 |
| x.org | x_server | 1.8.99.903 |
| x.org | xorg-server | 1.8.1 |
| x.org | xorg-server | 1.7.2.901 |
| x.org | x_server | 1.14.1.901 |
| x.org | xorg-server | 1.10.1.902 |
| x.org | x_server | 1.16.2 |
| x.org | x_server | 1.7.5.902 |
| x.org | xorg-server | 1.7.2 |
| oracle | solaris | 10 |
| x.org | xorg-server | 1.13.0.901 |
| x.org | xorg-server | 1.7.99.901 |
| x.org | x_server | 1.9.99.902 |
| x.org | x_server | 1.11.99.901 |
| x.org | xorg-server | 1.8.2 |
| x.org | x_server | 1.10.4 |
| x.org | x_server | 1.14.2.902 |
| x.org | x_server | 1.9.4.901 |
| x.org | x_server | 1.13.1.901 |
| x.org | x_server | 1.9.1 |
| x.org | x_server | 1.9.3 |
| x.org | xorg-server | 1.7.4 |
| x.org | xorg-server | 1.16.1.901 |
| x.org | x_server | 1.12.99.901 |
| x.org | xorg-server | 1.9.99.903 |
| x.org | xorg-server | 1.11.2.901 |
| x.org | xorg-server | 1.9.5 |
| x.org | xorg-server | 1.14.1.902 |
| x.org | xorg-server | 1.12.99.905 |
| x.org | x_server | 1.8.2 |
| x.org | x_server | 1.11.0 |
| x.org | xorg-server | 1.11.1.901 |
| x.org | xorg-server | 1.14.5.901 |
| x.org | x_server | 1.7.4 |
| x.org | x_server | 1.7.3 |
| x.org | x_server | 1.14.99.901 |
| x.org | x_server | 1.11.99.1 |
| x.org | x_server | 1.12.3 |
| x.org | x_server | 1.12.99.902 |
| x.org | xorg-server | 1.13.1 |
| x.org | x_server | 1.16.2.901 |
| x.org | x_server | 1.9.0 |
| x.org | x_server | 1.13.0 |
| x.org | x_server | 1.9.0.901 |
| x.org | x_server | 1.10.2 |
| x.org | x_server | 1.8.1.901 |
| x.org | xorg-server | 1.10.3 |
| x.org | xorg-server | 1.14.99.2 |
| x.org | xorg-server | 1.11.0 |
| x.org | x_server | 1.10.0.902 |
| x.org | xorg-server | 1.11.3.902 |
| x.org | x_server | 1.13.1 |
| x.org | xorg-server | 1.12.0.902 |
| x.org | xorg-server | 1.12.99.901 |
| x.org | x_server | 1.13.2 |
| x.org | x_server | 1.14.99.903 |
| x.org | xorg-server | 1.7.5.901 |
| x.org | x_server | 1.7.3.902 |
| x.org | xorg-server | 1.14.4.901 |
| x.org | x_server | 1.8.99.901 |
| x.org | x_server | 1.9.2.901 |
| x.org | x_server | 1.14.99.3 |
| x.org | xorg-server | 1.9.0.902 |
| x.org | xorg-server | 1.10.99.902 |
| x.org | xorg-server | 1.7.7 |
| x.org | x_server | 1.7.0.902 |
| x.org | x_server | 1.14.5.901 |
| x.org | x_server | 1.14.6 |
| x.org | x_server | 1.15.99.901 |
| x.org | xorg-server | 1.8.0.902 |
| x.org | x_server | 1.14.99.1 |
| x.org | xorg-server | 1.9.4 |
| x.org | xorg-server | 1.12.99.904 |
| x.org | xorg-server | 1.7.5.902 |
| x.org | x_server | 1.15.99.902 |
| x.org | xorg-server | 1.14.99.1 |
| x.org | x_server | 1.10.99.902 |
| x.org | x_server | 1.9.5 |
| x.org | x_server | 1.15.99.904 |
| x.org | xorg-server | 1.10.2.901 |
| oracle | solaris | 11.2 |
| x.org | x_server | 1.7.99.902 |
| x.org | xorg-server | 1.7.1.902 |
| x.org | xorg-server | 1.16.1 |
| x.org | xorg-server | 1.12.2 |
| x.org | xorg-server | 1.8.1.901 |
| x.org | xorg-server | 1.16.0.901 |
| x.org | xorg-server | 1.12.3.901 |
| x.org | x_server | 1.12.2.901 |
| x.org | xorg-server | 1.9.2.901 |
| x.org | xorg-server | 1.8.99.904 |
| x.org | x_server | 1.14.7 |
| x.org | xorg-server | 1.8.99.902 |
| x.org | x_server | 1.15.0 |
| x.org | xorg-server | 1.7.6.901 |
| x.org | xorg-server | 1.14.99.905 |
| x.org | xorg-server | 1.7.6 |
| x.org | xorg-server | 1.8.2.901 |
| x.org | x_server | 1.7.6.902 |
| x.org | x_server | 1.7.99.1 |
| x.org | xorg-server | 1.11.1.902 |
| x.org | xorg-server | 1.14.1.901 |
| x.org | x_server | 1.8.2.901 |
| x.org | xorg-server | 1.11.2 |
| x.org | x_server | 1.12.99.903 |
| x.org | x_server | 1.8.0.901 |
| x.org | xorg-server | 1.13.2 |
| x.org | xorg-server | 1.11.2.902 |
| x.org | x_server | 1.15.99.903 |
| x.org | x_server | 1.16.2.99.901 |
| x.org | xorg-server | 1.15.0.901 |
| x.org | xorg-server | 1.11.4 |
| x.org | xorg-server | 1.11.99.2 |
| x.org | xorg-server | 1.12.3.902 |
| x.org | x_server | 1.8.1 |
| x.org | x_server | 1.8.99.904 |
| x.org | x_server | 1.10.0.901 |
| x.org | x_server | 1.12.0.901 |
| x.org | xorg-server | 1.11.3.901 |
| x.org | x_server | 1.9.4 |
| x.org | xorg-server | 1.10.4 |
| x.org | xorg-server | 1.14.99.903 |
| x.org | xorg-server | 1.7.3 |
| x.org | xorg-server | 1.14.6 |
| x.org | x_server | 1.7.99.2 |
| x.org | x_server | 1.9.99.903 |
| x.org | xorg-server | 1.10.99.901 |
| x.org | xorg-server | 1.14.3 |
| x.org | x_server | 1.14.3 |
| x.org | xorg-server | 1.8.0 |
| x.org | xorg-server | 1.12.99.902 |
| x.org | x_server | 1.11.3.901 |
| x.org | xorg-server | 1.12.0 |
| x.org | xorg-server | 1.13.0.902 |
| x.org | xorg-server | 1.13.4 |
| x.org | xorg-server | 1.13.99.901 |
| x.org | xorg-server | 1.14.3.901 |
| x.org | xorg-server | 1.16.0 |
| x.org | xorg-server | 1.10.3.902 |
| x.org | x_server | 1.12.3.901 |
| x.org | x_server | 1.10.0 |
| x.org | x_server | 1.9.2.902 |
| x.org | xorg-server | 1.11.1 |
| x.org | x_server | 1.16.0.901 |
| x.org | xorg-server | 1.8.0.901 |
| x.org | x_server | 1.8.99.902 |
| x.org | x_server | 1.15.2 |
| x.org | xorg-server | 1.7.0 |
| x.org | x_server | 1.8.99.905 |
| x.org | x_server | 1.14.5 |
| x.org | x_server | 1.7.5.901 |
| x.org | xorg-server | 1.10.2 |
| x.org | xorg-server | 1.7.4.902 |
| x.org | x_server | 1.9.2 |
| x.org | xorg-server | 1.16.2 |
| x.org | x_server | 1.11.3.902 |
| x.org | x_server | 1.16.1 |
| x.org | xorg-server | 1.9.2 |
| x.org | xorg-server | 1.12.0.901 |
| x.org | xorg-server | 1.13.99.902 |
| x.org | xorg-server | 1.10.0 |
| x.org | xorg-server | 1.10.3.901 |
| x.org | xorg-server | 1.12.3 |
| x.org | xorg-server | 1.7.99.902 |
| x.org | x_server | 1.7.1.901 |
| x.org | xorg-server | 1.11.99.903 |
| x.org | xorg-server | 1.13.3 |
| x.org | x_server | 1.12.0 |
| x.org | xorg-server | 1.8.99.905 |
| x.org | xorg-server | 1.9.99.901 |
| x.org | x_server | 1.12.3.902 |
| x.org | x_server | 1.7.6.901 |
| x.org | x_server | 1.11.99.903 |
| x.org | xorg-server | 1.10.1.901 |
| x.org | x_server | 1.8.1.902 |
| x.org | x_server | 1.7.4.902 |
| x.org | x_server | 1.13.3 |
| x.org | xorg-server | 1.12.4 |
| x.org | x_server | 1.14.4.901 |
| x.org | xorg-server | 1.8.99.903 |
| x.org | x_server | 1.12.0.902 |
| x.org | xorg-server | 1.14.99.902 |
| x.org | xorg-server | 1.9.0.901 |
| x.org | x_server | 1.10.3 |
| x.org | xorg-server | 1.7.3.901 |
| x.org | x_server | 1.12.2.902 |
| x.org | x_server | 1.10.1.901 |
| x.org | x_server | 1.7.2 |
| x.org | x_server | 1.12.99.904 |
| x.org | xorg-server | 1.15.2 |
| x.org | x_server | 1.11.3 |
| x.org | xorg-server | 1.9.2.902 |
| debian | debian_linux | 7.0 |
| x.org | xorg-server | 1.7.0.901 |
| x.org | x_server | 1.12.1.902 |
| x.org | x_server | 1.12.1.901 |
| x.org | x_server | 1.12.99.905 |
| x.org | xorg-server | 1.9.3 |
| x.org | x_server | 1.13.0.902 |
| x.org | x_server | 1.13.99.902 |
| x.org | xorg-server | 1.14.0 |
| x.org | xorg-server | 1.14.1 |
| x.org | x_server | 1.8.0.902 |
| x.org | x_server | 1.13.4 |
| x.org | xorg-server | 1.10.6 |
| x.org | x_server | 1.14.99.904 |
| x.org | x_server | 1.14.1 |
| x.org | x_server | 1.7.0.901 |
| x.org | xorg-server | 1.13.2.902 |
| x.org | x_server | 1.7.4.901 |
| x.org | x_server | 1.15.0.901 |
| x.org | x_server | 1.14.4 |
| x.org | x_server | 1.14.3.901 |
| x.org | x_server | 1.7.2.901 |
| x.org | x_server | 1.14.0 |
| x.org | xorg-server | 1.11.99.1 |
| x.org | xorg-server | 1.13.2.901 |
| x.org | x_server | 1.10.99.901 |
| x.org | x_server | 1.7.1 |
| x.org | xorg-server | 1.13.0 |
| x.org | xorg-server | 1.12.99.903 |
| x.org | xorg-server | 1.15.99.901 |
| x.org | x_server | 1.14.99.2 |
| x.org | xorg-server | 1.10.0.901 |
| x.org | xorg-server | 1.11.99.901 |
| x.org | xorg-server | 1.7.0.902 |
| x.org | x_server | 1.7.5 |
| x.org | x_server | 1.10.3.902 |
| x.org | x_server | 1.14.1.902 |
| x.org | xorg-server | 1.7.5 |
| x.org | xorg-server | 1.7.1 |
| x.org | xorg-server | 1.9.99.902 |
| x.org | x_server | 1.7.6 |
| x.org | xorg-server | 1.12.1.901 |
| x.org | x_server | 1.10.1.902 |
| x.org | x_server | 1.10.3.901 |
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 4.0 |
| debian | debian_linux | 7.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.1 |
| x.org | x11 | 6.0 |
| debian | debian_linux | 8.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 6.1 |
| x.org | xorg-server | * |
| x.org | x_server | * |
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 6.7 |
| debian | debian_linux | 7.0 |
| x.org | xfree86 | 4.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 6.7 |
| x.org | xfree86 | 4.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 6.7 |
| x.org | xfree86 | 4.0.1 |
| x.org | xorg-server | * |
| x.org | x_server | * |
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 6.7 |
| x.org | xfree86 | 4.2.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11 | 6.8 |
| debian | debian_linux | 7.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xorg-server | 1.15.99.902 |
| x.org | xorg-server | 1.16.2 |
| x.org | xorg-server | 1.16.1 |
| x.org | xorg-server | 1.16.2.99.901 |
| x.org | x_server | 1.16.2 |
| x.org | x_server | 1.16.1 |
| x.org | xorg-server | 1.15.1 |
| x.org | xorg-server | 1.16.0.901 |
| x.org | x_server | 1.16.1.901 |
| x.org | xorg-server | 1.15.99.903 |
| x.org | xorg-server | 1.16.1.901 |
| x.org | x_server | 1.15.0 |
| x.org | x_server | 1.15.0.901 |
| x.org | x_server | 1.15.99.901 |
| x.org | xorg-server | 1.15.0 |
| x.org | xorg-server | 1.16.0 |
| x.org | x_server | 1.15.99.902 |
| x.org | xorg-server | 1.15.99.901 |
| x.org | x_server | 1.15.1 |
| x.org | x_server | 1.16.2.901 |
| x.org | xorg-server | 1.16.2.901 |
| x.org | x_server | 1.15.99.903 |
| x.org | x_server | 1.16.0 |
| x.org | x_server | 1.16.0.901 |
| x.org | x_server | 1.16.2.99.901 |
| x.org | xorg-server | 1.15.99.904 |
| x.org | x_server | 1.15.99.904 |
| x.org | xorg-server | 1.15.0.901 |
| x.org | x_server | 1.15.2 |
| x.org | xorg-server | 1.15.2 |
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| opensuse | opensuse | 13.1 |
| x.org | xorg-server | 1.17.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
| x.org | x_server | 1.17.0 |
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| x.org | xorg-server | 1.16.2 |
| x.org | xorg-server | 1.16.1 |
| x.org | xorg-server | 1.16.3 |
| x.org | x_server | 1.16.2 |
| x.org | xorg-server | 1.16.0 |
| x.org | x_server | 1.16.1 |
| x.org | xorg-server | 1.17.1 |
| x.org | x_server | 1.16.1.901 |
| x.org | x_server | 1.16.3 |
| x.org | x_server | 1.16.2.901 |
| x.org | x_server | 1.17.0 |
| x.org | xorg-server | 1.16.2.901 |
| x.org | x_server | 1.16.0 |
| x.org | xorg-server | 1.16.4 |
| x.org | xorg-server | 1.16.1.901 |
| x.org | xorg-server | 1.16.99.901 |
| x.org | xorg-server | 1.16.99.902 |
| x.org | xorg-server | 1.17.0 |
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xorg-server | * |
| x.org | x_server | * |
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libxpm | * |
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| x.org | libxv | * |
| fedoraproject | fedora | 25 |
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 25 |
| x.org | libx11 | * |
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 25 |
| x.org | libx11 | * |
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| x.org | libxfixes | * |
| fedoraproject | fedora | 25 |
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| x.org | libxi | * |
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| x.org | libxi | * |
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| x.org | libxrandr | * |
| fedoraproject | fedora | 25 |
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| x.org | libxrandr | * |
| fedoraproject | fedora | 25 |
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| x.org | libxrender | * |
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| x.org | libxrender | * |
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| x.org | libxtst | * |
| fedoraproject | fedora | 25 |
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| x.org | libxvmc | * |
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xorg-server | * |
| x.org | x_server | * |
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-391,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libxfont | * |
| x.org | libxfont | 2.0.0 |
| x.org | libxfont | 2.0.1 |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
CVSS 2.0
Severity: LOW
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | libxfont | * |
| x.org | libxfont | 2.0.0 |
| x.org | libxfont | 2.0.1 |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
CVSS 2.0
Severity: LOW
Problem Type: CWE-385,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
CVSS 2.0
Severity: LOW
Problem Type: CWE-331,CWE-320,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux | 7.0 |
| x.org | libxdmcp | * |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server | 7.0 |
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 14.04 |
| x.org | libx11 | * |
| canonical | ubuntu_linux | 12.04 |
| fedoraproject | fedora | 28 |
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-193,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 14.04 |
| x.org | libx11 | * |
| canonical | ubuntu_linux | 12.04 |
| fedoraproject | fedora | 28 |
| redhat | enterprise_linux_server | 7.0 |
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 14.04 |
| x.org | libx11 | * |
| canonical | ubuntu_linux | 12.04 |
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| x.org | x_server | * |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| x.org | xorg-server | * |
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | * |
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 20.04 |
| fedoraproject | fedora | 31 |
| canonical | ubuntu_linux | 16.04 |
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.2 |
| canonical | ubuntu_linux | 14.04 |
| fedoraproject | fedora | 33 |
| x.org | libx11 | * |
| canonical | ubuntu_linux | 12.04 |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 14.04 |
| x.org | x_server | * |
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-191,CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux | 8.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVSS 2.0
Severity: LOW
Problem Type: CWE-665,CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 9.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | * |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-191,CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux | 8.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-191,CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux | 8.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-416,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| x.org | libx11 | * |
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | - |
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_window_system | * |
| fedoraproject | fedora | 33 |
| x.org | libx11 | * |
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 33 |
| redhat | enterprise_linux | 8.0 |
| debian | debian_linux | 9.0 |
| x.org | x_server | * |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 21.1.0 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 35 |
| debian | debian_linux | 9.0 |
| x.org | x_server | 21.1.1 |
| x.org | x_server | * |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 21.1.0 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 35 |
| debian | debian_linux | 9.0 |
| x.org | x_server | 21.1.1 |
| x.org | x_server | * |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 21.1.0 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 35 |
| x.org | x_server | 21.1.1 |
| x.org | x_server | * |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 21.1.0 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 34 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 35 |
| debian | debian_linux | 9.0 |
| x.org | x_server | 21.1.1 |
| x.org | x_server | * |
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 21.1.0 |
| x.org | xorg-server | 21.1.0 |
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 21.1.0 |
| x.org | xorg-server | 21.1.0 |
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
| x.org | x_server | * |
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
| x.org | x_server | * |
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | - |
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xorg-server | 1.20.4 |
| x.org | x_server | 1.20.4 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 36 |
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.20.4 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.20.4 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.20.4 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.20.4 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 1.20.4 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.4 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.2 |
| x.org | x_server | * |
| redhat | enterprise_linux | 8.1 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.2 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_for_power_big_endian | 7.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.1 |
| redhat | enterprise_linux_for_power_little_endian | 9.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_aus | 8.6 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.6 |
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 36 |
| redhat | enterprise_linux_server_workstation | 7.0 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| fedoraproject | fedora | 37 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_aus | 8.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 |
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 37 |
| x.org | xorg-server | 21.1.8 |
| fedoraproject | fedora | 36 |
| x.org | xorg-server | * |
| x.org | x_server | * |
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| x.org | libx11 | * |
| redhat | enterprise_linux | 8.0 |
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| redhat | enterprise_linux | 9.0 |
| x.org | libx11 | * |
| redhat | enterprise_linux | 8.0 |
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| redhat | enterprise_linux | 9.0 |
| x.org | libx11 | * |
| redhat | enterprise_linux | 8.0 |
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| redhat | enterprise_linux | 9.0 |
| x.org | libx11 | * |
| redhat | enterprise_linux | 8.0 |
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 39 |
| fedoraproject | fedora | 37 |
| x.org | libxpm | * |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_for_power_little_endian | 7.0_ppc64le |
| x.org | x_server | * |
| fedoraproject | fedora | 38 |
| debian | debian_linux | 12.0 |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| redhat | enterprise_linux_workstation | 7.0 |
| fedoraproject | fedora | 39 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server | 7.0 |
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 38 |
| debian | debian_linux | 12.0 |
| fedoraproject | fedora | 39 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 37 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| x.org | x_server | * |
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 12.0 |
| tigervnc | tigervnc | - |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| x.org | xwayland | * |
| x.org | x_server | * |
| redhat | enterprise_linux_eus | 9.2 |
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| secalert@redhat.com | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 12.0 |
| tigervnc | tigervnc | - |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| x.org | xwayland | * |
| x.org | x_server | * |
| redhat | enterprise_linux_eus | 9.2 |
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| fedoraproject | fedora | 39 |
| x.org | xwayland | * |
| redhat | enterprise_linux_server | 7.0 |
| x.org | xorg-server | * |
| x.org | x_server | * |
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_eus | 8.8 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux_tus | 8.2 |
| x.org | x_server | * |
| redhat | enterprise_linux_aus | 8.2 |
| fedoraproject | fedora | 39 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.2 |
| redhat | enterprise_linux_eus | 8.6 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_aus | 8.4 |
| redhat | enterprise_linux_tus | 8.4 |
| redhat | enterprise_linux_eus | 9.2 |
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| x.org | x_server | * |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_for_power_big_endian | 7.0 |
| fedoraproject | fedora | 39 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server | 7.0 |
| x.org | xorg-server | * |
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| x.org | x_server | * |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_for_power_big_endian | 7.0 |
| fedoraproject | fedora | 39 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server | 7.0 |
| x.org | xorg-server | * |
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xwayland | - |
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | x_server | - |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | xwayland | - |
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | x_server | - |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tigervnc | tigervnc | - |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| x.org | xwayland | * |
| redhat | enterprise_linux | 8.0 |
| x.org | x_server | * |