Vulnerabilities > X ORG

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2625 Insufficient Entropy vulnerability in multiple products
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat CWE-331
5.5
5.5
2018-07-27 CVE-2017-2624 Information Exposure vulnerability in multiple products
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. 		1.9
1.9
2018-01-24 CVE-2017-12187 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5
2018-01-24 CVE-2017-12186 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5
2018-01-24 CVE-2017-12185 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5
2018-01-24 CVE-2017-12184 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5
2018-01-24 CVE-2017-12183 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5
2018-01-24 CVE-2017-12182 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5
2018-01-24 CVE-2017-12181 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5
2018-01-24 CVE-2017-12180 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
7.5