Vulnerabilities > X ORG

DATE CVE VULNERABILITY TITLE RISK
2018-01-24 CVE-2017-12180 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2018-01-24 CVE-2017-12179 Integer Overflow or Wraparound vulnerability in multiple products
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-190
critical
9.8
2018-01-24 CVE-2017-12178 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2018-01-24 CVE-2017-12177 Integer Overflow or Wraparound vulnerability in multiple products
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-190
critical
9.8
2018-01-24 CVE-2017-12176 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2017-10-11 CVE-2017-13722 Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.
local
low complexity
x-org CWE-125
7.1
2017-10-11 CVE-2017-13720 Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service).
local
low complexity
x-org CWE-125
7.1
2017-10-10 CVE-2017-13723 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
local
low complexity
x-org debian CWE-119
7.8
2017-10-10 CVE-2017-13721 Improper Privilege Management vulnerability in multiple products
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
local
high complexity
x-org debian CWE-269
4.7
2017-07-06 CVE-2017-10972 Improper Initialization vulnerability in X.Org Xorg-Server
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
network
low complexity
x-org CWE-665
6.5