Vulnerabilities > X ORG
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2017-12180 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12179 | Integer Overflow or Wraparound vulnerability in multiple products xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12178 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12177 | Integer Overflow or Wraparound vulnerability in multiple products xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12176 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2017-10-11 | CVE-2017-13722 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | 3.6 |
| 2017-10-11 | CVE-2017-13720 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). | 3.6 |
| 2017-10-10 | CVE-2017-13723 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | 4.6 |
| 2017-10-10 | CVE-2017-13721 | Improper Privilege Management vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | 1.9 |
| 2017-07-06 | CVE-2017-10972 | Improper Initialization vulnerability in X.Org Xorg-Server Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | 4.0 |