Vulnerabilities > X ORG > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2020-14345 | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. | 7.8 |
| 2020-09-11 | CVE-2020-14363 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow vulnerability leading to a double-free was found in libX11. | 7.8 |
| 2019-10-16 | CVE-2019-17624 | Out-of-bounds Write vulnerability in X.Org X Server "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. | 7.8 |
| 2018-08-24 | CVE-2018-14598 | Improper Input Validation vulnerability in multiple products An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. | 7.5 |
| 2018-07-27 | CVE-2017-2624 | Information Exposure vulnerability in multiple products It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. | 7.0 |
| 2017-10-11 | CVE-2017-13722 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | 7.1 |
| 2017-10-11 | CVE-2017-13720 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). | 7.1 |
| 2017-10-10 | CVE-2017-13723 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | 7.8 |
| 2017-07-06 | CVE-2017-10971 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X.Org Xorg-Server In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | 8.8 |
| 2016-12-13 | CVE-2016-7952 | Improper Access Control vulnerability in multiple products X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | 7.5 |