Vulnerabilities > X ORG > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-05 | CVE-2020-14344 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. | 6.7 |
| 2019-10-16 | CVE-2019-17624 | Out-of-bounds Write vulnerability in X.Org X Server "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. | 4.6 |
| 2018-07-27 | CVE-2017-2625 | Insufficient Entropy vulnerability in multiple products It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. | 5.5 |
| 2017-10-10 | CVE-2017-13723 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | 4.6 |
| 2017-07-06 | CVE-2017-10972 | Improper Initialization vulnerability in X.Org Xorg-Server Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | 4.0 |
| 2017-07-06 | CVE-2017-10971 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X.Org Xorg-Server In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | 6.5 |
| 2015-02-13 | CVE-2015-0255 | Information Exposure vulnerability in multiple products X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | 6.4 |
| 2014-02-05 | CVE-2011-4613 | Permissions, Privileges, and Access Controls vulnerability in multiple products The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. | 4.6 |
| 2013-06-15 | CVE-2013-2066 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. | 6.8 |
| 2013-06-15 | CVE-2013-1998 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X.Org Libxi Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. | 6.8 |