Vulnerabilities > X > X11 > Critical

DATE CVE VULNERABILITY TITLE RISK
2011-04-08 CVE-2011-0465 Improper Input Validation vulnerability in multiple products
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
network
matthias-hopf x CWE-20
critical
9.3
2008-06-16 CVE-2008-1377 Numeric Errors vulnerability in X X11 R7.3
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
network
low complexity
x CWE-189
critical
9.0
2008-06-16 CVE-2008-2360 Numeric Errors vulnerability in X X11 R7.3
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
network
low complexity
x CWE-189
critical
9.0
2008-06-16 CVE-2008-2362 Numeric Errors vulnerability in X X11 R7.3
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
network
low complexity
x CWE-189
critical
10.0