Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1393 | 2 Fedoraproject, X.org | 2 Fedora, Xorg-server | 2023-08-02 | N/A | 7.8 HIGH |
| A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. | |||||
| CVE-2020-14362 | 1 X.org | 1 Xorg-server | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-14346 | 1 X.org | 1 Xorg-server | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-14361 | 1 X.org | 1 Xorg-server | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2017-2624 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 1.9 LOW | 7.0 HIGH |
| It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. | |||||
| CVE-2017-13723 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2018-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | |||||
| CVE-2015-3418 | 1 X.org | 1 Xorg-server | 2018-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. | |||||
| CVE-2017-10971 | 1 X.org | 1 Xorg-server | 2017-11-04 | 6.5 MEDIUM | 8.8 HIGH |
| In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | |||||