rpm package
suse/xorg-x11-server&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13723 | Hig | 7.8 | < 7.6_1.18.3-76.15.2 | 7.6_1.18.3-76.15.2 | Oct 10, 2017 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbco | |
| CVE-2017-13721 | Med | 4.7 | < 7.6_1.18.3-76.15.2 | 7.6_1.18.3-76.15.2 | Oct 10, 2017 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | |
| CVE-2017-10972 | Med | 6.5 | < 7.6_1.18.3-74.2 | 7.6_1.18.3-74.2 | Jul 6, 2017 | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | |
| CVE-2017-10971 | Hig | 8.8 | < 7.6_1.18.3-74.2 | 7.6_1.18.3-74.2 | Jul 6, 2017 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. |
- affected < 7.6_1.18.3-76.15.2fixed 7.6_1.18.3-76.15.2
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbco
- affected < 7.6_1.18.3-76.15.2fixed 7.6_1.18.3-76.15.2
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
- affected < 7.6_1.18.3-74.2fixed 7.6_1.18.3-74.2
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
- affected < 7.6_1.18.3-74.2fixed 7.6_1.18.3-74.2
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Page 2 of 2