rpm package
suse/xorg-x11-server&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-10972 | Med | 6.5 | < 7.6_1.15.2-30.22.1 | 7.6_1.15.2-30.22.1 | Jul 6, 2017 | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | |
| CVE-2017-10971 | Hig | 8.8 | < 7.6_1.15.2-30.22.1 | 7.6_1.15.2-30.22.1 | Jul 6, 2017 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | |
| CVE-2015-3418 | Hig | 7.5 | < 7.6_1.15.2-28.4 | 7.6_1.15.2-28.4 | Dec 13, 2016 | The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. | |
| CVE-2015-0255 | — | < 7.6_1.15.2-21.1 | 7.6_1.15.2-21.1 | Feb 13, 2015 | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | ||
| CVE-2014-8092 | — | < 7.6_1.15.2-28.4 | 7.6_1.15.2-28.4 | Dec 10, 2014 | Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutI |
- affected < 7.6_1.15.2-30.22.1fixed 7.6_1.15.2-30.22.1
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
- affected < 7.6_1.15.2-30.22.1fixed 7.6_1.15.2-30.22.1
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
- affected < 7.6_1.15.2-28.4fixed 7.6_1.15.2-28.4
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
- CVE-2015-0255Feb 13, 2015affected < 7.6_1.15.2-21.1fixed 7.6_1.15.2-21.1
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
- CVE-2014-8092Dec 10, 2014affected < 7.6_1.15.2-28.4fixed 7.6_1.15.2-28.4
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutI