rpm package
suse/xorg-x11-server&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14665 | — | < 7.4-27.122.21.1 | 7.4-27.122.21.1 | Oct 25, 2018 | A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrar | ||
| CVE-2017-12187 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12186 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12185 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12184 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12183 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12182 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12181 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12180 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12179 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12178 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12177 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-12176 | — | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Jan 24, 2018 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||
| CVE-2017-13723 | Hig | 7.8 | < 7.4-27.122.16.1 | 7.4-27.122.16.1 | Oct 10, 2017 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbco | |
| CVE-2017-10972 | Med | 6.5 | < 7.4-27.121.2 | 7.4-27.121.2 | Jul 6, 2017 | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | |
| CVE-2017-10971 | Hig | 8.8 | < 7.4-27.121.2 | 7.4-27.121.2 | Jul 6, 2017 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. |
- CVE-2018-14665Oct 25, 2018affected < 7.4-27.122.21.1fixed 7.4-27.122.21.1
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrar
- CVE-2017-12187Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12186Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12185Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12184Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12183Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12182Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12181Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12180Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12179Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12178Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12177Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- CVE-2017-12176Jan 24, 2018affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
- affected < 7.4-27.122.16.1fixed 7.4-27.122.16.1
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbco
- affected < 7.4-27.121.2fixed 7.4-27.121.2
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
- affected < 7.4-27.121.2fixed 7.4-27.121.2
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.