VYPR

Xorg Server

by Xorg

CVEs (60)

  • CVE-2024-9632HigOct 30, 2024
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions…

  • CVE-2024-21886HigFeb 28, 2024
    risk 0.51cvss 7.8epss 0.01

    A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

  • CVE-2024-21885HigFeb 28, 2024
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an…

  • CVE-2017-13723HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via…

  • CVE-2015-3418HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.02

    The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

  • CVE-2017-2624MedJul 27, 2018
    risk 0.38cvss 5.9epss 0.01

    It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is…

  • CVE-2017-13721MedOct 10, 2017
    risk 0.31cvss 4.7epss 0.00

    In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

  • CVE-2021-31535May 27, 2021
    risk 0.01cvss epss 0.11

    LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than…

  • CVE-2024-0229Feb 9, 2024
    risk 0.00cvss epss 0.01

    An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with…

  • CVE-2024-0409Jan 18, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

  • CVE-2024-0408Jan 18, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access…

  • CVE-2023-6816Jan 18, 2024
    risk 0.00cvss epss 0.02

    A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number…

  • CVE-2023-5380Oct 25, 2023
    risk 0.00cvss epss 0.01

    A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the…

  • CVE-2022-3553Oct 17, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The…

  • CVE-2022-3551Oct 17, 2022
    risk 0.00cvss epss 0.02

    A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of…

  • CVE-2022-3550Oct 17, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of…

  • CVE-2022-2319Sep 1, 2022
    risk 0.00cvss epss 0.00

    A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

  • CVE-2022-2320Sep 1, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw…

  • CVE-2021-4011Dec 17, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

  • CVE-2021-4009Dec 17, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Page 1 of 3