VYPR

Vendor CVEs

Xorg

All CVEs

379 total · sorted by risk
  • CVE-2013-4474Nov 23, 2013
    risk 0.04cvss epss 0.10

    Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

  • CVE-2011-4613Feb 5, 2014
    risk 0.03cvss epss 0.01

    The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

  • CVE-2013-0292Mar 5, 2013
    risk 0.03cvss epss 0.01

    The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

  • CVE-2012-4425Sep 18, 2012
    risk 0.03cvss epss 0.01

    libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the…

  • CVE-2012-3524Sep 18, 2012
    risk 0.03cvss epss 0.05

    libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is…

  • CVE-2011-4029Jul 3, 2012
    risk 0.03cvss epss 0.01

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

  • CVE-2008-3834Oct 7, 2008
    risk 0.03cvss epss 0.05

    The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

  • CVE-2007-5958Jan 18, 2008
    risk 0.03cvss epss 0.05

    X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

  • CVE-2007-3103Jul 15, 2007
    risk 0.03cvss epss 0.01

    The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

  • CVE-2007-2437May 2, 2007
    risk 0.03cvss epss 0.04

    The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions,…

  • CVE-2006-4655Sep 9, 2006
    risk 0.03cvss epss 0.01

    Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

  • CVE-2006-0745Mar 21, 2006
    risk 0.03cvss epss 0.01

    X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the…

  • CVE-2001-1178Jul 11, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.

  • CVE-2001-1086Jul 4, 2001
    risk 0.03cvss epss 0.03

    XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

  • CVE-2000-0976Dec 19, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

  • CVE-2000-0504Jun 19, 2000
    risk 0.03cvss epss 0.03

    libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

  • CVE-2000-0476Jun 1, 2000
    risk 0.03cvss epss 0.03

    xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.

  • CVE-2000-0453May 18, 2000
    risk 0.03cvss epss 0.03

    XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

  • CVE-1999-0433Mar 21, 1999
    risk 0.03cvss epss 0.01

    XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

  • CVE-1999-0126May 3, 1998
    risk 0.03cvss epss 0.01

    SGI IRIX buffer overflow in xterm and Xaw allows root access.

  • CVE-2021-31535May 27, 2021
    risk 0.01cvss epss 0.11

    LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than…

  • CVE-2018-14600CriAug 24, 2018
    risk 0.01cvss 9.8epss 0.09

    An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

  • CVE-2013-6462Jan 9, 2014
    risk 0.01cvss epss 0.10

    Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

  • CVE-2013-4473Nov 23, 2013
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

  • CVE-2011-2895Aug 19, 2011
    risk 0.01cvss epss 0.08

    The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType…

  • CVE-2009-3603Oct 21, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are…

  • CVE-2007-4990Oct 5, 2007
    risk 0.01cvss epss 0.11

    The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the…

  • CVE-2007-3387Jul 30, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted…

  • CVE-2004-0914Jan 10, 2005
    risk 0.01cvss epss 0.09

    Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could…

  • CVE-2004-0687Oct 20, 2004
    risk 0.01cvss epss 0.08

    Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

  • CVE-2004-0688Oct 20, 2004
    risk 0.01cvss epss 0.07

    Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

  • CVE-2026-9539Jun 24, 2026
    risk 0.00cvss epss 0.00

    An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive…

  • CVE-2025-50420Aug 4, 2025
    risk 0.00cvss epss 0.00

    An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).

  • CVE-2025-43903Apr 18, 2025
    risk 0.00cvss epss 0.00

    NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

  • CVE-2025-32364Apr 5, 2025
    risk 0.00cvss epss 0.00

    A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

  • CVE-2025-32365Apr 5, 2025
    risk 0.00cvss epss 0.00

    Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

  • CVE-2024-0229Feb 9, 2024
    risk 0.00cvss epss 0.01

    An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with…

  • CVE-2024-0409Jan 18, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

  • CVE-2024-0408Jan 18, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access…

  • CVE-2023-6816Jan 18, 2024
    risk 0.00cvss epss 0.02

    A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number…

  • CVE-2023-6377Dec 13, 2023
    risk 0.00cvss epss 0.02

    A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is…

  • CVE-2023-33413Dec 7, 2023
    risk 0.00cvss epss 0.01

    The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary…

  • CVE-2023-5380Oct 25, 2023
    risk 0.00cvss epss 0.01

    A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the…

  • CVE-2023-5367Oct 25, 2023
    risk 0.00cvss epss 0.01

    A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in…

  • CVE-2023-43789Oct 12, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

  • CVE-2023-43787Oct 10, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

  • CVE-2023-43786Oct 10, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.

  • CVE-2023-43785Oct 10, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.

  • CVE-2022-37050Aug 22, 2023
    risk 0.00cvss epss 0.01

    In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the…

  • CVE-2020-18651Aug 22, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.

Page 3 of 8