VYPR

Vendor CVEs

Xorg

All CVEs

379 total · sorted by risk
  • CVE-2013-1983Jun 15, 2013
    risk 0.00cvss epss 0.02

    Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.

  • CVE-2013-1982Jun 15, 2013
    risk 0.00cvss epss 0.02

    Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5)…

  • CVE-2013-1981Jun 15, 2013
    risk 0.00cvss epss 0.01

    Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5)…

  • CVE-2013-1940May 13, 2013
    risk 0.00cvss epss 0.00

    X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

  • CVE-2013-1790Apr 9, 2013
    risk 0.00cvss epss 0.03

    poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.

  • CVE-2013-1789Apr 9, 2013
    risk 0.00cvss epss 0.02

    splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.

  • CVE-2013-1788Apr 9, 2013
    risk 0.00cvss epss 0.04

    poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.

  • CVE-2011-4945Oct 1, 2012
    risk 0.00cvss epss 0.00

    PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.

  • CVE-2010-4819Sep 5, 2012
    risk 0.00cvss epss 0.00

    The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."

  • CVE-2010-4818Sep 5, 2012
    risk 0.00cvss epss 0.05

    The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value…

  • CVE-2012-2737Jul 22, 2012
    risk 0.00cvss epss 0.00

    The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

  • CVE-2011-4028Jul 3, 2012
    risk 0.00cvss epss 0.00

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

  • CVE-2012-2118May 18, 2012
    risk 0.00cvss epss 0.03

    Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.

  • CVE-2011-4349Dec 10, 2011
    risk 0.00cvss epss 0.00

    Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

  • CVE-2011-2533Jun 22, 2011
    risk 0.00cvss epss 0.00

    The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

  • CVE-2011-2200Jun 22, 2011
    risk 0.00cvss epss 0.00

    The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain…

  • CVE-2011-0465Apr 8, 2011
    risk 0.00cvss epss 0.06

    xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

  • CVE-2011-1000Feb 19, 2011
    risk 0.00cvss epss 0.03

    jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

  • CVE-2010-4352Dec 30, 2010
    risk 0.00cvss epss 0.01

    Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.

  • CVE-2010-3703Nov 5, 2010
    risk 0.00cvss epss 0.03

    The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that…

  • CVE-2010-3702Nov 5, 2010
    risk 0.00cvss epss 0.03

    The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an…

  • CVE-2010-1172Aug 20, 2010
    risk 0.00cvss epss 0.00

    DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager,…

  • CVE-2010-1166Apr 29, 2010
    risk 0.00cvss epss 0.05

    The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect…

  • CVE-2010-1149Apr 12, 2010
    risk 0.00cvss epss 0.00

    probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under…

  • CVE-2010-0750Apr 6, 2010
    risk 0.00cvss epss 0.00

    pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.

  • CVE-2009-3100Sep 8, 2009
    risk 0.00cvss epss 0.00

    xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then…

  • CVE-2009-2711Aug 7, 2009
    risk 0.00cvss epss 0.00

    XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is…

  • CVE-2009-1189Apr 27, 2009
    risk 0.00cvss epss 0.01

    The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for…

  • CVE-2009-0068Jan 7, 2009
    risk 0.00cvss epss 0.02

    Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as…

  • CVE-2008-4311Dec 10, 2008
    risk 0.00cvss epss 0.00

    The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving…

  • CVE-2008-4984Nov 6, 2008
    risk 0.00cvss epss 0.00

    scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings…

  • CVE-2008-1379Jun 16, 2008
    risk 0.00cvss epss 0.01

    Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.

  • CVE-2008-2360Jun 16, 2008
    risk 0.00cvss epss 0.03

    Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based…

  • CVE-2008-1377Jun 16, 2008
    risk 0.00cvss epss 0.03

    The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary…

  • CVE-2008-2361Jun 16, 2008
    risk 0.00cvss epss 0.02

    Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size,…

  • CVE-2008-2362Jun 16, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request…

  • CVE-2008-1658Apr 11, 2008
    risk 0.00cvss epss 0.01

    Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.

  • CVE-2008-0595Feb 29, 2008
    risk 0.00cvss epss 0.00

    dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL…

  • CVE-2007-6427Jan 18, 2008
    risk 0.00cvss epss 0.04

    The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

  • CVE-2007-5760Jan 18, 2008
    risk 0.00cvss epss 0.03

    Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.

  • CVE-2007-6428Jan 18, 2008
    risk 0.00cvss epss 0.02

    The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.

  • CVE-2007-6429Jan 18, 2008
    risk 0.00cvss epss 0.03

    Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a…

  • CVE-2008-0006Jan 18, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in…

  • CVE-2007-4568Oct 5, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

  • CVE-2007-4730Sep 11, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.

  • CVE-2007-1352Apr 6, 2007
    risk 0.00cvss epss 0.02

    Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

  • CVE-2007-1351Apr 6, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

  • CVE-2007-1003Apr 6, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in…

  • CVE-2007-1667Mar 24, 2007
    risk 0.00cvss epss 0.05

    Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images…

  • CVE-2006-6102Dec 31, 2006
    risk 0.00cvss epss 0.03

    Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified…

Page 7 of 8