| 0 |
|
| 1 |
|
| 2 |
| url |
VCID-24mm-8spg-nqfq |
| vulnerability_id |
VCID-24mm-8spg-nqfq |
| summary |
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-1379
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-24mm-8spg-nqfq |
|
| 3 |
| url |
VCID-24mx-tgrf-nqa8 |
| vulnerability_id |
VCID-24mx-tgrf-nqa8 |
| summary |
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8102
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-24mx-tgrf-nqa8 |
|
| 4 |
|
| 5 |
| url |
VCID-31f1-edc5-nfey |
| vulnerability_id |
VCID-31f1-edc5-nfey |
| summary |
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-1377
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-31f1-edc5-nfey |
|
| 6 |
|
| 7 |
|
| 8 |
| url |
VCID-47qj-hd74-27h7 |
| vulnerability_id |
VCID-47qj-hd74-27h7 |
| summary |
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8099
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-47qj-hd74-27h7 |
|
| 9 |
|
| 10 |
| url |
VCID-563m-twrn-1kg7 |
| vulnerability_id |
VCID-563m-twrn-1kg7 |
| summary |
xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0064
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-563m-twrn-1kg7 |
|
| 11 |
| url |
VCID-5adj-h8vd-fydm |
| vulnerability_id |
VCID-5adj-h8vd-fydm |
| summary |
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-6103
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5adj-h8vd-fydm |
|
| 12 |
| url |
VCID-5h7m-8559-sqau |
| vulnerability_id |
VCID-5h7m-8559-sqau |
| summary |
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-4819
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5h7m-8559-sqau |
|
| 13 |
| url |
VCID-5nbt-cvgt-pkff |
| vulnerability_id |
VCID-5nbt-cvgt-pkff |
| summary |
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-3920
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5nbt-cvgt-pkff |
|
| 14 |
|
| 15 |
| url |
VCID-6814-39jv-pubh |
| vulnerability_id |
VCID-6814-39jv-pubh |
| summary |
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-5958
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6814-39jv-pubh |
|
| 16 |
|
| 17 |
|
| 18 |
| url |
VCID-6sfc-pmbw-6ffg |
| vulnerability_id |
VCID-6sfc-pmbw-6ffg |
| summary |
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-4028
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6sfc-pmbw-6ffg |
|
| 19 |
| url |
VCID-6t55-ed2e-2bcw |
| vulnerability_id |
VCID-6t55-ed2e-2bcw |
| summary |
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49176
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6t55-ed2e-2bcw |
|
| 20 |
| url |
VCID-713b-xwq2-7ych |
| vulnerability_id |
VCID-713b-xwq2-7ych |
| summary |
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-25712
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-713b-xwq2-7ych |
|
| 21 |
|
| 22 |
| url |
VCID-7hgn-umm1-9ydh |
| vulnerability_id |
VCID-7hgn-umm1-9ydh |
| summary |
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-6428
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7hgn-umm1-9ydh |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| url |
VCID-8k3e-h7va-myfg |
| vulnerability_id |
VCID-8k3e-h7va-myfg |
| summary |
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2014-8103
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8k3e-h7va-myfg |
|
| 27 |
| url |
VCID-8mr3-m631-ykff |
| vulnerability_id |
VCID-8mr3-m631-ykff |
| summary |
xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34003
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8mr3-m631-ykff |
|
| 28 |
| url |
VCID-8unb-tn3a-abe3 |
| vulnerability_id |
VCID-8unb-tn3a-abe3 |
| summary |
The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8097
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8unb-tn3a-abe3 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| url |
VCID-96zj-dxw7-jbf1 |
| vulnerability_id |
VCID-96zj-dxw7-jbf1 |
| summary |
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-2118
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-96zj-dxw7-jbf1 |
|
| 33 |
|
| 34 |
| url |
VCID-9k4g-mc81-tffe |
| vulnerability_id |
VCID-9k4g-mc81-tffe |
| summary |
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8094
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9k4g-mc81-tffe |
|
| 35 |
| url |
VCID-9kj6-9etk-uudg |
| vulnerability_id |
VCID-9kj6-9etk-uudg |
| summary |
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8101
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9kj6-9etk-uudg |
|
| 36 |
|
| 37 |
| url |
VCID-a2n5-8wwp-87hw |
| vulnerability_id |
VCID-a2n5-8wwp-87hw |
| summary |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-14362
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a2n5-8wwp-87hw |
|
| 38 |
| url |
VCID-azs1-b52k-qqgw |
| vulnerability_id |
VCID-azs1-b52k-qqgw |
| summary |
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-4447
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-azs1-b52k-qqgw |
|
| 39 |
| url |
VCID-bj7e-pnpm-nqfw |
| vulnerability_id |
VCID-bj7e-pnpm-nqfw |
| summary |
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-0745
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bj7e-pnpm-nqfw |
|
| 40 |
| url |
VCID-bny6-pyf6-k3ht |
| vulnerability_id |
VCID-bny6-pyf6-k3ht |
| summary |
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8095
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bny6-pyf6-k3ht |
|
| 41 |
|
| 42 |
|
| 43 |
| url |
VCID-d78c-241h-7yh6 |
| vulnerability_id |
VCID-d78c-241h-7yh6 |
| summary |
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-5760
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d78c-241h-7yh6 |
|
| 44 |
| url |
VCID-d837-arrp-cyhx |
| vulnerability_id |
VCID-d837-arrp-cyhx |
| summary |
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-3418
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d837-arrp-cyhx |
|
| 45 |
|
| 46 |
| url |
VCID-dbns-h674-n7gm |
| vulnerability_id |
VCID-dbns-h674-n7gm |
| summary |
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8091
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dbns-h674-n7gm |
|
| 47 |
| url |
VCID-dnsa-z3ck-53dc |
| vulnerability_id |
VCID-dnsa-z3ck-53dc |
| summary |
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-3164
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dnsa-z3ck-53dc |
|
| 48 |
| url |
VCID-ef9m-a6nn-j3d2 |
| vulnerability_id |
VCID-ef9m-a6nn-j3d2 |
| summary |
The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-1166
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ef9m-a6nn-j3d2 |
|
| 49 |
| url |
VCID-egcx-kc7z-skfq |
| vulnerability_id |
VCID-egcx-kc7z-skfq |
| summary |
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12179
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-egcx-kc7z-skfq |
|
| 50 |
| url |
VCID-ej11-bqxf-7qas |
| vulnerability_id |
VCID-ej11-bqxf-7qas |
| summary |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-14345
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ej11-bqxf-7qas |
|
| 51 |
|
| 52 |
| url |
VCID-f9yc-23gb-qyhy |
| vulnerability_id |
VCID-f9yc-23gb-qyhy |
| summary |
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-2362
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f9yc-23gb-qyhy |
|
| 53 |
| url |
VCID-fdrh-s6h2-buhk |
| vulnerability_id |
VCID-fdrh-s6h2-buhk |
| summary |
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8092
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fdrh-s6h2-buhk |
|
| 54 |
| url |
VCID-fm63-7bke-rbe2 |
| vulnerability_id |
VCID-fm63-7bke-rbe2 |
| summary |
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-14360
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fm63-7bke-rbe2 |
|
| 55 |
|
| 56 |
| url |
VCID-ftyy-61hx-wkff |
| vulnerability_id |
VCID-ftyy-61hx-wkff |
| summary |
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-1056
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ftyy-61hx-wkff |
|
| 57 |
| url |
VCID-g9ce-3gn2-ekbh |
| vulnerability_id |
VCID-g9ce-3gn2-ekbh |
| summary |
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-3472
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g9ce-3gn2-ekbh |
|
| 58 |
| url |
VCID-gq7x-petb-hfau |
| vulnerability_id |
VCID-gq7x-petb-hfau |
| summary |
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49178
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gq7x-petb-hfau |
|
| 59 |
| url |
VCID-h6us-hyjy-7ye4 |
| vulnerability_id |
VCID-h6us-hyjy-7ye4 |
| summary |
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-2361
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h6us-hyjy-7ye4 |
|
| 60 |
| url |
VCID-hnhq-2yq6-87cn |
| vulnerability_id |
VCID-hnhq-2yq6-87cn |
| summary |
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-2360
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hnhq-2yq6-87cn |
|
| 61 |
| url |
VCID-hzef-8edc-hyev |
| vulnerability_id |
VCID-hzef-8edc-hyev |
| summary |
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-14347
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hzef-8edc-hyev |
|
| 62 |
| url |
VCID-j463-aw53-kuc4 |
| vulnerability_id |
VCID-j463-aw53-kuc4 |
| summary |
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-2624
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j463-aw53-kuc4 |
|
| 63 |
| url |
VCID-j55v-3y8e-2kf3 |
| vulnerability_id |
VCID-j55v-3y8e-2kf3 |
| summary |
The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-4818
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j55v-3y8e-2kf3 |
|
| 64 |
| url |
VCID-jrks-xpht-eycq |
| vulnerability_id |
VCID-jrks-xpht-eycq |
| summary |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-14361
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jrks-xpht-eycq |
|
| 65 |
| url |
VCID-jt46-r94m-v7er |
| vulnerability_id |
VCID-jt46-r94m-v7er |
| summary |
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8096
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jt46-r94m-v7er |
|
| 66 |
| url |
VCID-jx8z-exfq-sqcn |
| vulnerability_id |
VCID-jx8z-exfq-sqcn |
| summary |
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-0255
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jx8z-exfq-sqcn |
|
| 67 |
|
| 68 |
| url |
VCID-k29g-v3tn-67bc |
| vulnerability_id |
VCID-k29g-v3tn-67bc |
| summary |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12180
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k29g-v3tn-67bc |
|
| 69 |
| url |
VCID-k3mg-7ndc-sqe7 |
| vulnerability_id |
VCID-k3mg-7ndc-sqe7 |
| summary |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-13721
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k3mg-7ndc-sqe7 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
| url |
VCID-ktpn-yv97-nycv |
| vulnerability_id |
VCID-ktpn-yv97-nycv |
| summary |
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-0006
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ktpn-yv97-nycv |
|
| 74 |
| url |
VCID-kue6-ss77-fqah |
| vulnerability_id |
VCID-kue6-ss77-fqah |
| summary |
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-6102
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kue6-ss77-fqah |
|
| 75 |
|
| 76 |
| url |
VCID-meuv-tkww-rfeu |
| vulnerability_id |
VCID-meuv-tkww-rfeu |
| summary |
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-4396
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-meuv-tkww-rfeu |
|
| 77 |
| url |
VCID-mksc-f652-2qcd |
| vulnerability_id |
VCID-mksc-f652-2qcd |
| summary |
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-33999
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mksc-f652-2qcd |
|
| 78 |
| url |
VCID-mux3-jggq-bqej |
| vulnerability_id |
VCID-mux3-jggq-bqej |
| summary |
xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34001
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mux3-jggq-bqej |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
| url |
VCID-nrev-k192-pfe8 |
| vulnerability_id |
VCID-nrev-k192-pfe8 |
| summary |
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12185
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nrev-k192-pfe8 |
|
| 83 |
| url |
VCID-p2yg-z8e2-j7f5 |
| vulnerability_id |
VCID-p2yg-z8e2-j7f5 |
| summary |
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-4029
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p2yg-z8e2-j7f5 |
|
| 84 |
| url |
VCID-py27-f7s4-ybbq |
| vulnerability_id |
VCID-py27-f7s4-ybbq |
| summary |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-13723
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-py27-f7s4-ybbq |
|
| 85 |
|
| 86 |
|
| 87 |
| url |
VCID-qs4d-hm8w-jfcm |
| vulnerability_id |
VCID-qs4d-hm8w-jfcm |
| summary |
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-2437
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs4d-hm8w-jfcm |
|
| 88 |
| url |
VCID-qy7b-jt1s-dbfz |
| vulnerability_id |
VCID-qy7b-jt1s-dbfz |
| summary |
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-4730
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qy7b-jt1s-dbfz |
|
| 89 |
|
| 90 |
| url |
VCID-raeg-4zw3-xbe4 |
| vulnerability_id |
VCID-raeg-4zw3-xbe4 |
| summary |
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-6429
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-raeg-4zw3-xbe4 |
|
| 91 |
| url |
VCID-rbgq-gsfu-7uga |
| vulnerability_id |
VCID-rbgq-gsfu-7uga |
| summary |
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-6101
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rbgq-gsfu-7uga |
|
| 92 |
|
| 93 |
| url |
VCID-rqjp-d3mr-ykdx |
| vulnerability_id |
VCID-rqjp-d3mr-ykdx |
| summary |
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-14346
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rqjp-d3mr-ykdx |
|
| 94 |
| url |
VCID-rwrz-8ej4-87dx |
| vulnerability_id |
VCID-rwrz-8ej4-87dx |
| summary |
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-1003
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rwrz-8ej4-87dx |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
| url |
VCID-ucf1-81as-eucj |
| vulnerability_id |
VCID-ucf1-81as-eucj |
| summary |
xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34000
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ucf1-81as-eucj |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
| url |
VCID-vscc-4qb3-3fgd |
| vulnerability_id |
VCID-vscc-4qb3-3fgd |
| summary |
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-1940
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vscc-4qb3-3fgd |
|
| 109 |
| url |
VCID-vv5c-txda-hkfd |
| vulnerability_id |
VCID-vv5c-txda-hkfd |
| summary |
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-6427
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vv5c-txda-hkfd |
|
| 110 |
|
| 111 |
|
| 112 |
| url |
VCID-wgpc-s7x8-77at |
| vulnerability_id |
VCID-wgpc-s7x8-77at |
| summary |
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2009-1573
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wgpc-s7x8-77at |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
| url |
VCID-ydth-wf4d-zugb |
| vulnerability_id |
VCID-ydth-wf4d-zugb |
| summary |
xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34002
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ydth-wf4d-zugb |
|
| 120 |
|
| 121 |
| url |
VCID-ys3e-5jfb-dfez |
| vulnerability_id |
VCID-ys3e-5jfb-dfez |
| summary |
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8100
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ys3e-5jfb-dfez |
|
| 122 |
|
| 123 |
| url |
VCID-z6tv-7fmc-13bw |
| vulnerability_id |
VCID-z6tv-7fmc-13bw |
| summary |
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49180
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tv-7fmc-13bw |
|
| 124 |
| url |
VCID-zb61-sksa-e3c5 |
| vulnerability_id |
VCID-zb61-sksa-e3c5 |
| summary |
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49175
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zb61-sksa-e3c5 |
|
| 125 |
| url |
VCID-zckq-n5gm-3qb9 |
| vulnerability_id |
VCID-zckq-n5gm-3qb9 |
| summary |
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8098
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zckq-n5gm-3qb9 |
|
| 126 |
| url |
VCID-zen3-5wz9-jyff |
| vulnerability_id |
VCID-zen3-5wz9-jyff |
| summary |
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2006-1526
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zen3-5wz9-jyff |
|
| 127 |
| url |
VCID-zh42-3rck-93he |
| vulnerability_id |
VCID-zh42-3rck-93he |
| summary |
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8093
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zh42-3rck-93he |
|
| 128 |
|