Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vtxx-3wd9-x7hz
Vulnerability ID VCID-vtxx-3wd9-x7hz
Aliases CVE-2008-2360
Summary Multiple vulnerabilities have been discovered in the X.Org X server, possibly allowing for the remote execution of arbitrary code with root privileges.
Status Published
Exploitability 0.5
Weighted Severity 8.1
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-122 Heap-based Buffer Overflow
CWE-189 Numeric Errors
System Score Found at
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
epss 0.0192 https://api.first.org/data/v1/epss?cve=CVE-2008-2360
cvssv2 9.0 https://nvd.nist.gov/vuln/detail/CVE-2008-2360
Reference id Reference type URL
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://rhn.redhat.com/errata/RHSA-2008-0502.html
http://rhn.redhat.com/errata/RHSA-2008-0504.html
http://rhn.redhat.com/errata/RHSA-2008-0512.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2360.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
http://secunia.com/advisories/30627
http://secunia.com/advisories/30628
http://secunia.com/advisories/30629
http://secunia.com/advisories/30630
http://secunia.com/advisories/30637
http://secunia.com/advisories/30659
http://secunia.com/advisories/30664
http://secunia.com/advisories/30666
http://secunia.com/advisories/30671
http://secunia.com/advisories/30715
http://secunia.com/advisories/30772
http://secunia.com/advisories/30809
http://secunia.com/advisories/30843
http://secunia.com/advisories/31025
http://secunia.com/advisories/31109
http://secunia.com/advisories/32099
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200806-07.xml
http://securitytracker.com/id?1020243
https://issues.rpath.com/browse/RPL-2607
https://issues.rpath.com/browse/RPL-2619
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
http://www.debian.org/security/2008/dsa-1595
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
http://www.mandriva.com/security/advisories?name=MDVSA-2008:179
http://www.redhat.com/support/errata/RHSA-2008-0503.html
http://www.securityfocus.com/archive/1/493548/100/0/threaded
http://www.securityfocus.com/archive/1/493550/100/0/threaded
http://www.ubuntu.com/usn/usn-616-1
http://www.vupen.com/english/advisories/2008/1803
http://www.vupen.com/english/advisories/2008/1833
http://www.vupen.com/english/advisories/2008/1983/references
448783 https://bugzilla.redhat.com/show_bug.cgi?id=448783
cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
CVE-2008-2360 https://nvd.nist.gov/vuln/detail/CVE-2008-2360
GLSA-200806-07 https://security.gentoo.org/glsa/200806-07
RHSA-2008:0502 https://access.redhat.com/errata/RHSA-2008:0502
RHSA-2008:0503 https://access.redhat.com/errata/RHSA-2008:0503
RHSA-2008:0504 https://access.redhat.com/errata/RHSA-2008:0504
RHSA-2008:0512 https://access.redhat.com/errata/RHSA-2008:0512
USN-616-1 https://usn.ubuntu.com/616-1/
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2360
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83279
EPSS Score 0.0192
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:48.991339+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200806-07 38.0.0