The X.Org Foundation Xorg-X11-Server vulnerabilities

CVE-2020-14345 [HIGH] CWE-119 CVE-2020-14345: A flaw was found in X A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2017-12182 [CRITICAL] CWE-391 CVE-2017-12182: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malici xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12179 [CRITICAL] CWE-391 CVE-2017-12179: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer f xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12180 [CRITICAL] CWE-391 CVE-2017-12180: xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing mal xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12176 [CRITICAL] CWE-391 CVE-2017-12176: xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection functio xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12177 [CRITICAL] CWE-391 CVE-2017-12177: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function al xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12187 [CRITICAL] CWE-391 CVE-2017-12187: xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12181 [CRITICAL] CWE-391 CVE-2017-12181: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malici xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12186 [CRITICAL] CWE-391 CVE-2017-12186: xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicio xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12184 [CRITICAL] CWE-391 CVE-2017-12184: xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12178 [CRITICAL] CWE-391 CVE-2017-12178: xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowin xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12183 [CRITICAL] CWE-391 CVE-2017-12183: xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.