X.Org X Server vulnerabilities

CVE-2020-14345 [HIGH] CWE-119 CVE-2020-14345: A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNam A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14347 [MEDIUM] CWE-665 CVE-2020-14347: A flaw was found in the way xserver memory was not properly initialized. This could leak parts of se A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

CVE-2019-17624 [HIGH] CWE-787 CVE-2019-17624: "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. Fo "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.

CVE-2018-14665 [MEDIUM] CWE-863 CVE-2018-14665: A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

CVE-2017-2624 [HIGH] CWE-385 CVE-2017-2624: It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT co It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which

CVE-2017-12179 [CRITICAL] CWE-391 CVE-2017-12179: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer f xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12177 [CRITICAL] CWE-391 CVE-2017-12177: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function al xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12187 [CRITICAL] CWE-391 CVE-2017-12187: xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12184 [CRITICAL] CWE-391 CVE-2017-12184: xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12186 [CRITICAL] CWE-391 CVE-2017-12186: xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicio xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12180 [CRITICAL] CWE-391 CVE-2017-12180: xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing mal xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12182 [CRITICAL] CWE-391 CVE-2017-12182: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malici xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12176 [CRITICAL] CWE-391 CVE-2017-12176: xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection functio xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12181 [CRITICAL] CWE-391 CVE-2017-12181: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malici xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12178 [CRITICAL] CWE-391 CVE-2017-12178: xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowin xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12183 [CRITICAL] CWE-391 CVE-2017-12183: xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-12185 [CRITICAL] CWE-391 CVE-2017-12185: xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing m xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CVE-2017-13723 [HIGH] CWE-119 CVE-2017-13723: In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

CVE-2017-13721 [MEDIUM] CWE-269 CVE-2017-13721: In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X serve In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

CVE-2017-10971 [HIGH] CWE-119 CVE-2017-10971: In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.