X.Org X Server vulnerabilities
90 known vulnerabilities affecting x.org/x_server.
Total CVEs
90
CISA KEV
0
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL14HIGH50MEDIUM23LOW3
Vulnerabilities
Page 5 of 5
CVE-2017-2624P4HIGHCVSS 7.0≤ 1.19.42018-07-27
CVE-2017-2624 [HIGH] CWE-385 CVE-2017-2624: It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT co
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which
nvd
CVE-2020-14347P4MEDIUMCVSS 5.5fixed in 1.20.92020-08-05
CVE-2020-14347 [MEDIUM] CWE-665 CVE-2020-14347: A flaw was found in the way xserver memory was not properly initialized. This could leak parts of se
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
nvd
CVE-2026-50262P4MEDIUMCVSS 5.5fixed in 21.1.232026-06-05
CVE-2026-50262 [MEDIUM] CWE-125 CVE-2026-50262: An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableA
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
nvd
CVE-2026-50263P4MEDIUMCVSS 5.5fixed in 21.1.232026-06-05
CVE-2026-50263 [MEDIUM] CWE-416 CVE-2026-50263: A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
nvd
CVE-2014-8091P4MEDIUMCVSS 4.3≤ 1.16.22014-12-10
CVE-2014-8091 [MEDIUM] CVE-2014-8091: X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.
nvd
CVE-2024-0408P4MEDIUMCVSS 5.5fixed in 21.1.112024-01-18
CVE-2024-0408 [MEDIUM] CWE-158 CVE-2024-0408: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object tha
nvd
CVE-2023-5380P4MEDIUMCVSS 4.7fixed in 21.1.92023-10-25
CVE-2023-5380 [MEDIUM] CWE-416 CVE-2023-5380: A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specif
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed follo
nvd
CVE-2017-13721P4MEDIUMCVSS 4.7≤ 1.19.32017-10-10
CVE-2017-13721 [MEDIUM] CWE-269 CVE-2017-13721: In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X serve
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
nvd
CVE-2015-3164P4LOWCVSS 3.6v1.16.0v1.16.1+5 more2015-07-01
CVE-2015-3164 [LOW] CWE-264 CVE-2015-3164: The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authen
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
nvd
CVE-2011-4028P4LOWCVSS 1.2≤ 1.11.1v1.11.02012-07-03
CVE-2011-4028 [LOW] CWE-59 CVE-2011-4028: The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
nvd
← Previous5 / 5