Vulnerabilities (CVE)

Filtered by vendor X.org Subscribe
Filtered by product X Server
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25697 1 X.org 1 X Server 2024-02-28 4.4 MEDIUM 7.0 HIGH
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.
CVE-2020-14360 1 X.org 1 X Server 2024-02-28 6.1 MEDIUM 7.8 HIGH
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25712 2 Redhat, X.org 2 Enterprise Linux, X Server 2024-02-28 4.6 MEDIUM 7.8 HIGH
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-14345 2 Canonical, X.org 2 Ubuntu Linux, X Server 2024-02-28 4.6 MEDIUM 7.8 HIGH
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2019-17624 1 X.org 1 X Server 2024-02-28 4.6 MEDIUM 7.8 HIGH
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
CVE-2011-4613 4 Canonical, Debian, Ubuntu and 1 more 4 Ubuntu Linux, Debian Linux, Linux and 1 more 2024-02-28 4.6 MEDIUM N/A
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
CVE-2011-4029 1 X.org 1 X Server 2024-02-28 1.9 LOW N/A
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
CVE-2011-4028 1 X.org 1 X Server 2024-02-28 1.2 LOW N/A
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
CVE-2007-6427 7 Apple, Canonical, Debian and 4 more 11 Mac Os X, Ubuntu Linux, Debian Linux and 8 more 2024-02-28 9.3 HIGH N/A
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.