Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor X.org Subscribe
Total 153 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2624 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 1.9 LOW 5.9 MEDIUM
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
CVE-2017-12187 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12186 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12185 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12184 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12183 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12182 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12181 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12180 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12179 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12178 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12177 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12176 2 Debian, X.org 2 Debian Linux, Xorg-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.