X.org » Xorg-server : Security Vulnerabilities, CVEs, CVSS score >= 8
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
Max CVSS
9.8
EPSS Score
0.17%
Published
2024-01-18
Updated
2024-03-07
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.55%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.60%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.65%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.83%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.15%
Published
2018-01-24
Updated
2019-10-09
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-01-24
Updated
2019-10-09
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Max CVSS
8.8
EPSS Score
2.62%
Published
2017-07-06
Updated
2017-11-04
14 vulnerabilities found