X : Security Vulnerabilities

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complex ity	Authen tication	Confiden tiality	Integrity	Availa bility
1	CVE-2011-2895	119	Exec Code Overflow	2011-08-19	2012-05-11	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
2	CVE-2011-0465	20	Exec Code	2011-04-08	2011-08-23	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
3	CVE-2010-1166	189	DoS Exec Code Mem. Corr.	2010-04-29	2010-09-09	7.1	None	Remote	High	Single system	Complete	Complete	Complete
The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.
4	CVE-2008-2362	189	Exec Code Overflow Mem. Corr.	2008-06-16	2010-08-21	10.0	Admin	Remote	Low	Not required	Complete	Complete	Complete
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
5	CVE-2008-2360	189	Exec Code Overflow	2008-06-16	2010-08-21	9.0	None	Remote	Low	Single system	Complete	Complete	Complete
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
6	CVE-2008-1379	189	Overflow	2008-06-16	2010-08-21	6.8	None	Remote	Low	Single system	Complete	None	None
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
7	CVE-2008-1377	189	Exec Code	2008-06-16	2010-08-21	9.0	Admin	Remote	Low	Single system	Complete	Complete	Complete
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Total number of vulnerabilities : 7 Page : 1 (This Page)