CVE-2018-14665
- EPSS 27.04%
- Veröffentlicht 25.10.2018 20:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the...
- EPSS 0.67%
- Veröffentlicht 27.07.2018 18:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations ret...
CVE-2017-12177
- EPSS 4.37%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12176
- EPSS 4.17%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12178
- EPSS 4.17%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12179
- EPSS 4.37%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12180
- EPSS 4.23%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12181
- EPSS 4.23%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12183
- EPSS 4.23%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12184
- EPSS 4.17%
- Veröffentlicht 24.01.2018 15:29:00
- Zuletzt bearbeitet 29.08.2025 13:42:30
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.