Search CVE reports
51 – 59 of 59 results
CVE-2017-12179
Medium priorityxorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-12178
Medium priorityxorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-12177
Medium priorityxorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-12176
Medium priorityxorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-13723
Medium priorityIn X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or...
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-13721
Low priorityIn X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients...
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-10972
Medium prioritySome fixes available 5 of 6
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-10971
Medium prioritySome fixes available 5 of 6
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
8 affected packages
xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04, xorg-server-lts-utopic...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not affected |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
CVE-2017-2624
Negligible prioritySome fixes available 4 of 10
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp()...
10 affected packages
xorg-server, xorg-server-hwe-16.04, xorg-server-lts-quantal, xorg-server-lts-raring, xorg-server-lts-saucy...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Fixed |
| xorg-server-lts-quantal | — | — | — | — | Not in release |
| xorg-server-lts-raring | — | — | — | — | Not in release |
| xorg-server-lts-saucy | — | — | — | — | Not in release |
| xorg-server-lts-trusty | — | — | — | — | Not in release |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |