RSS   Vulnerabilities for 'X server'   RSS

2014-02-05
 
CVE-2011-4613

CWE-264
 
 
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

 
2014-01-18
 
CVE-2013-6425

CWE-189
 
 
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

 
 
CVE-2013-6424

 
 
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

 
2012-07-03
 
CVE-2011-4029

CWE-362
 
 
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

 
 
CVE-2011-4028

CWE-59
 
 
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

 

 >>> Vendor: X 33 Products
X11
X.org
Libxfont
X server
X.org-xserver
X.org x11
Libxext
Libxfixes
Libxi
Libxrandr
Libxres
Libxv
Libxvmc
Libxxf86dga
Libdmx
Libchromexvmc
Libchromexvmcpro
Libfs
Libx11
Libxxf86vm
Libxt
Libxcursor
Libxp
Libxtst
Libxcb
Libxrender
Libxinerama
X display manager
Libglx
Xf86-video-intel
X window system
Xorg-server
Xfree86

Copyright 2024, cxsecurity.com

 

Back to Top