CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-14347 – X.Org Server Pixel Data Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. Se encontró un fallo en la manera en que la memoria de xserver no fue inicializada apropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347 https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html https://lists.x.org/archives/xorg-announce/2020-July/003051.html https://security.gentoo.org/glsa/202012-01 https://usn.ubuntu.com/4488-1 https://usn.ubuntu.com/4488-2 https://www.debian.org/security&#x • CWE-665: Improper Initialization •
CVSS: 7.2EPSS: 4%CPEs: 11EXPL: 11CVE-2018-14665 – Xorg X11 Server (AIX) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-14665
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. Se ha descubierto un problema en versiones anteriores a la 1.20.3 de xorg-x11-server. Hay una comprobación incorrecta de permisos para las opciones -modulepath y -logfile al iniciar Xorg. • https://www.exploit-db.com/exploits/45938 https://www.exploit-db.com/exploits/45832 https://www.exploit-db.com/exploits/45922 https://www.exploit-db.com/exploits/45908 https://www.exploit-db.com/exploits/45697 https://www.exploit-db.com/exploits/45742 https://www.exploit-db.com/exploits/46142 https://www.exploit-db.com/exploits/47701 https://github.com/jas502n/CVE-2018-14665 https://github.com/bolonobolo/CVE-2018-14665 http://packetstormsecurity.com/files/154942/ • CWE-271: Privilege Dropping / Lowering Errors CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12184
https://notcve.org/view.php?id=CVE-2017-12184
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. xorg-x11-server en versiones anteriores a la 1.19.5 no tenía una validación de longitud en la extensión XINERAMA, lo que permitía que atacantes remotos permitan que el cliente malicioso X provoque que el servidor X se cierre inesperadamente o que, posiblemente, ejecute código arbitrario. • https://bugzilla.redhat.com/show_bug.cgi?id=1509225 https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html https://www.debian.org/security/2017/dsa-4000 • CWE-20: Improper Input Validation CWE-391: Unchecked Error Condition •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12182
https://notcve.org/view.php?id=CVE-2017-12182
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. xorg-x11-server en versiones anteriores a la 1.19.5 no tenía una validación de longitud en la extensión XFree86 DRI, lo que permitía que atacantes remotos permitan que el cliente malicioso X provoque que el servidor X se cierre inesperadamente o que, posiblemente, ejecute código arbitrario. • https://bugzilla.redhat.com/show_bug.cgi?id=1509223 https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html https://security.gentoo.org/glsa/201711-05 https://www.debian.org/security/2017/dsa-4000 • CWE-20: Improper Input Validation CWE-391: Unchecked Error Condition •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-12177
https://notcve.org/view.php?id=CVE-2017-12177
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. xorg-x11-server en versiones anteriores a la 1.19.5 era vulnerable a un desbordamiento de enteros en la función ProcDbeGetVisualInfo, lo que permitiría que atacantes provoquen que el cliente malicioso X haga que el servidor X se cierre inesperadamente o que, posiblemente, ejecute código arbitrario. • https://bugzilla.redhat.com/show_bug.cgi?id=1509218 https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831 https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html https://security.gentoo.org/glsa/201711-05 https://www.debian.org/security/2017/dsa-4000 • CWE-190: Integer Overflow or Wraparound CWE-391: Unchecked Error Condition •