Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
Max CVSS
7.5
EPSS Score
1.33%
Published
2015-04-16
Updated
2016-10-18
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
Max CVSS
10.0
EPSS Score
1.98%
Published
2012-05-18
Updated
2017-08-29
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
Max CVSS
9.0
EPSS Score
2.46%
Published
2007-04-06
Updated
2018-10-16
CVE-1999-0526
Public exploit
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
Max CVSS
10.0
EPSS Score
80.74%
Published
1997-07-01
Updated
2008-09-09
4 vulnerabilities found