threat
engine
.sh
Back
·
··:··
Home
/
Product
/
x.org x server
Product
x.org x server
91 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34002
all versions
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier
6.1
MEDIUM
CVE-2026-34000
all versions
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within
6.1
MEDIUM
CVE-2025-26601
< 21.1.16
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one aft
7.8
HIGH
CVE-2025-26600
< 21.1.16
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that dev
7.8
HIGH
CVE-2025-26599
< 21.1.16
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot
7.8
HIGH
CVE-2025-26598
< 21.1.16
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based
7.8
HIGH
CVE-2025-26597
< 21.1.16
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key
7.8
HIGH
CVE-2025-26596
< 21.1.16
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is writt
7.8
HIGH
CVE-2025-26595
< 21.1.16
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack
7.8
HIGH
CVE-2025-26594
< 21.1.16
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a cl
7.8
HIGH
CVE-2024-0229
< 21.1.11
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab
7.8
HIGH
CVE-2024-0409
< 21.1.11
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It u
7.8
HIGH
CVE-2024-0408
< 21.1.11
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabe
5.5
MEDIUM
CVE-2023-6816
< 21.1.11
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button current
9.8
CRITICAL
CVE-2023-6478
< 21.1.10
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an
7.6
HIGH
CVE-2023-6377
< 21.1.10
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in o
7.8
HIGH
CVE-2023-5574
>= 1.13.0
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (
7.0
HIGH
CVE-2023-5380
< 21.1.9
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a
4.7
MEDIUM
CVE-2023-5367
< 21.1.9
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset
7.8
HIGH
CVE-2023-1393
< 21.1.8
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly d
7.8
HIGH
CVE-2023-0494
< 21.1.7
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by
7.8
HIGH
CVE-2022-4283
all versions
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed m
7.8
HIGH
CVE-2022-46344
all versions
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-va
8.8
HIGH
CVE-2022-46343
all versions
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may wri
8.8
HIGH
CVE-2022-46342
all versions
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write
8.8
HIGH
CVE-2022-46341
all versions
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-
8.8
HIGH
CVE-2022-46340
all versions
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest
8.8
HIGH
CVE-2022-3553
all versions
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquar
3.5
LOW
CVE-2022-3551
< 21.1.6
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcX
3.5
LOW
CVE-2022-3550
< 21.1.6
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString
5.5
MEDIUM
CVE-2022-2320
all versions
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue
7.8
HIGH
CVE-2022-2319
all versions
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to imprope
7.8
HIGH
CVE-2021-4011
< 1.20.14
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCre
7.8
HIGH
CVE-2021-4010
< 1.20.14
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcSc
7.8
HIGH
CVE-2021-4009
< 1.20.14
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXF
7.8
HIGH
CVE-2021-4008
< 1.20.14
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRe
7.8
HIGH
CVE-2020-25697
all versions
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an
7.0
HIGH
CVE-2021-3472
< 1.20.11
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a loca
7.8
HIGH
CVE-2020-14360
< 1.20.10
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privi
7.8
HIGH
CVE-2020-25712
< 1.20.10
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation
7.8
HIGH
CVE-2020-14362
< 1.20.9
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a
7.8
HIGH
CVE-2020-14361
< 1.20.9
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a
7.8
HIGH
CVE-2020-14346
< 1.20.9
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server
7.8
HIGH
CVE-2020-14345
< 1.20.9
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a priv
7.8
HIGH
CVE-2020-14347
< 1.20.9
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. I
5.5
MEDIUM
CVE-2019-17624
<= 1.20.4
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_cha
7.8
HIGH
CVE-2018-14665
< 1.20.3
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when startin
6.6
MEDIUM
CVE-2017-2624
<= 1.19.4
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid
5.9
MEDIUM
CVE-2017-12187
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to c
9.8
CRITICAL
CVE-2017-12186
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server
9.8
CRITICAL
CVE-2017-12185
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X s
9.8
CRITICAL
CVE-2017-12184
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to
9.8
CRITICAL
CVE-2017-12183
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to c
9.8
CRITICAL
CVE-2017-12182
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server
9.8
CRITICAL
CVE-2017-12181
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server
9.8
CRITICAL
CVE-2017-12180
< 1.19.5
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X ser
9.8
CRITICAL
CVE-2017-12179
< 1.19.5
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X
9.8
CRITICAL
CVE-2017-12178
< 1.19.5
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause
9.8
CRITICAL
CVE-2017-12177
< 1.19.5
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to c
9.8
CRITICAL
CVE-2017-12176
< 1.19.5
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client
9.8
CRITICAL
CVE-2017-13723
<= 1.19.3
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a globa
7.8
HIGH
CVE-2017-13721
<= 1.19.3
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory ext
4.7
MEDIUM
CVE-2017-10972
<= 1.19.3
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated m
6.5
MEDIUM
CVE-2017-10971
<= 1.19.3
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X
8.8
HIGH
CVE-2015-3418
<= 1.16.3
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause
7.5
HIGH
CVE-2015-3164
all versions
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows lo
CVE-2015-0255
<= 1.16.3
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive info
CVE-2014-8103
all versions
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial
CVE-2014-8102
<= 1.16.2.99.901
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org S
CVE-2014-8101
<= 1.16.2.99.901
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server)
CVE-2014-8100
<= 1.16.2.99.901
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server
CVE-2014-8099
<= 1.16.2.99.901
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server
CVE-2014-8098
<= 1.16.2.99.901
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) bef
CVE-2014-8097
<= 1.16.2.99.901
The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 all
CVE-2014-8096
<= 1.16.2.99.901
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka
CVE-2014-8095
<= 1.16.2.99.901
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 al
CVE-2014-8094
all versions
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 thro
CVE-2014-8093
<= 1.16.2
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (ak
CVE-2014-8092
<= 1.16.2.99.901
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.1
CVE-2014-8091
<= 1.16.2
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Se
CVE-2011-4613
all versions
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is sta
CVE-2011-4029
<= 1.11.1
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary fil
CVE-2011-4028
<= 1.11.1
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary fi
CVE-2008-0006
<= 1.4
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Sola
CVE-2007-6429
<= 1.4
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a Get
CVE-2007-6428
<= 1.4
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attack
CVE-2007-6427
< 1.4.1
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests relat
CVE-2007-5958
<= 1.4
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp opt
CVE-2007-5760
<= 1.4
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitr
CVE-2007-3957
all versions
Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a lon
CVE-2007-2437
<= 1.3.0
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authent
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin