X.Org xorg-server 1.17.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:x.org:xorg-server:1.17.0:*:*:*:*:*:*:*

part: a version: 1.17.0 update: *

VendorX.Org (4cd053ee-09df-594a-873d-dbd09ec2f899)
ProductXorg Server (d5c5a228-377c-5b85-be9a-ca5da7e1b31e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/xserver-xorg-core purl2cpe 2026-06-01 10:14:02.742052
pkg:deb/ubuntu/xserver-xorg-core purl2cpe 2026-06-01 10:14:02.742053
pkg:freedesktop/xorg/xserver purl2cpe 2026-06-01 10:14:02.742054
pkg:github/freedesktop/xorg-xserver purl2cpe 2026-06-01 10:14:02.742056
pkg:rpm/fedora/xorg-x11-server purl2cpe 2026-06-01 10:14:02.742057

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2015-3164 vulnerable 2026-06-03 14:34:49.334910 Details available
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Published: 2015-07-01T14:00:00.000Z
Updated: 2024-08-06T05:39:31.640Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-0255 vulnerable 2026-06-03 14:34:29.401186 Details available
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
Published: 2015-02-13T15:00:00.000Z
Updated: 2024-08-06T04:03:10.448Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.