Skip to main content

X Server CVE-2018-14665

MEDIUM
Incorrect Authorization (CWE-863)
2018-10-25 secalert@redhat.com
6.6
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.6 MEDIUM
AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 25, 2018 - 20:29 nvd
MEDIUM 6.6

DescriptionNVD

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

AnalysisAI

A flaw was found in xorg-x11-server before 1.20.3. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. Affected products include: X.Org X Server, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus. Version information: before 1.20.3..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

CVE-2019-17624 HIGH POC
7.8 Oct 16

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. Rated high severity (C

CVE-2017-10971 HIGH
8.8 Jul 06

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context

CVE-2026-56000 CRITICAL
9.0 Jul 08

Use-after-free in the GLX dispatch layer of X.Org X Server and Xwayland allows an authenticated X client to corrupt heap

CVE-2022-46344 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46343 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46342 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46341 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46340 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-3550 HIGH
8.8 Oct 17

A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2023-5367 HIGH
7.8 Oct 25

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low a

CVE-2023-6377 HIGH
7.8 Dec 13

A flaw was found in xorg-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-o

CVE-2026-55999 HIGH
7.8 Jul 08

Local privilege escalation via heap buffer overflow in the X.Org Server (versions before 21.1.24) and Xwayland (before 2

Share

CVE-2018-14665 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy