CVE-2013-1940 – xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled
https://notcve.org/view.php?id=CVE-2013-1940
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. X.Org X server anterior a v1.13.4 y v1.4.x anterior a v1.14.1 no restringe adecuadamente el acceso a los eventos de entrada cuando se añade un nuevo dispositivo de conexión en caliente, lo cual puede permitir a atacantes cercanos obtener información sensible, como se ha demostrado mediante la lectura de contraseñas de un tty. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html http://www.debian.org/security/2013/dsa-2661 http://www.openwall.com/lists/oss-security/2013/04/18/3 http://www.ubuntu.com/usn/USN-1803-1 https://bugs.freedesktop.org/show_bug.cgi?id=63353 https://access.redhat.com/security/cve/CVE-2013-1940 https:/& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-4819 – X.org: ProcRenderAddGlyphs input sanitization flaw
https://notcve.org/view.php?id=CVE-2010-4819
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." La función ProcRenderAddGlyphs en la extensión Render (render/render.c) en X.Org xserver v1.7.7 y anteriores permite a usuarios locales leer la memoria arbitraria y posiblemente causar una denegación de servicio (caída del servidor) a través de vectores no especificados relacionados con una entrada "input sanitization flaw". • http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718 http://rhn.redhat.com/errata/RHSA-2011-1359.html http://rhn.redhat.com/errata/RHSA-2011-1360.html http://securitytracker.com/id?1026149 http://www.openwall.com/lists/oss-security/2011/09/22/8 http://www.openwall.com/lists/oss-security/2011/09/23/5 https://bugs.freedesktop.org/show_bug.cgi?id=28801 https: • CWE-20: Improper Input Validation •