CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2014-8092 – xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
https://notcve.org/view.php?id=CVE-2014-8092
09 Dec 2014 — Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. Múltiples desbordamientos de enteros en X.Org X Window System (también conocido como X11 o X) X11R1 y X.Org Ser... • http://advisories.mageia.org/MGASA-2014-0532.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 31EXPL: 0CVE-2011-0465 – xorg: xrdb code execution via crafted X client hostname
https://notcve.org/view.php?id=CVE-2011-0465
08 Apr 2011 — xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. xrdb.c en xrdb anterior a v1.0.9 en X.Org X11R7.6 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres en un hostname obtenido de un mensaje (1) DHCP o (2) XDMCP. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prio... • http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 • CWE-20: Improper Input Validation •