CVSS: 7.5EPSS: 1%CPEs: 49EXPL: 0CVE-2013-7439 – libX11: buffer overflow in MakeBigReq macro
https://notcve.org/view.php?id=CVE-2013-7439
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. Múltiples errores de superación de límite (off-by-one) en los macros (1) MakeBigReq y (2) SetReqLen en include/X11/Xlibint.h en X11R6.x y libX11 anterior a 1.6.0 permiten a atacantes remotos tener un impacto no especificado a través de una solicitud manipulada, lo que provoca un desbordamiento de buffer. • http://lists.x.org/archives/xorg-announce/2015-April/002561.html http://seclists.org/oss-sec/2015/q2/81 http://www.debian.org/security/2015/dsa-3224 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/73962 http://www.ubuntu.com/usn/USN-2568-1 https://bugs.freedesktop.org/show_bug.cgi?id=56508 https://access.redhat.com/security/cve/CVE-2013-7439 https://bugzilla.redhat.com/show_bug.cgi?id=1209943 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 6%CPEs: 2EXPL: 0CVE-2014-8091 – xorg-x11-server: denial of service due to unchecked malloc in client authentication
https://notcve.org/view.php?id=CVE-2014-8091
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. X.Org X Window System (también conocido como X11 and X) X11R5 y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3, cuando utiliza las credenciales de autenticación SUN-DES-1 (Secure RPC), no compreuba el valor de retorno de una llamada malloc, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de servidor) a través de una solicitud de conexión manipulada. It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71597& • CWE-252: Unchecked Return Value •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8092 – xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
https://notcve.org/view.php?id=CVE-2014-8092
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. Múltiples desbordamientos de enteros en X.Org X Window System (también conocido como X11 o X) X11R1 y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 permiten a usuarios remotos autenticados causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud manipulada en la función (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, o (4) REQUEST_FIXED_SIZE, lo que provoca una lectura o escritura fuera de rango. Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8093 – xorg-x11-server: integer overflow in GLX extension requests when calculating memory needs for requests
https://notcve.org/view.php?id=CVE-2014-8093
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. Múltiples desbordamientos de enteros en la extensión GLX en XFree86 4.0, X.Org X Window System (también conocido como X11 o X) X11R6.7, y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 permiten a usuarios remotos autenticados causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud manipulada en la función (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, o (18) __glXSeparableFilter2DReqSize, lo que provoca una lectura o escritura fuera de rango. Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. • http://advisories.mageia.org/MGASA-2014-0532.html http://nvidia.custhelp.com/app/answers/detail/a_id/3610 http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71596 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8095 – xorg-x11-server: out of bounds access due to not validating length or offset values in XInput extension
https://notcve.org/view.php?id=CVE-2014-8095
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. La extensión XInput en X.Org X Window System (también conocido como X11 o X) X11R4 y X.Org Server (también conocido como xserver y xorg-server) en versiones anteriores a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (lectura o escritura fuera de rango) o posiblemente ejecutar código arbitrario a través de un valor de longitud o índice manipulado a la función (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus o (27) SProcXIWarpPointer. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71599& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •