CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3550 – X.org Server xkb.c _GetCountedString buffer overflow
https://notcve.org/view.php?id=CVE-2022-3550
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e https://lists.debian.org/debian-lts-announce/2022/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTPFVGYTOY4EWTJEBH3YGDTTU57FZAK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOEDFBYPSE3EMVHTEFCVEJD2R2Y5F2A5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXZZ6JBDBVBYPDI6DUTY6N36GNW37YHK https://lists.fedo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3553 – X.org Server xquartz X11Controller.m denial of service
https://notcve.org/view.php?id=CVE-2022-3553
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3 https://security.gentoo.org/glsa/202305-30 https://vuldb.com/?id.211053 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2022-25646 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-25646
All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells. Todas las versiones del paquete x-data-spreadsheet son vulnerables a un ataque de tipo Cross-site Scripting (XSS) debido a una falta de saneo de los valores insertados en las celdas • https://github.com/myliang/x-spreadsheet/issues/580 https://security.snyk.io/vuln/SNYK-JS-XDATASPREADSHEET-2430381 https://youtu.be/Ij-8VVKNh7U • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2319 – X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2319
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. Se ha encontrado un fallo en Xorg-x11-server. Puede producirse un problema de acceso fuera de límites en la función ProcXkbSetGeometry debido a una comprobación inapropiada de la longitud de la petición This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ProcXkbSetGeometry requests. • https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938 https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939 https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html https://security.gentoo.org/glsa/202210-30 https://security.netapp.com/advisory/ntap-20221104-0003 https://www.zerodayinitiative.com/advisories/ZDI-22-964 https://access.redhat.com/security/cve/CVE-2022-2319 https://bugzilla.redhat.com/show_bug.cgi?id=2106671 • CWE-1320: Improper Protection for Outbound Error Messages and Alert Signals •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2320 – X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2320
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. Se ha encontrado un fallo en Xorg-x11-server. • https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938 https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939 https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html https://security.gentoo.org/glsa/202210-30 https://security.netapp.com/advisory/ntap-20221104-0003 https://www.zerodayinitiative.com/advisories/ZDI-22-963 https://access.redhat.com/security/cve/CVE-2022-2320& • CWE-787: Out-of-bounds Write •