CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8101 – xorg-x11-server: out of bounds access due to not validating length or offset values in RandR extension
https://notcve.org/view.php?id=CVE-2014-8101
09 Dec 2014 — The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. La extensión RandR en XFree86 4.2.0, X.Org X Window System (también conoc... • http://advisories.mageia.org/MGASA-2014-0532.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8102 – xorg-x11-server: out of bounds access due to not validating length or offset values in XFixes extension
https://notcve.org/view.php?id=CVE-2014-8102
09 Dec 2014 — The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. La función SProcXFixesSelectSelectionInput en la extensión XFixes en X.Org X Window System (también conocido como X11 o X) X11R6.8.0 y X.Org Server (también conocido como xserv... • http://advisories.mageia.org/MGASA-2014-0532.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2012-2118
https://notcve.org/view.php?id=CVE-2012-2118
18 May 2012 — Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. Vulnerabilidad de formato de cadena en la función LogVHdrMessageVerb en OS/log.c en X11 X.Org v1.11 permite a atacantes provocar una denegación de servicio o posiblemente ejecutar código arbitrario mediante especificadores de formato de cadena en el nombre de un dispositivo de entrad... • http://patchwork.freedesktop.org/patch/10001 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 35EXPL: 0CVE-2009-3100
https://notcve.org/view.php?id=CVE-2009-3100
08 Sep 2009 — xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. xscreensaver (también conocido como Gnome-XScreenSaver) en Sun Solaris v9 y v10, OpenSolaris snv_109 hasta snv_122, y... • http://bugs.opensolaris.org/view_bug.do?bug_id=6839026 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2718 – JDK reposition of untrusted applet security icon in X11
https://notcve.org/view.php?id=CVE-2009-2718
10 Aug 2009 — The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para X11 no impone la restricción de distancia prevista desde el borde de la ventana al Security Warnin... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 226EXPL: 0CVE-2009-2711
https://notcve.org/view.php?id=CVE-2009-2711
07 Aug 2009 — XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. Xscreensaver en Sun Solaris v9 y v10, OpenSolaris anterior a snv_120, y X11 v6.4.1 para Solaris v8, cuando el servidor Xorg o Xnewt es utilizado, permite a atacantes físicamente próxim... • http://secunia.com/advisories/36170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 0CVE-2007-1003 – xserver XC-MISC integer overflow
https://notcve.org/view.php?id=CVE-2007-1003
06 Apr 2007 — Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. Desbordamiento de búfer en ALLOCATE_LOCAL en la función ProcXCMiscGetXIDList en la extensión XC-MISC en el servidor X.Org X11 (xserver) 7.1-1.1.0, y otras versiones anteriores anterior a 20070403, permite a usuario... • http://issues.foresightlinux.org/browse/FL-223 •
CVSS: 10.0EPSS: 75%CPEs: 1EXPL: 1CVE-1999-0526 – X11 No-Auth Scanner
https://notcve.org/view.php?id=CVE-1999-0526
01 Jul 1997 — An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. • https://packetstorm.news/files/id/180970 •