CVSS: 4.9EPSS: 0%CPEs: 226EXPL: 0CVE-2009-2711
https://notcve.org/view.php?id=CVE-2009-2711
07 Aug 2009 — XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. Xscreensaver en Sun Solaris v9 y v10, OpenSolaris anterior a snv_120, y X11 v6.4.1 para Solaris v8, cuando el servidor Xorg o Xnewt es utilizado, permite a atacantes físicamente próxim... • http://secunia.com/advisories/36170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1377 – X.org Record and Security extensions memory corruption
https://notcve.org/view.php?id=CVE-2008-1377
16 Jun 2008 — The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. Las funciones (1) SProcRecordCreateContext y (2) SProcRecordRegisterClients en la extensió... • ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1379 – X.org MIT-SHM extension arbitrary memory read
https://notcve.org/view.php?id=CVE-2008-1379
16 Jun 2008 — Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. Desbordamiento de entero en la función fbShmPutImage de la extensión MIT-SHM en el X server 1.4 de X.Org X11R7.3, permite a atacantes dependientes del contexto leer la memoria de procesos de su elección mediante valores manipulados para el alto y ancho de un Pixmap. • ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-2360 – X.org Render extension AllocateGlyph() heap buffer overflow
https://notcve.org/view.php?id=CVE-2008-2360
16 Jun 2008 — Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. Desboramiento de entero en la función AllocateGlyph de la extensión Render del servidor X-window 1.4 en X.org X11R7.3 permite a atacantes, dependiendo del contexto, ejecutar código arbitrario a través de campos de solici... • ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2008-2362 – X.org Render extension input validation flaw causing memory corruption
https://notcve.org/view.php?id=CVE-2008-2362
16 Jun 2008 — Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. Múltiples desbordamientos de entero en la extensión Render en el servidor X 1.4 de X.Org X11R7.3 permite a atacante... • ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 29%CPEs: 3EXPL: 0CVE-2008-0006 – Xorg / XFree86 PCF font parser buffer overflow
https://notcve.org/view.php?id=CVE-2008-0006
18 Jan 2008 — Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. Un desbordamiento del búfer en (1) X.Org Xserver versiones anteriores a 1.4.1, y (2) las bibliotecas libfont y libXfont en algunas plataformas, incluyendo Sun Solaris, permite a atacantes dependiendo del... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-5760 – xorg: invalid array indexing in XFree86-Misc extension
https://notcve.org/view.php?id=CVE-2007-5760
18 Jan 2008 — Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. Error de índice de Array en la extensión XFree86-Misc de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante una petición PassMessage conteniendo un índice de array largo. • http://bugs.gentoo.org/show_bug.cgi?id=204362 •
CVSS: 8.4EPSS: 4%CPEs: 1EXPL: 1CVE-2007-5958 – X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
https://notcve.org/view.php?id=CVE-2007-5958
18 Jan 2008 — X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. X.Org Xserver versiones anteriores a 1.4.1 permite a usuarios locales determinar la existencia de ficheros de su elección mediante un argumento nombre de fichero en la opción -sp en el programa X, lo cual produce diferentes mensajes de error dependientes de si el fichero existe... • https://www.exploit-db.com/exploits/5152 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
18 Jan 2008 — The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones,... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6428 – xfree86: information disclosure via TOG-CUP extension
https://notcve.org/view.php?id=CVE-2007-6428
18 Jan 2008 — The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. La función ProcGetReservedColormapEntries de la extensión TOG-CUP de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto leer el contenido de ubicaciones de memoria de su elección mediante ... • http://bugs.gentoo.org/show_bug.cgi?id=204362 •