CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-9431 – qTranslate X < 3.4.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9431
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. El plugin qtranslate-x versiones anteriores a 3.4.4 para WordPress, presenta una vulnerabilidad de tipo CSRF con un XSS resultante por medio del parámetro json_config_files o json_custom_i18n_config de wp-admin/options-general.php?page=qtranslate-x. • http://cinu.pl/research/wp-plugins/mail_1a40d7e7a2c29847b939f2c7472c335e.html https://wordpress.org/plugins/qtranslate-x/#developers https://wpvulndb.com/vulnerabilities/8279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.6EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3164
https://notcve.org/view.php?id=CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. La configuración de la autenticación en XWayland 1.16.x y 1.17.x anterior a 1.17.2 arranca el servidor en el modo de no autenticación, lo que permite a usuarios locales leer en o enviar información a clientes X11 arbitrarios a través de vectores que involucran un socket UNIX. • http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html http://www.securityfocus.com/bid/75535 https://security.gentoo.org/glsa/201701-64 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 49EXPL: 0CVE-2013-7439 – libX11: buffer overflow in MakeBigReq macro
https://notcve.org/view.php?id=CVE-2013-7439
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. Múltiples errores de superación de límite (off-by-one) en los macros (1) MakeBigReq y (2) SetReqLen en include/X11/Xlibint.h en X11R6.x y libX11 anterior a 1.6.0 permiten a atacantes remotos tener un impacto no especificado a través de una solicitud manipulada, lo que provoca un desbordamiento de buffer. • http://lists.x.org/archives/xorg-announce/2015-April/002561.html http://seclists.org/oss-sec/2015/q2/81 http://www.debian.org/security/2015/dsa-3224 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/73962 http://www.ubuntu.com/usn/USN-2568-1 https://bugs.freedesktop.org/show_bug.cgi?id=56508 https://access.redhat.com/security/cve/CVE-2013-7439 https://bugzilla.redhat.com/show_bug.cgi?id=1209943 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 8.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1804 – libXfont: out-of-bounds memory access in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1804
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no realiza adecuadamente la conversión de tipos para valores métricos, lo que permite a usuarios remotos autenticados causar una denegación de servicio (acceso a memoria fuera de rango) y la posibilidad de ejecutar código arbitrario a través de archivos de fuente BDF. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2015-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html http:/ • CWE-189: Numeric Errors CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 8.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1802 – libXfont: missing range check in bdfReadProperties
https://notcve.org/view.php?id=CVE-2015-1802
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. La función bdfReadProperties en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 permite a usuarios remotos autenticados causar una denegación de servicio (escritura y caída fuera de rango) o la posibilidad de ejecutar código arbitrario a través de (1) negative o (2) large property count en un archivo de fuente BDF. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2015-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-1708.html http://www.debian& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •