Page 3 of 39 results (0.016 seconds)

CVSS: 7.5EPSS: 36%CPEs: 23EXPL: 0

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer en xpmParseColors en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código arbitrario mediante un fichero de imagen XPM malformado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=109530851323415&w=2 http://scary.beasts.org/security/CESA-2004-003.txt http://secunia.com/advisories/20235 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 http://www.debian.org/security/2004/dsa-560 http:&# •

CVSS: 7.5EPSS: 42%CPEs: 23EXPL: 0

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código de su elección mediante una imagen XPM malformada. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=109530851323415&w=2 http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html http://scary.beasts.org/security/CESA-2004-003.txt http://secunia.com/advisories/20235 http://sunsolve.sun.com/search&# •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. XDM en XFree86 abre una un socket TCP chooserFd incluso cuando DisplayManger.requestPort es 0, lo que podría permitir a atacantes remotos conectar al puerto, violando las restricciones pretendidas. • http://bugs.xfree86.org/show_bug.cgi?id=1376 http://secunia.com/advisories/12019 http://securitytracker.com/id?1010306 http://www.ciac.org/ciac/bulletins/p-001.shtml http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073 http://www.openbsd.org/errata.html#xdm http://www.redhat.com/support/errata/RHSA-2004-478.html http://www.securityfocus.com/bid/10423 https://bugzilla.redhat.com/bugz •

CVSS: 7.5EPSS: 8%CPEs: 7EXPL: 0

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). XFree86 4.1.0 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un índice de un array fuera de límites cuando usa la extenesión GLX y la infraestructura Direct Rendering • ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 http://www.debian.org/security/2004/dsa-443 http://www.redhat.com/support/errata/RHSA-2004-152.html http://www.securityfocus.com/bid/9701 https://exchange.xforce.ibmcloud.com/vulnerabilities/15272 https://access.redhat.com/security/cve/CVE-2004-0093 https://bugzilla.redhat.com/show_bug.cgi?id=1617146 •

CVSS: 7.5EPSS: 8%CPEs: 7EXPL: 0

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). Errores de falta de signo en enteros en XFree86 4.1.0 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario cuando se usa la extensión GLX y la infraestructura Direct Rendering • ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 http://www.debian.org/security/2004/dsa-443 http://www.redhat.com/support/errata/RHSA-2004-152.html http://www.securityfocus.com/bid/9701 https://exchange.xforce.ibmcloud.com/vulnerabilities/15273 https://access.redhat.com/security/cve/CVE-2004-0094 https://bugzilla.redhat.com/show_bug.cgi?id=1617147 •