CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-45922
https://notcve.org/view.php?id=CVE-2023-45922
29 Jan 2024 — glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. Se descubrió que glx_pbuffer.c en Mesa 23.0.4 contenía una infracción de segmentación al llamar a __glXGetDrawableAttribute(). NOTA: esto está en disputa porque no hay situaciones comunes en las que los usuarios requieran una operación ininterru... • http://seclists.org/fulldisclosure/2024/Jan/50 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45920
https://notcve.org/view.php?id=CVE-2023-45920
29 Jan 2024 — Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager. Se descubrió que Xfig v3.2.8 contenía una desreferencia de puntero NULL al llamar a XGetWMHints(). NOTA: esto está en disputa porque no se espera que una aplicación X continúe ejecutándose cuando hay un comportamiento anómalo arbitrario del ser... • http://seclists.org/fulldisclosure/2024/Jan/48 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-45919
https://notcve.org/view.php?id=CVE-2023-45919
29 Jan 2024 — Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. Se descubrió que Mesa 23.0.4 contenía un búfer sobreleído en glXQueryServerString(). NOTA: esto está en disputa porque no hay situaciones comunes en las que los usuarios requieran una operación ininterrumpida con un servidor controlador de atacante. • http://seclists.org/fulldisclosure/2024/Jan/47 • CWE-126: Buffer Over-read •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2023-45913
https://notcve.org/view.php?id=CVE-2023-45913
29 Jan 2024 — Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. Se descubrió que Mesa v23.0.4 contenía una desreferencia de puntero NULL mediante la función dri2GetGlxDrawableFromXDrawableId(). Esta vulnerabilidad se ac... • http://seclists.org/fulldisclosure/2024/Jan/28 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20921 – OpenJDK: range check loop optimization issue (8314307)
https://notcve.org/view.php?id=CVE-2024-20921
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation CWE-276: Incorrect Default Permissions •
CVSS: 5.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20945 – OpenJDK: logging of digital signature private keys (8316976)
https://notcve.org/view.php?id=CVE-2024-20945
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21885 – Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent
https://notcve.org/view.php?id=CVE-2024-21885
17 Jan 2024 — A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. Se encontró una falla en el servidor X.Org. En la función XISendDeviceHierarchyEvent, es posible exceder la longitud de la matriz asignada cuando se agregan cier... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2024-21886 – Xorg-x11-server: heap buffer overflow in disabledevice
https://notcve.org/view.php?id=CVE-2024-21886
17 Jan 2024 — A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. Se encontró una falla de desbordamiento de búfer de almacenamiento dinámico en la función DisableDevice en el servidor X.Org. Este problema puede provocar un bloqueo de la aplicación o, en algunas circunstancias, la ejecución remota de código en entornos de reenvío SSH X11. This vulnerability ... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-0229 – Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2024-0229
17 Jan 2024 — An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. Se encontró una falla de acceso a la memoria fuera de los límites en el servidor X.Org. Este problema puede desencadenarse cuando un dispositivo congelado po... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •