CVSS: 4.6EPSS: 0%CPEs: 27EXPL: 0CVE-2012-0064
https://notcve.org/view.php?id=CVE-2012-0064
xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab. xkeyboard-config anterior a 2.5 en X.Org anterior a 7.6 habilita por defecto ciertas funciones de depuración XKB, lo que permite a atacantes físicamente próximos evadir un bloqueo de pantalla X a través de combinaciones de teclado que interrumpen la captura de entrada . • http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up http://lists.x.org/archives/xorg-announce/2012-January/001797.html http://lists.x.org/archives/xorg-devel/2012-January/028691.html http://securitytracker.com/id?1026549 http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html http://www.openwall.com/lists/oss-security/2012/01/19/6 http://www.osvdb.org/78445 http://www.x.org/wiki/Development/Security https://bugz • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 2%CPEs: 31EXPL: 0CVE-2011-0465 – xorg: xrdb code execution via crafted X client hostname
https://notcve.org/view.php?id=CVE-2011-0465
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. xrdb.c en xrdb anterior a v1.0.9 en X.Org X11R7.6 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres en un hostname obtenido de un mensaje (1) DHCP o (2) XDMCP. • http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html http://secunia.com/advisories/44010 http://secunia.com/advisories/44012 http://secunia.com/advisories/44040 http&# • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2009-3100
https://notcve.org/view.php?id=CVE-2009-3100
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. xscreensaver (también conocido como Gnome-XScreenSaver) en Sun Solaris v9 y v10, OpenSolaris snv_109 hasta snv_122, y X11 v6.4.1 en Solaris 8 no maneja apropiadamente el soporte Accesibilidad, lo que permite a los usuarios locales causar una denegación de servicio (parada del sistema) cerrando la pantalla y logrando lanzar una venta emergente de Accesibilidad, relativa a una regresión en ciertos parches Solaris y OpenSolaris. • http://bugs.opensolaris.org/view_bug.do?bug_id=6839026 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266469-1 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2718 – JDK reposition of untrusted applet security icon in X11
https://notcve.org/view.php?id=CVE-2009-2718
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para X11 no impone la restricción de distancia prevista desde el borde de la ventana al Security Warning Icon, facilitando a atacantes dependientes del contexto que engañen a un usuario para interactuar sin seguridad con un applet no confiable. • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2718 https://bugzilla.redhat.com/show_bug.cgi?id=516815 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 226EXPL: 0CVE-2009-2711
https://notcve.org/view.php?id=CVE-2009-2711
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. Xscreensaver en Sun Solaris v9 y v10, OpenSolaris anterior a snv_120, y X11 v6.4.1 para Solaris v8, cuando el servidor Xorg o Xnewt es utilizado, permite a atacantes físicamente próximos obtener información sensible mediante la lectura de ventanas emergentes, que son mostrados incluso cuando la pantalla está bloqueado, una vulnerabilidad diferente que CVE-2009-1276. • http://secunia.com/advisories/36170 http://sunsolve.sun.com/search/document.do?assetkey=1-21-115298-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-258928-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020463.1-1 http://www.securityfocus.com/bid/35964 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5838 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •