CVSS: 9.0EPSS: 40%CPEs: 8EXPL: 0CVE-2022-46343 – X.Org Server ScreenSaverSetAttributes Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46343
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque el controlador de la solicitud ScreenSaverSetAttributes puede escribir en la memoria una vez liberada.... • https://access.redhat.com/security/cve/CVE-2022-46343 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 26%CPEs: 8EXPL: 0CVE-2022-46344 – X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-46344
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProper... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2022-4283 – X.Org Server XkbCopyNames Double Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-4283
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque la función XkbCopyNames dejó un puntero colgante a ... • https://access.redhat.com/security/cve/CVE-2022-4283 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3551 – X.org Server xkb.c ProcXkbGetKbdByName memory leak
https://notcve.org/view.php?id=CVE-2022-3551
17 Oct 2022 — A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3553 – X.org Server xquartz X11Controller.m denial of service
https://notcve.org/view.php?id=CVE-2022-3553
17 Oct 2022 — A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 0CVE-2022-3550 – X.org Server xkb.c _GetCountedString buffer overflow
https://notcve.org/view.php?id=CVE-2022-3550
17 Oct 2022 — A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. • https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2022-25646 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-25646
30 Aug 2022 — All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells. Todas las versiones del paquete x-data-spreadsheet son vulnerables a un ataque de tipo Cross-site Scripting (XSS) debido a una falta de saneo de los valores insertados en las celdas • https://github.com/myliang/x-spreadsheet/issues/580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2320 – X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2320
12 Jul 2022 — A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. Se ha encontrado un fallo en Xorg-x11-server. • https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2319 – X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2319
12 Jul 2022 — A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. Se ha encontrado un fallo en Xorg-x11-server. Puede producirse un problema de acceso fuera de límites en la función ProcXkbSetGeometry debido a una comprobación inapropiada de la longitud de la petición This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the a... • https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938 • CWE-1320: Improper Protection for Outbound Error Messages and Alert Signals •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1186 – Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2022-1186
30 Mar 2022 — The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5. El plugin Be POPIA Compliant de WordPress expuso información confidencial a usuarios no autenticados consistente en correos electrónicos y nombres de usuario de los visitantes del sitio por medio de una ruta API, en versiones hasta 1.1.5 incluyéndola • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail= • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •