CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0408 – Xorg-x11-server: selinux unlabeled glx pbuffer
https://notcve.org/view.php?id=CVE-2024-0408
17 Jan 2024 — A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. Se encontró una falla en el servidor X.Org. El código GLX PBuffer no llama al gancho XACE al crear el bú... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0409 – Xorg-x11-server: selinux context corruption
https://notcve.org/view.php?id=CVE-2024-0409
17 Jan 2024 — A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. Se encontró una falla en el servidor X.Org. El código del cursor tanto en Xephyr como en Xwayland utiliza el tipo incorrecto de privado en el momento de la creación. • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6377 – Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
https://notcve.org/view.php?id=CVE-2023-6377
13 Dec 2023 — A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. Se encontró una falla en xorg-server. Consultar o cambiar las acciones de los botones XKB, como pasar de un panel táctil a un mouse, puede provocar lecturas y escrituras de memoria fuera de los límites. • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 17EXPL: 0CVE-2023-6478 – Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
https://notcve.org/view.php?id=CVE-2023-6478
13 Dec 2023 — A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. Se encontró una falla en xorg-server. Una solicitud especialmente manipulada a RRChangeProviderProperty o RRChangeOutputProperty puede desencadenar un desbordamiento de enteros que puede provocar la divulgación de información confidencial. This vulnerability allows local attackers to disclose sensitive info... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26117 – tigervnc: certificate exceptions stored as authorities
https://notcve.org/view.php?id=CVE-2020-26117
27 Sep 2020 — In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. En los archivos rfb/CSecurityTLS.cxx y rfb/CSecurityTLS.java en TigerVNC versiones anteriores a 1.11.0, los espectadores manejan inapropiadamente las excepciones del certificado TLS. Almacenan los certificados como autoridades, lo q... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.html • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •
CVSS: 7.2EPSS: 6%CPEs: 2EXPL: 1CVE-2019-15695 – tigervnc: Stack buffer overflow in CMsgReader::readSetCursor
https://notcve.org/view.php?id=CVE-2019-15695
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versión anterior a 1.10.1, es vulnerable al desbordam... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-121: Stack-based Buffer Overflow CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 6%CPEs: 2EXPL: 2CVE-2019-15694 – tigervnc: Heap buffer overflow in DecodeManager::decodeRect
https://notcve.org/view.php?id=CVE-2019-15694
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila, que podría ser activada desde la función DecodeManager::decodeR... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 8%CPEs: 1EXPL: 1CVE-2019-15693 – tigervnc: Heap buffer overflow in TightDecoder::FilterGradient
https://notcve.org/view.php?id=CVE-2019-15693
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila, que se presenta en la función TightDecoder::FilterGradient. La explotación de esta vulnerabilidad podría resultar potencialmente en una ejecución de c... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 7%CPEs: 2EXPL: 1CVE-2019-15692 – tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks
https://notcve.org/view.php?id=CVE-2019-15692
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2019-15691 – tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder
https://notcve.org/view.php?id=CVE-2019-15691
26 Dec 2019 — TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al us... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html • CWE-672: Operation on a Resource after Expiration or Release CWE-825: Expired Pointer Dereference •