CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2012-2118
https://notcve.org/view.php?id=CVE-2012-2118
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. Vulnerabilidad de formato de cadena en la función LogVHdrMessageVerb en OS/log.c en X11 X.Org v1.11 permite a atacantes provocar una denegación de servicio o posiblemente ejecutar código arbitrario mediante especificadores de formato de cadena en el nombre de un dispositivo de entrada. • http://patchwork.freedesktop.org/patch/10001 http://www.openwall.com/lists/oss-security/2012/04/18/8 http://www.openwall.com/lists/oss-security/2012/04/19/2 http://www.securityfocus.com/bid/53150 https://exchange.xforce.ibmcloud.com/vulnerabilities/74930 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 31EXPL: 0CVE-2011-0465 – xorg: xrdb code execution via crafted X client hostname
https://notcve.org/view.php?id=CVE-2011-0465
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. xrdb.c en xrdb anterior a v1.0.9 en X.Org X11R7.6 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres en un hostname obtenido de un mensaje (1) DHCP o (2) XDMCP. • http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html http://secunia.com/advisories/44010 http://secunia.com/advisories/44012 http://secunia.com/advisories/44040 http&# • CWE-20: Improper Input Validation •