CVSS: 9.8EPSS: 1%CPEs: 49EXPL: 0CVE-2013-7439 – libX11: buffer overflow in MakeBigReq macro
https://notcve.org/view.php?id=CVE-2013-7439
14 Apr 2015 — Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. Múltiples errores de superación de límite (off-by-one) en los macros (1) MakeBigReq y (2) SetReqLen en include/X11/Xlibint.h en X11R6.x y libX11 anterior a 1.6.0 permiten a atacantes remotos tener un impacto no especificado a través de una solicitud manipulada, lo que pr... • http://lists.x.org/archives/xorg-announce/2015-April/002561.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 9%CPEs: 31EXPL: 0CVE-2011-0465 – xorg: xrdb code execution via crafted X client hostname
https://notcve.org/view.php?id=CVE-2011-0465
08 Apr 2011 — xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. xrdb.c en xrdb anterior a v1.0.9 en X.Org X11R7.6 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres en un hostname obtenido de un mensaje (1) DHCP o (2) XDMCP. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prio... • http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 • CWE-20: Improper Input Validation •