CVSS: 9.8EPSS: 29%CPEs: 3EXPL: 0CVE-2008-0006 – Xorg / XFree86 PCF font parser buffer overflow
https://notcve.org/view.php?id=CVE-2008-0006
18 Jan 2008 — Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. Un desbordamiento del búfer en (1) X.Org Xserver versiones anteriores a 1.4.1, y (2) las bibliotecas libfont y libXfont en algunas plataformas, incluyendo Sun Solaris, permite a atacantes dependiendo del... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-5760 – xorg: invalid array indexing in XFree86-Misc extension
https://notcve.org/view.php?id=CVE-2007-5760
18 Jan 2008 — Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. Error de índice de Array en la extensión XFree86-Misc de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante una petición PassMessage conteniendo un índice de array largo. • http://bugs.gentoo.org/show_bug.cgi?id=204362 •
CVSS: 8.4EPSS: 4%CPEs: 1EXPL: 1CVE-2007-5958 – X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
https://notcve.org/view.php?id=CVE-2007-5958
18 Jan 2008 — X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. X.Org Xserver versiones anteriores a 1.4.1 permite a usuarios locales determinar la existencia de ficheros de su elección mediante un argumento nombre de fichero en la opción -sp en el programa X, lo cual produce diferentes mensajes de error dependientes de si el fichero existe... • https://www.exploit-db.com/exploits/5152 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6428 – xfree86: information disclosure via TOG-CUP extension
https://notcve.org/view.php?id=CVE-2007-6428
18 Jan 2008 — The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. La función ProcGetReservedColormapEntries de la extensión TOG-CUP de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto leer el contenido de ubicaciones de memoria de su elección mediante ... • http://bugs.gentoo.org/show_bug.cgi?id=204362 •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-6429 – xfree86: integer overflow in EVI extension
https://notcve.org/view.php?id=CVE-2007-6429
18 Jan 2008 — Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. Múltiples desbordamientos de búfer en X.Org Xserver versiones anteriores a 1.4.1 permiten a atacantes l... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1CVE-2007-3957 – Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-3957
24 Jul 2007 — Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI. Desbordamiento de búfer en Nipun Jain xserver 0.1 alpha permite a atacantes remotos provocar una denegación de servicio mediante una petición POST con URI largo. • https://www.exploit-db.com/exploits/4216 •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 1CVE-2007-2437 – X.Org X Window System Xserver 1.3 - XRender Extension Divide by Zero Denial of Service
https://notcve.org/view.php?id=CVE-2007-2437
02 May 2007 — The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. La extensión X render (Xrender) en X.org X Window System 7.0, 7.1, y 7.2, con Xserver 1.3.0 y anteriores, permite a usuarios remotos validados provocar denegación de servicio (caida de demonio) a... • https://www.exploit-db.com/exploits/29939 •