All the vulnerabilites related to xfree86_project - x11r6
cve-2001-0955
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/3663 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/bid/3657 | vdb-entry, x_refsource_BID | |
http://marc.info/?l=bugtraq&m=100776624224549&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.xfree86.org/4.2.0/RELNOTES2.html#2 | x_refsource_CONFIRM | |
http://marc.info/?l=bugtraq&m=100784290015880&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.xfree86.org/security/ | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7683 | vdb-entry, x_refsource_XF | |
http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7673 | vdb-entry, x_refsource_XF | |
http://marc.info/?l=vuln-dev&m=100118958310463&w=2 | mailing-list, x_refsource_VULN-DEV |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:37:07.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3663", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3663" }, { "name": "3657", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3657" }, { "name": "20011207 Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "name": "20011208 Re: Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/security/" }, { "name": "xfree86-xterm-title-bo(7683)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "name": "xfree86-konqueror-bo(7673)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "name": "20010922 XFree86 DOS / Buffer overflow local and remote.", "tags": [ "mailing-list", "x_refsource_VULN-DEV", "x_transferred" ], "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3663", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3663" }, { "name": "3657", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3657" }, { "name": "20011207 Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "name": "20011208 Re: Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/security/" }, { "name": "xfree86-xterm-title-bo(7683)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "tags": [ "x_refsource_MISC" ], "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "name": "xfree86-konqueror-bo(7673)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "name": "20010922 XFree86 DOS / Buffer overflow local and remote.", "tags": [ "mailing-list", "x_refsource_VULN-DEV" ], "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3663", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3663" }, { "name": "3657", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3657" }, { "name": "20011207 Crashing X", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "name": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2", "refsource": "CONFIRM", "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "name": "20011208 Re: Crashing X", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "name": "http://www.xfree86.org/security/", "refsource": "CONFIRM", "url": "http://www.xfree86.org/security/" }, { "name": "xfree86-xterm-title-bo(7683)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "name": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c", "refsource": "MISC", "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "name": "xfree86-konqueror-bo(7673)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "name": "20010922 XFree86 DOS / Buffer overflow local and remote.", "refsource": "VULN-DEV", "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0955", "datePublished": "2002-02-02T05:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2024-08-08T04:37:07.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2000-0285
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:14
Severity ?
EPSS score ?
Summary
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/1306 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:14:21.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000416 XFree86 server overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "name": "1306", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1306" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-04-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000416 XFree86 server overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "name": "1306", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1306" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0285", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20000416 XFree86 server overflow", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "name": "1306", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1306" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0285", "datePublished": "2000-10-13T04:00:00", "dateReserved": "2000-04-26T00:00:00", "dateUpdated": "2024-08-08T05:14:21.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2002-1472
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2003-067.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2003-066.html | vendor-advisory, x_refsource_REDHAT | |
http://www.iss.net/security_center/static/10137.php | vdb-entry, x_refsource_XF | |
http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html | vendor-advisory, x_refsource_SUSE | |
http://www.securityfocus.com/bid/5735 | vdb-entry, x_refsource_BID | |
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529 | vendor-advisory, x_refsource_CONECTIVA | |
http://www.osvdb.org/11922 | vdb-entry, x_refsource_OSVDB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:26:28.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "xfree86-x11-program-execution(10137)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "name": "SuSE-SA:2002:032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "name": "5735", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5735" }, { "name": "CLA-2002:529", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "name": "11922", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/11922" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-09-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-09-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "xfree86-x11-program-execution(10137)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "name": "SuSE-SA:2002:032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "name": "5735", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5735" }, { "name": "CLA-2002:529", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "name": "11922", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/11922" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1472", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2003:067", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "xfree86-x11-program-execution(10137)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10137.php" }, { "name": "SuSE-SA:2002:032", "refsource": "SUSE", "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "name": "5735", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5735" }, { "name": "CLA-2002:529", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "name": "11922", "refsource": "OSVDB", "url": "http://www.osvdb.org/11922" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1472", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-05T00:00:00", "dateUpdated": "2024-08-08T03:26:28.527Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1351
Vulnerability from cvelistv5
Published
2007-04-06 01:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.134Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2007:0150", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "name": "24745", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24745" }, { "name": "24921", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24921" }, { "name": "oval:org.mitre.oval:def:1810", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "name": "33937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33937" }, { "name": "2007-0013", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0013/" }, { "name": "24771", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24771" }, { "name": "GLSA-200705-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "name": "24889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24889" }, { "name": "24770", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24770" }, { "name": "25006", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25006" }, { "name": "24756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24756" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "name": "25495", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25495" }, { "name": "24996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24996" }, { "name": "23283", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23283" }, { "name": "RHSA-2007:0126", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "name": "23300", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23300" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3438" }, { "name": "GLSA-200705-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "name": "USN-448-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "name": "APPLE-SA-2009-02-12", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "MDKSA-2007:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "name": "SSA:2007-109-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "name": "SUSE-SR:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "name": "MDKSA-2007:081", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "name": "DSA-1454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1454" }, { "name": "24758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24758" }, { "name": "ADV-2007-1264", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "name": "1017857", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017857" }, { "name": "24885", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24885" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "name": "25096", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25096" }, { "name": "25195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25195" }, { "name": "RHSA-2007:0125", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "name": "24741", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24741" }, { "name": "APPLE-SA-2007-11-14", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "name": "24776", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24776" }, { "name": "28333", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28333" }, { "name": "24768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24768" }, { "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "name": "24791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24791" }, { "name": "SUSE-SA:2007:027", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "name": "30161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30161" }, { "name": "GLSA-200805-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "name": "DSA-1294", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1294" }, { "name": "24765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24765" }, { "name": "25216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25216" }, { "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "name": "ADV-2007-1548", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "name": "xorg-bdf-font-bo(33417)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "name": "102886", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "name": "ADV-2007-1217", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "name": "[4.0] 011: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1213" }, { "name": "23402", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23402" }, { "name": "25004", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25004" }, { "name": "25305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25305" }, { "name": "oval:org.mitre.oval:def:11266", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "name": "RHSA-2007:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "name": "24772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24772" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "name": "[3.9] 021: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "name": "MDKSA-2007:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2007:0150", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "name": "24745", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24745" }, { "name": "24921", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24921" }, { "name": "oval:org.mitre.oval:def:1810", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "name": "33937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33937" }, { "name": "2007-0013", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0013/" }, { "name": "24771", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24771" }, { "name": "GLSA-200705-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "name": "24889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24889" }, { "name": "24770", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24770" }, { "name": "25006", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25006" }, { "name": "24756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24756" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "name": "25495", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25495" }, { "name": "24996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24996" }, { "name": "23283", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23283" }, { "name": "RHSA-2007:0126", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "name": "23300", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23300" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3438" }, { "name": "GLSA-200705-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "name": "USN-448-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "name": "APPLE-SA-2009-02-12", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "MDKSA-2007:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "name": "SSA:2007-109-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "name": "SUSE-SR:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "name": "MDKSA-2007:081", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "name": "DSA-1454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1454" }, { "name": "24758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24758" }, { "name": "ADV-2007-1264", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "name": "1017857", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017857" }, { "name": "24885", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24885" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "name": "25096", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25096" }, { "name": "25195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25195" }, { "name": "RHSA-2007:0125", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "name": "24741", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24741" }, { "name": "APPLE-SA-2007-11-14", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "name": "24776", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24776" }, { "name": "28333", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28333" }, { "name": "24768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24768" }, { "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "name": "24791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24791" }, { "name": "SUSE-SA:2007:027", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "name": "30161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30161" }, { "name": "GLSA-200805-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "name": "DSA-1294", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1294" }, { "name": "24765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24765" }, { "name": "25216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25216" }, { "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "name": "ADV-2007-1548", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "name": "xorg-bdf-font-bo(33417)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "name": "102886", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "name": "ADV-2007-1217", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "name": "[4.0] 011: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1213" }, { "name": "23402", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23402" }, { "name": "25004", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25004" }, { "name": "25305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25305" }, { "name": "oval:org.mitre.oval:def:11266", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "name": "RHSA-2007:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "name": "24772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24772" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "name": "[3.9] 021: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "name": "MDKSA-2007:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-1351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2007:0150", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "name": "24745", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24745" }, { "name": "24921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24921" }, { "name": "oval:org.mitre.oval:def:1810", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "name": "33937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33937" }, { "name": "2007-0013", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0013/" }, { "name": "24771", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24771" }, { "name": "GLSA-200705-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "name": "24889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24889" }, { "name": "24770", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24770" }, { "name": "25006", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25006" }, { "name": "24756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24756" }, { "name": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "name": "25495", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25495" }, { "name": "24996", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24996" }, { "name": "23283", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23283" }, { "name": "RHSA-2007:0126", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "name": "23300", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23300" }, { "name": "http://support.apple.com/kb/HT3438", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3438" }, { "name": "GLSA-200705-10", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "name": "USN-448-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "name": "APPLE-SA-2009-02-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "MDKSA-2007:080", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "name": "SSA:2007-109-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "name": "SUSE-SR:2007:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "name": "MDKSA-2007:081", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "name": "DSA-1454", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1454" }, { "name": "24758", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24758" }, { "name": "ADV-2007-1264", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "name": "1017857", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017857" }, { "name": "24885", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24885" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "name": "25096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25096" }, { "name": "25195", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25195" }, { "name": "RHSA-2007:0125", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "name": "24741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24741" }, { "name": "APPLE-SA-2007-11-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "name": "24776", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24776" }, { "name": "28333", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28333" }, { "name": "24768", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24768" }, { "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "name": "24791", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24791" }, { "name": "SUSE-SA:2007:027", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "name": "30161", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30161" }, { "name": "GLSA-200805-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=498954", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "name": "DSA-1294", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1294" }, { "name": "24765", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24765" }, { "name": "25216", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25216" }, { "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "name": "ADV-2007-1548", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "name": "xorg-bdf-font-bo(33417)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "name": "102886", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "name": "ADV-2007-1217", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "name": "[4.0] 011: SECURITY FIX: April 4, 2007", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "name": "https://issues.rpath.com/browse/RPL-1213", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1213" }, { "name": "23402", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23402" }, { "name": "25004", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25004" }, { "name": "25305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25305" }, { "name": "oval:org.mitre.oval:def:11266", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "name": "RHSA-2007:0132", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "name": "24772", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24772" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "name": "[3.9] 021: SECURITY FIX: April 4, 2007", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "name": "http://issues.foresightlinux.org/browse/FL-223", "refsource": "CONFIRM", "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "name": "MDKSA-2007:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-1351", "datePublished": "2007-04-06T01:00:00", "dateReserved": "2007-03-08T00:00:00", "dateUpdated": "2024-08-07T12:50:35.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0083
Vulnerability from cvelistv5
Published
2004-02-14 05:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "xfree86-fontalias-bo(15130)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=72" }, { "name": "9636", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9636" }, { "name": "GLSA-200402-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "oval:org.mitre.oval:def:806", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:830", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/cvs/changes" }, { "name": "VU#820006", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "name": "20040211 XFree86 vulnerability exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "name": "oval:org.mitre.oval:def:9612", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "xfree86-fontalias-bo(15130)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.idefense.com/application/poi/display?id=72" }, { "name": "9636", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9636" }, { "name": "GLSA-200402-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "oval:org.mitre.oval:def:806", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:830", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/cvs/changes" }, { "name": "VU#820006", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "name": "20040211 XFree86 vulnerability exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "name": "oval:org.mitre.oval:def:9612", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0083", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SuSE-SA:2004:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "RHSA-2004:060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "xfree86-fontalias-bo(15130)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "name": "57768", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "http://www.idefense.com/application/poi/display?id=72", "refsource": "MISC", "url": "http://www.idefense.com/application/poi/display?id=72" }, { "name": "9636", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9636" }, { "name": "GLSA-200402-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "name": "FLSA:2314", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "oval:org.mitre.oval:def:806", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "name": "MDKSA-2004:012", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:830", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "name": "RHSA-2004:059", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "http://www.xfree86.org/cvs/changes", "refsource": "CONFIRM", "url": "http://www.xfree86.org/cvs/changes" }, { "name": "VU#820006", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/820006" }, { "name": "20040211 XFree86 vulnerability exploit", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "name": "oval:org.mitre.oval:def:9612", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "name": "RHSA-2004:061", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0083", "datePublished": "2004-02-14T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:01:23.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-0605
Vulnerability from cvelistv5
Published
2005-03-04 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:21:06.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:331", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19624" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/92-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2005:331", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19624" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/92-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0605", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2005:331", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=83598", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19624" }, { "name": "https://bugs.freedesktop.org/attachment.cgi?id=1909", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=83655", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/92-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0605", "datePublished": "2005-03-04T05:00:00", "dateReserved": "2005-03-01T00:00:00", "dateUpdated": "2024-08-07T21:21:06.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2000-0453
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/1235 | vdb-entry, x_refsource_BID | |
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt | vendor-advisory, x_refsource_CALDERA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:29.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000518 Nasty XFree Xserver DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "name": "1235", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1235" }, { "name": "CSSA-2000-012.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000518 Nasty XFree Xserver DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "name": "1235", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1235" }, { "name": "CSSA-2000-012.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0453", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20000518 Nasty XFree Xserver DoS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "name": "1235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1235" }, { "name": "CSSA-2000-012.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0453", "datePublished": "2000-07-12T04:00:00", "dateReserved": "2000-06-14T00:00:00", "dateUpdated": "2024-08-08T05:21:29.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0688
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.110Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#537878", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "TA05-136A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "name": "oval:org.mitre.oval:def:11796", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "libxpm-xpmfile-integer-overflow(17416)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "name": "11196", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#537878", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "TA05-136A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "name": "oval:org.mitre.oval:def:11796", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "tags": [ "x_refsource_MISC" ], "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "libxpm-xpmfile-integer-overflow(17416)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "name": "11196", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0688", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#537878", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/537878" }, { "name": "RHSA-2005:004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "TA05-136A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-560" }, { "name": "oval:org.mitre.oval:def:11796", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "name": "http://scary.beasts.org/security/CESA-2004-003.txt", "refsource": "MISC", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "libxpm-xpmfile-integer-overflow(17416)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "name": "11196", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch", "refsource": "CONFIRM", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0688", "datePublished": "2004-09-24T04:00:00", "dateReserved": "2004-07-13T00:00:00", "dateUpdated": "2024-08-08T00:24:27.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2001-1178
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/3030 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6853 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:44:08.284Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20010711 suid xman 3.1.6 overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "name": "3030", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3030" }, { "name": "xfree86-xman-manpath-bo(6853)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20010711 suid xman 3.1.6 overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "name": "3030", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3030" }, { "name": "xfree86-xman-manpath-bo(6853)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1178", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20010711 suid xman 3.1.6 overflows", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "name": "3030", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3030" }, { "name": "xfree86-xman-manpath-bo(6853)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1178", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:44:08.284Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2002-1510
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
References
▼ | URL | Tags |
---|---|---|
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533 | vendor-advisory, x_refsource_CONECTIVA | |
http://www.redhat.com/support/errata/RHSA-2003-064.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2003-065.html | vendor-advisory, x_refsource_REDHAT | |
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602 | vendor-advisory, x_refsource_SUNALERT | |
http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG | x_refsource_MISC | |
http://www.iss.net/security_center/static/11389.php | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:26:28.676Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CLA-2002:533", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "55602", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "name": "xfree86-xdm-unauth-access(11389)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11389.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-10-16T00:00:00", "descriptions": [ { "lang": "en", "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-05-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "CLA-2002:533", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "55602", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "tags": [ "x_refsource_MISC" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "name": "xfree86-xdm-unauth-access(11389)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11389.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1510", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "CLA-2002:533", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "name": "RHSA-2003:064", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "55602", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "name": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG", "refsource": "MISC", "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "name": "xfree86-xdm-unauth-access(11389)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11389.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1510", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-19T00:00:00", "dateUpdated": "2024-08-08T03:26:28.676Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0106
Vulnerability from cvelistv5
Published
2004-02-16 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:02.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "oval:org.mitre.oval:def:11111", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "oval:org.mitre.oval:def:809", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "name": "xfree86-multiple-font-improper-handling(15206)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:832", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "oval:org.mitre.oval:def:11111", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "oval:org.mitre.oval:def:809", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "name": "xfree86-multiple-font-improper-handling(15206)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:832", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0106", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SuSE-SA:2004:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "oval:org.mitre.oval:def:11111", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "name": "RHSA-2004:060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "oval:org.mitre.oval:def:809", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "name": "xfree86-multiple-font-improper-handling(15206)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "name": "FLSA:2314", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "MDKSA-2004:012", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:832", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "name": "RHSA-2004:059", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0106", "datePublished": "2004-02-16T05:00:00", "dateReserved": "2004-02-02T00:00:00", "dateUpdated": "2024-08-08T00:10:02.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2001-1179
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/archive/1/197498 | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:44:08.304Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20010717 xman (suid) exploit, made easier.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/197498" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20010717 xman (suid) exploit, made easier.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/197498" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1179", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20010717 xman (suid) exploit, made easier.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/197498" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1179", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:44:08.304Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2000-0620
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/4996 | vdb-entry, x_refsource_XF | |
http://marc.info/?l=bugtraq&m=96146116627474&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/1409 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:31.408Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "libx11-infinite-loop-dos(4996)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "name": "20000619 XFree86: Various nasty libX11 holes", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "name": "1409", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1409" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-19T00:00:00", "descriptions": [ { "lang": "en", "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "libx11-infinite-loop-dos(4996)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "name": "20000619 XFree86: Various nasty libX11 holes", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "name": "1409", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1409" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0620", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "libx11-infinite-loop-dos(4996)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "name": "20000619 XFree86: Various nasty libX11 holes", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "name": "1409", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1409" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0620", "datePublished": "2001-09-18T04:00:00", "dateReserved": "2000-07-19T00:00:00", "dateUpdated": "2024-08-08T05:21:31.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0084
Vulnerability from cvelistv5
Published
2004-02-14 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:831", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "VU#667502", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "xfree86-copyisolatin1lLowered-bo(15200)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "name": "oval:org.mitre.oval:def:807", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10405", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "name": "9652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9652" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=73" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:831", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "VU#667502", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "xfree86-copyisolatin1lLowered-bo(15200)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "name": "oval:org.mitre.oval:def:807", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10405", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "name": "9652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9652" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.idefense.com/application/poi/display?id=73" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0084", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:831", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "name": "SuSE-SA:2004:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "VU#667502", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/667502" }, { "name": "RHSA-2004:060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "57768", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "xfree86-copyisolatin1lLowered-bo(15200)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "name": "oval:org.mitre.oval:def:807", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "name": "FLSA:2314", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10405", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "name": "9652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9652" }, { "name": "MDKSA-2004:012", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "http://www.idefense.com/application/poi/display?id=73", "refsource": "MISC", "url": "http://www.idefense.com/application/poi/display?id=73" }, { "name": "RHSA-2004:059", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0084", "datePublished": "2004-02-14T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:10:03.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0071
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2003/dsa-380 | vendor-advisory, x_refsource_DEBIAN | |
http://www.redhat.com/support/errata/RHSA-2003-067.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2003-066.html | vendor-advisory, x_refsource_REDHAT | |
http://www.iss.net/security_center/static/11415.php | vdb-entry, x_refsource_XF | |
http://marc.info/?l=bugtraq&m=104612710031920&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.redhat.com/support/errata/RHSA-2003-064.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/6950 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2003-065.html | vendor-advisory, x_refsource_REDHAT | |
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html | mailing-list, x_refsource_VULNWATCH |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:34.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "terminal-emulator-dec-udk(11415)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "6950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6950" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-05-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "terminal-emulator-dec-udk(11415)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "6950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6950" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0071", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-380", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "terminal-emulator-dec-udk(11415)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11415.php" }, { "name": "20030224 Terminal Emulator Security Issues", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "6950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6950" }, { "name": "RHSA-2003:065", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "20030224 Terminal Emulator Security Issues", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0071", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-04T00:00:00", "dateUpdated": "2024-08-08T01:43:34.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2002-1317
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:19:28.528Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBUX0212-228", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/advisories/4988" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "name": "oval:org.mitre.oval:def:149", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "name": "CA-2002-34", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "name": "oval:org.mitre.oval:def:152", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "name": "oval:org.mitre.oval:def:2816", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "name": "VU#312313", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "third-party-advisory", "x_refsource_ISS", "x_transferred" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "name": "solaris-fsauto-execute-code(10375)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "name": "20021202-01-I", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "name": "6241", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6241" }, { "name": "N-024", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-11-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "HPSBUX0212-228", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/advisories/4988" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "name": "oval:org.mitre.oval:def:149", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "name": "CA-2002-34", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "name": "oval:org.mitre.oval:def:152", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "name": "oval:org.mitre.oval:def:2816", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "name": "VU#312313", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "third-party-advisory", "x_refsource_ISS" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "name": "solaris-fsauto-execute-code(10375)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "name": "20021202-01-I", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "name": "6241", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6241" }, { "name": "N-024", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1317", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBUX0212-228", "refsource": "HP", "url": "http://www.securityfocus.com/advisories/4988" }, { "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "name": "oval:org.mitre.oval:def:149", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "name": "CA-2002-34", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "name": "oval:org.mitre.oval:def:152", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "name": "oval:org.mitre.oval:def:2816", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "name": "VU#312313", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/312313" }, { "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability", "refsource": "ISS", "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "name": "solaris-fsauto-execute-code(10375)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10375.php" }, { "name": "20021202-01-I", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "name": "6241", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6241" }, { "name": "N-024", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1317", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-11-25T00:00:00", "dateUpdated": "2024-08-08T03:19:28.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-1999-0241
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:34
Severity ?
EPSS score ?
Summary
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:34:51.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T07:01:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0241", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0241", "datePublished": "2000-02-04T05:00:00", "dateReserved": "1999-06-07T00:00:00", "dateUpdated": "2024-08-01T16:34:51.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0094
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2004/dsa-443 | vendor-advisory, x_refsource_DEBIAN | |
ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U | vendor-advisory, x_refsource_SGI | |
http://www.securityfocus.com/bid/9701 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2004-152.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15273 | vdb-entry, x_refsource_XF | |
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 | vendor-advisory, x_refsource_CONECTIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "xfree86-glx-integer-dos(15273)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-03-04T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "xfree86-glx-integer-dos(15273)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0094", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040406-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "xfree86-glx-integer-dos(15273)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "name": "CLSA-2004:824", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0094", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-01-23T00:00:00", "dateUpdated": "2024-08-08T00:10:03.564Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2000-0504
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
▼ | URL | Tags |
---|---|---|
http://www.xfree86.org/security/ | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/1369 | vdb-entry, x_refsource_BID | |
http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:31.029Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/security/" }, { "name": "1369", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1369" }, { "name": "20000619 XFree86: libICE DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-19T00:00:00", "descriptions": [ { "lang": "en", "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/security/" }, { "name": "1369", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1369" }, { "name": "20000619 XFree86: libICE DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0504", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.xfree86.org/security/", "refsource": "CONFIRM", "url": "http://www.xfree86.org/security/" }, { "name": "1369", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1369" }, { "name": "20000619 XFree86: libICE DoS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0504", "datePublished": "2001-05-07T04:00:00", "dateReserved": "2000-07-11T00:00:00", "dateUpdated": "2024-08-08T05:21:31.029Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0914
Vulnerability from cvelistv5
Published
2004-12-15 05:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:48.097Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "libxpm-directory-traversal(18146)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "name": "USN-83-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "name": "libxpm-image-bo(18142)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "name": "13224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13224/" }, { "name": "oval:org.mitre.oval:def:9943", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "name": "FEDORA-2004-433", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "name": "RHSA-2004:610", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "name": "libxpm-improper-memory-access(18144)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "DSA-607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "name": "11694", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11694" }, { "name": "GLSA-200502-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "name": "USN-83-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "name": "HPSBTU01228", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "name": "MDKSA-2004:137", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "name": "GLSA-200411-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "name": "libxpm-dos(18147)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "name": "libxpm-command-execution(18145)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "libxpm-directory-traversal(18146)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "name": "USN-83-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "name": "libxpm-image-bo(18142)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "name": "13224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13224/" }, { "name": "oval:org.mitre.oval:def:9943", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "name": "FEDORA-2004-433", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "name": "RHSA-2004:610", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "name": "libxpm-improper-memory-access(18144)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "DSA-607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "name": "11694", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11694" }, { "name": "GLSA-200502-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "name": "USN-83-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "name": "HPSBTU01228", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "name": "MDKSA-2004:137", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "name": "GLSA-200411-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "name": "libxpm-dos(18147)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "name": "libxpm-command-execution(18145)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0914", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2005:004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "libxpm-directory-traversal(18146)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "name": "USN-83-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "name": "RHSA-2004:537", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "name": "libxpm-image-bo(18142)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "name": "13224", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13224/" }, { "name": "oval:org.mitre.oval:def:9943", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "name": "FEDORA-2004-433", "refsource": "FEDORA", "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "name": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch", "refsource": "CONFIRM", "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "name": "RHSA-2004:610", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "name": "libxpm-improper-memory-access(18144)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "name": "GLSA-200502-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "FLSA-2006:152803", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "DSA-607", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-607" }, { "name": "11694", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11694" }, { "name": "GLSA-200502-06", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "name": "USN-83-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "name": "HPSBTU01228", "refsource": "HP", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "name": "MDKSA-2004:137", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "name": "GLSA-200411-28", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "name": "libxpm-dos(18147)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "name": "libxpm-command-execution(18145)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0914", "datePublished": "2004-12-15T05:00:00", "dateReserved": "2004-09-27T00:00:00", "dateUpdated": "2024-08-08T00:31:48.097Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0730
Vulnerability from cvelistv5
Published
2003-09-03 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "24168", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24168" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "name": "20030830 Multiple integer overflows in XFree86 (local/remote)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "ADV-2007-0589", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "name": "8514", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8514" }, { "name": "20031101-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "name": "MDKSA-2003:089", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "name": "RHSA-2003:289", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "name": "102803", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "name": "RHSA-2003:287", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "name": "RHSA-2003:286", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "name": "24247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24247" }, { "name": "NetBSD-SA2003-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:288", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "24168", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24168" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "name": "20030830 Multiple integer overflows in XFree86 (local/remote)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "ADV-2007-0589", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "name": "8514", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8514" }, { "name": "20031101-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "name": "MDKSA-2003:089", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "name": "RHSA-2003:289", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "name": "102803", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "name": "RHSA-2003:287", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "name": "RHSA-2003:286", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "name": "24247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24247" }, { "name": "NetBSD-SA2003-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:288", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0730", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "24168", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24168" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "name": "20030830 Multiple integer overflows in XFree86 (local/remote)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "ADV-2007-0589", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "name": "8514", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8514" }, { "name": "20031101-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "name": "MDKSA-2003:089", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "name": "RHSA-2003:289", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "name": "102803", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "name": "RHSA-2003:287", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "name": "RHSA-2003:286", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "name": "24247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24247" }, { "name": "NetBSD-SA2003-015", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "name": "DSA-380", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:288", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0730", "datePublished": "2003-09-03T04:00:00", "dateReserved": "2003-09-02T00:00:00", "dateUpdated": "2024-08-08T02:05:12.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0687
Vulnerability from cvelistv5
Published
2004-09-24 00:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "VU#882750", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "name": "TA05-136A", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "tags": [ "x_transferred" ], "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "11196", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "tags": [ "x_transferred" ], "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "name": "oval:org.mitre.oval:def:9187", "tags": [ "vdb-entry", "signature", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "name": "libxpm-multiple-stack-bo(17414)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "VU#882750", "tags": [ "third-party-advisory" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "name": "TA05-136A", "tags": [ "third-party-advisory" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "11196", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "name": "oval:org.mitre.oval:def:9187", "tags": [ "vdb-entry", "signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "name": "libxpm-multiple-stack-bo(17414)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0687", "datePublished": "2004-09-24T00:00:00", "dateReserved": "2004-07-13T00:00:00", "dateUpdated": "2024-08-08T00:24:27.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0093
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2004/dsa-443 | vendor-advisory, x_refsource_DEBIAN | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15272 | vdb-entry, x_refsource_XF | |
ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U | vendor-advisory, x_refsource_SGI | |
http://www.securityfocus.com/bid/9701 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2004-152.html | vendor-advisory, x_refsource_REDHAT | |
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 | vendor-advisory, x_refsource_CONECTIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:02.925Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "xfree86-glx-array-dos(15272)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-19T00:00:00", "descriptions": [ { "lang": "en", "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-08-12T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "xfree86-glx-array-dos(15272)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0093", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "xfree86-glx-array-dos(15272)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "name": "20040406-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "CLSA-2004:824", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0093", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-01-23T00:00:00", "dateUpdated": "2024-08-08T00:10:02.925Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-1999-0433
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:41
Severity ?
EPSS score ?
Summary
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:41:44.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T07:33:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0433", "datePublished": "1999-09-29T04:00:00", "dateReserved": "1999-06-07T00:00:00", "dateUpdated": "2024-08-01T16:41:44.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2001-1086
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/6808 | vdb-entry, x_refsource_XF | |
http://online.securityfocus.com/archive/1/195008 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/archive/1/194907 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/2985 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:44:07.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "xdm-cookie-brute-force(6808)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "name": "20010705 Re: xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "name": "20010704 xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "name": "2985", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/2985" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-04T00:00:00", "descriptions": [ { "lang": "en", "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "xdm-cookie-brute-force(6808)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "name": "20010705 Re: xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "name": "20010704 xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "name": "2985", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/2985" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1086", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "xdm-cookie-brute-force(6808)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "name": "20010705 Re: xdm cookies fast brute force", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/195008" }, { "name": "20010704 xdm cookies fast brute force", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/194907" }, { "name": "2985", "refsource": "BID", "url": "http://www.securityfocus.com/bid/2985" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1086", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:44:07.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2000-0476
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html | mailing-list | |
http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html | mailing-list | |
http://www.securityfocus.com/bid/1298 | vdb-entry | |
http://www.openwall.com/lists/oss-security/2024/06/09/1 | mailing-list | |
http://www.openwall.com/lists/oss-security/2024/06/09/2 | mailing-list |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:31.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000601 Re: [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "name": "20000601 [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "name": "1298", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1298" }, { "name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:13:15.549161", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000601 Re: [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "name": "20000601 [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "name": "1298", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/1298" }, { "name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0476", "datePublished": "2000-07-12T04:00:00", "dateReserved": "2000-07-11T00:00:00", "dateUpdated": "2024-08-08T05:21:31.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0063
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-10-29 14:05
Severity ?
EPSS score ?
Summary
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2003/dsa-380 | vendor-advisory | |
http://www.redhat.com/support/errata/RHSA-2003-067.html | vendor-advisory | |
http://www.redhat.com/support/errata/RHSA-2003-066.html | vendor-advisory | |
http://marc.info/?l=bugtraq&m=104612710031920&w=2 | mailing-list | |
http://www.redhat.com/support/errata/RHSA-2003-064.html | vendor-advisory | |
http://www.redhat.com/support/errata/RHSA-2003-065.html | vendor-advisory | |
http://www.securityfocus.com/bid/6940 | vdb-entry | |
http://www.iss.net/security_center/static/11414.php | vdb-entry | |
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html | mailing-list | |
http://www.openwall.com/lists/oss-security/2024/06/15/1 | mailing-list |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:35.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "6940", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6940" }, { "name": "terminal-emulator-window-title(11414)", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "xfree86", "vendor": "xfree86", "versions": [ { "lessThanOrEqual": "4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2003-0063", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-24T17:38:21.119752Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-29T14:05:49.769Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-15T10:05:53.568606", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "6940", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/6940" }, { "name": "terminal-emulator-window-title(11414)", "tags": [ "vdb-entry" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0063", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-04T00:00:00", "dateUpdated": "2024-10-29T14:05:49.769Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.3 | |
openbsd | openbsd | 3.4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n ReadFontAlias en XFree86 4.1.0 a 4.3.0, cuando se usa la funci\u00f3n CopyISOLatin1Lowered, permite a usuarios locales o remotos autenticados ejecutar c\u00f3digo arbitrario mediante una entrada malformada en el fichero de aliases de fuentes (font.alias), una vulnerabilidad distinta de CAN-2004-0083 y CAN-2004-0106." } ], "id": "CVE-2004-0084", "lastModified": "2024-11-20T23:47:43.930", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.idefense.com/application/poi/display?id=73" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9652" }, { "source": "cve@mitre.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/application/poi/display?id=73" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9652" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
x.org | x11r6 | 6.7.0 | |
x.org | x11r6 | 6.8 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.2.11 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.4 | |
openbsd | openbsd | 3.5 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen XPM malformada." } ], "id": "CVE-2004-0687", "lastModified": "2024-11-20T23:49:10.207", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-10-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "cve@mitre.org", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" }, { "source": "cve@mitre.org", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20235" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/27-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/27-1/" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
x.org | x11r6 | 6.7.0 | |
x.org | x11r6 | 6.8 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.2.11 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.4 | |
openbsd | openbsd | 3.5 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en xpmParseColors en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de imagen XPM malformado." } ], "id": "CVE-2004-0688", "lastModified": "2024-11-20T23:49:10.377", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-10-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "cve@mitre.org", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20235" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/27-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/27-1/" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-04-06 01:19
Modified
2024-11-21 00:28
Severity ?
Summary
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "86FD134D-A5C5-4B08-962D-70CF07C74923", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*", "matchCriteriaId": "FA84692E-F99D-4207-B4F2-799A6ADB88AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "8B0F1091-4B76-44F5-B896-6D37E2F909A2", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "EF15862D-6108-4791-8817-622123C8D10C", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*", "matchCriteriaId": "F1672825-AB87-4402-A628-B33AE5B7D4C8", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*", "matchCriteriaId": "939216D8-9E6C-419E-BC0A-EC7F0F29CE95", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*", "matchCriteriaId": "E520564E-964D-4758-945B-5EF0C35E605C", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*", "matchCriteriaId": "2294D5A7-7B36-497A-B0F1-514BC49E1423", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "AB80939E-8B58-48B6-AFB7-9CF518C0EE1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*", "matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "DF578B64-57E2-4FCD-A6E1-F8F3317FDB88", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "61B11116-FA94-4989-89A1-C7B551D5195A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AFADBA5A-8168-40B8-B5CA-0F1F7F9193D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*", "matchCriteriaId": "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "matchCriteriaId": "81B543F9-C209-46C2-B0AE-E14818A6992E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "DB89C970-DE94-4E09-A90A-077DB83AD156", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "FE524195-06F1-4504-9223-07596588CC70", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*", "matchCriteriaId": "2FEED00F-3B70-4E57-AD80-7903AECED14B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*", "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "F5BB6C5D-4C43-4BB8-B1CE-A70BBE650CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC77812C-D84E-493E-9D21-1BA6C2129E70", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", "matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "77FF1412-A7DA-4669-8AE1-5A529AB387FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." }, { "lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila." } ], "id": "CVE-2007-1351", "lastModified": "2024-11-21T00:28:05.320", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-04-06T01:19:00.000", "references": [ { "source": "secalert@redhat.com", "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "source": "secalert@redhat.com", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24741" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24745" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24756" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24758" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24765" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24768" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24770" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24771" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24772" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24776" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24791" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24885" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24889" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24921" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24996" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25004" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25006" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25096" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25195" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25216" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25305" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25495" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28333" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30161" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33937" }, { "source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "source": "secalert@redhat.com", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "source": "secalert@redhat.com", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT3438" }, { "source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1294" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1454" }, { "source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "source": "secalert@redhat.com", "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "source": "secalert@redhat.com", "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/23283" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/23300" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/23402" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1017857" }, { "source": "secalert@redhat.com", "url": "http://www.trustix.org/errata/2007/0013/" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1213" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24741" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24758" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24765" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24768" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24770" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24772" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24776" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24885" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24889" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24921" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25096" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25216" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30161" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33937" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3438" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1294" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1454" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/23283" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23300" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23402" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017857" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2007/0013/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-03-21 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.3 | |
netbsd | netbsd | 1.3.2 | |
netbsd | netbsd | 1.3.3 | |
redhat | linux | 5.1 | |
redhat | linux | 5.2 | |
slackware | slackware_linux | 3.3 | |
slackware | slackware_linux | 3.4 | |
slackware | slackware_linux | 3.5 | |
slackware | slackware_linux | 3.6 | |
slackware | slackware_linux | 4.0 | |
suse | suse_linux | 5.1 | |
suse | suse_linux | 5.2 | |
suse | suse_linux | 6.0 | |
suse | suse_linux | 6.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D3C937A-E9D8-474A-ABEB-A927EF7CC5B0", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2A8F8DE7-7A84-4350-A6D8-FCCB561D63B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EF44364-0F57-4B74-81B0-501EA6B58501", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*", "matchCriteriaId": "363AB7DB-A8BA-4D58-97C4-1DF1F0F43E07", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "06F2131E-F9F2-4E65-B95C-B52DB25C69F5", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6732144-10D4-4114-A7DA-32157EE3EF38", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "125918E7-53BB-407A-8D95-5D95CDF39A88", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "CE0BBA4F-C61A-4A8E-A7E2-CE0DF76DF592", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC3B1DD9-10B5-40FE-AE56-D068C41653DE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C0BBDD2-9FF9-4CB7-BCAF-D4AF15DC2C7C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1C826AA-6E2F-4DAC-A7A2-9F47729B5DA5", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F163E145-09F7-4BE2-9B46-5B6713070BAB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "124E1802-7984-45ED-8A92-393FC20662FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service." } ], "id": "CVE-1999-0433", "lastModified": "2024-11-20T23:28:43.620", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-03-21T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-03-02 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*", "matchCriteriaId": "63A4B331-2868-46E3-9734-DC3AEFD2F756", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D129D08C-AF18-4F9D-9781-64B8C1CFD65E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*", "matchCriteriaId": "64BE98C2-8EFA-4349-9FE2-D62CA63A16C4", "vulnerable": true }, { "criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*", "matchCriteriaId": "7D0AC3A3-A37C-4053-B05F-A031877AC811", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "11D69B83-4EF3-407B-8E8C-DE623F099C17", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:x86_64:*:*:*:*:*", "matchCriteriaId": "F1D16230-3699-4AAA-9CAE-5CAF34628885", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "124E1802-7984-45ED-8A92-393FC20662FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "C7F08806-9458-439A-8EAE-2553122262ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B67020A-6942-4478-B501-764147C4970D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "0AD0FF64-05DF-48C2-9BB5-FD993121FB2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*", "matchCriteriaId": "E74E0A28-7C78-4160-8BCF-99605285C0EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "76159C25-0760-47CB-AFCE-28306CDEA830", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7786607A-362E-4817-A17E-C76D6A1F737D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*", "matchCriteriaId": "8A206E1C-C2EC-4356-8777-B18D7069A4C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*", "matchCriteriaId": "6E2FE291-1142-4627-A497-C0BB0D934A0B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "49BC7C7E-046C-4186-822E-9F3A2AD3577B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9E7D75A-333E-4C63-9593-F64ABA5D1CE3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*", "matchCriteriaId": "2FE69F6F-6B17-4C87-ACA4-A2A1FB47206A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "467A30EB-CB8F-4928-AC8F-F659084A9E2B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "714C1439-AB8E-4A8B-A783-D60E9DDC38D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "62CAE5B0-4D46-4A93-A343-C8E9CB574C62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "819868A7-EB1E-4CA9-8D71-72F194E5EFEB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*", "matchCriteriaId": "FB647A8B-ADB9-402B-96E1-45321C75731B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "0944FD27-736E-4B55-8D96-9F2CA9BB9B05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*", "matchCriteriaId": "373BB5AC-1F38-4D0A-97DC-08E9654403EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "B5E71DA3-F4A0-46AF-92A2-E691C7A65528", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0519FF7D-363E-4530-9E63-6EA3E88432DC", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*", "matchCriteriaId": "1975A2DD-EB22-4ED3-8719-F78AA7F414B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAE3FF4F-646F-4E05-A08A-C9399DEF60F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*", "matchCriteriaId": "19F606EE-530F-4C06-82DB-52035EE03FA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*", "matchCriteriaId": "A0E896D5-0005-4E7E-895D-B202AFCE09A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*", "matchCriteriaId": "5A8B313F-93C7-4558-9571-DE1111487E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*", "matchCriteriaId": "37F124FE-15F1-49D7-9E03-8E036CE1A20C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "D5F98B9A-880E-45F0-8C16-12B22970F0D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*", "matchCriteriaId": "B905C6E9-5058-4FD7-95B6-CD6AB6B2F516", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ], "id": "CVE-2005-0605", "lastModified": "2024-11-20T23:55:30.283", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-03-02T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/14460" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18049" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18316" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19624" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1013339" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/12714" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/92-1/" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/97-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/14460" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18316" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1013339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/12714" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/92-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/97-1/" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3 | |
xfree86_project | x11r6 | 3.3.2 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
sgi | irix | 6.5 | |
sgi | irix | 6.5.1 | |
sgi | irix | 6.5.2 | |
sgi | irix | 6.5.3 | |
sgi | irix | 6.5.4 | |
sgi | irix | 6.5.5 | |
sgi | irix | 6.5.6 | |
sgi | irix | 6.5.7 | |
sgi | irix | 6.5.8 | |
sgi | irix | 6.5.9 | |
sgi | irix | 6.5.10 | |
sgi | irix | 6.5.11 | |
sgi | irix | 6.5.12 | |
sgi | irix | 6.5.13 | |
hp | hp-ux | 10.10 | |
hp | hp-ux | 10.20 | |
hp | hp-ux | 10.24 | |
hp | hp-ux | 11.00 | |
hp | hp-ux | 11.04 | |
hp | hp-ux | 11.11 | |
hp | hp-ux | 11.22 | |
sun | solaris | 2.5.1 | |
sun | solaris | 2.5.1 | |
sun | solaris | 2.6 | |
sun | solaris | 7.0 | |
sun | solaris | 8.0 | |
sun | solaris | 9.0 | |
sun | solaris | 9.0 | |
sun | sunos | - | |
sun | sunos | 5.5.1 | |
sun | sunos | 5.7 | |
sun | sunos | 5.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "C30D6962-3DBB-4DF8-A04F-8E47AFEDCF99", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "36B60E50-4F5A-4404-BEA3-C94F7D27B156", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "6ECB750B-9F53-4DB6-8B26-71BCCA446FF7", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6B2E6D1-8C2D-4E15-A6BB-E4FE878ED1E7", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "440B7208-34DB-4898-8461-4E703F7EDFB7", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "5663579C-3AD2-4E5B-A595-C8DB984F9C26", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "D07AA144-6FD7-4C80-B4F2-D21C1AFC864A", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "29113D8E-9618-4A0E-9157-678332082858", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "313613E9-4837-433C-90EE-84A92E8D24E5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "41AA1290-5039-406F-B195-3A4C018202D3", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "60CC9410-F6B8-4748-B76F-30626279028E", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "DCC67401-C85A-4E4E-AE61-85FEBBF4346B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "1C4427AC-07C1-4765-981B-B5D86D698C2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "63EF0CEE-74A9-45C8-8AFD-77815230ACC6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "38BFA923-7D80-4F01-AF9F-6F13209948AC", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "EDE44C49-172C-4899-8CC8-29AA99A7CD2F", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "matchCriteriaId": "4259A901-A1CF-44EE-80C4-2031D3FCADC3", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "9B7A7B90-9086-4A10-8FB4-1C1D909BC173", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "matchCriteriaId": "EBD0DC0A-ACAD-4870-9C0F-3095F2AC8CCD", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "54AF87E4-52A4-44CA-B48E-A5BB139E6410", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*", "matchCriteriaId": "3F305CBD-4329-44DE-A85C-DE9FF371425E", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en la rutina Dispatch() en el servidor de fuentes XFS (fs.auto) en Solaris 2.5.1 a 9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario mediante una cierta petici\u00f3n XFS." } ], "id": "CVE-2002-1317", "lastModified": "2024-11-20T23:41:02.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/advisories/4988" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6241" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/advisories/4988" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)." }, { "lang": "es", "value": "Errores de falta de signo en enteros en XFree86 4.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario cuando se usa la extensi\u00f3n GLX y la infraestructura Direct Rendering" } ], "id": "CVE-2004-0094", "lastModified": "2024-11-20T23:47:45.423", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-15T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/9701" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/9701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.3 | |
openbsd | openbsd | 3.4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en ReadFontAlias de XFree86 4.1.0 a 4.3.0 permite a usuarios locales y atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de aliases de fuentes (font.alias) con un token largo, una vulnerabilidad distinta de CAN-2004-0084 y CAN-2004-0106." } ], "id": "CVE-2004-0083", "lastModified": "2024-11-20T23:47:43.747", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.idefense.com/application/poi/display?id=72" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9636" }, { "source": "cve@mitre.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.xfree86.org/cvs/changes" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/application/poi/display?id=72" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.xfree86.org/cvs/changes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD822532-8A72-44E2-9C55-6E91E14E5A29", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." }, { "lang": "es", "value": "xdm, con la variable authComplain puesta a falso, permite a atacantes arbitrarios conectar al servidor X si el directorio auth de xdm no existe." } ], "id": "CVE-2002-1510", "lastModified": "2024-11-20T23:41:28.637", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11389.php" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11389.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.2.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module." }, { "lang": "es", "value": "Vulnerabilidad de b\u00fasqueda en ruta no confiable en libX11.so en xfree86, cuando se usa en programas setuid o setid, permite a usuarios locales ganar privilegios de root mediante una variable de entorno LD_PRELOAD modificada que apunta a c\u00f3digo malicioso." } ], "id": "CVE-2002-1472", "lastModified": "2024-11-20T23:41:23.380", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/11922" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/5735" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/11922" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/5735" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-17 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters." } ], "id": "CVE-2001-1179", "lastModified": "2024-11-20T23:37:04.723", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-17T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/197498" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/197498" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-05-18 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000." } ], "id": "CVE-2000-0453", "lastModified": "2024-11-20T23:32:32.413", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-05-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/1235" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1995-11-01 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD822532-8A72-44E2-9C55-6E91E14E5A29", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", "matchCriteriaId": "056B3397-81A9-4128-9F49-ECEBE1743EE8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*", "matchCriteriaId": "200D8CB2-0D52-40A8-9CD9-6E4513605201", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm." } ], "id": "CVE-1999-0241", "lastModified": "2024-11-20T23:28:13.143", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1995-11-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lesstif | lesstif | 0.93 | |
lesstif | lesstif | 0.93.12 | |
lesstif | lesstif | 0.93.18 | |
lesstif | lesstif | 0.93.34 | |
lesstif | lesstif | 0.93.36 | |
lesstif | lesstif | 0.93.40 | |
lesstif | lesstif | 0.93.91 | |
lesstif | lesstif | 0.93.94 | |
lesstif | lesstif | 0.93.96 | |
x.org | x11r6 | 6.7.0 | |
x.org | x11r6 | 6.8 | |
x.org | x11r6 | 6.8.1 | |
xfree86_project | x11r6 | 3.3 | |
xfree86_project | x11r6 | 3.3.2 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.2.11 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
gentoo | linux | * | |
redhat | fedora_core | core_2.0 | |
redhat | fedora_core | core_3.0 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 | |
suse | suse_linux | 9.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "AC8ECE7C-01E7-42C2-B8D0-20A3F0FF6202", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*", "matchCriteriaId": "F6B420D2-2684-4956-9AB2-36A2337F08F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*", "matchCriteriaId": "617462F8-47C2-418D-ABC3-B72509A65D58", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*", "matchCriteriaId": "184385E0-A3A7-4877-BC7B-0AAC48FA197A", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*", "matchCriteriaId": "069774CF-5CD4-4787-A066-5C9054FDCED0", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*", "matchCriteriaId": "AD3BF142-D7F7-491D-9175-DC61889237DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*", "matchCriteriaId": "0C1FC296-553B-460E-88FD-86C530086382", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*", "matchCriteriaId": "63A4B331-2868-46E3-9734-DC3AEFD2F756", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*", "matchCriteriaId": "6BCCBDBC-FBBD-414E-A4D8-D3C4220E8A35", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D129D08C-AF18-4F9D-9781-64B8C1CFD65E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades en libXpm 6.8.1 y anteriores, usada en XFree86 y otros paquetes, incluyendo\r\n(1) m\u00faltiples desbordamientos de enteros,\r\n(2) accesos de memoria fuera de l\u00edmites,\r\n(3) atravesamiento de directorios,\r\n(4) metacaract\u00e9res de shell,\r\n(5) bucles infinitos, y\r\n(6) filtraciones de memoria\r\npodr\u00edan permitir a atacantes remotos obtener informaci\u00f3n sensible, causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante un cierto fichero de imagen XPM." } ], "id": "CVE-2004-0914", "lastModified": "2024-11-20T23:49:40.140", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13224/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "cve@mitre.org", "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11694" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "source": "cve@mitre.org", "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "source": "cve@mitre.org", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13224/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
open_group | x | 11.0r6 | |
open_group | x | 11.0r6.1 | |
open_group | x | 11.0r6.2 | |
open_group | x | 11.0r6.3 | |
open_group | x | 11.0r6.4 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*", "matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*", "matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*", "matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." } ], "id": "CVE-2000-0620", "lastModified": "2024-11-20T23:32:54.747", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-06-19T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1409" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1409" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/1369 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://www.xfree86.org/security/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1369 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xfree86.org/security/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnome | gdm | 1.0 | |
gnome | gdm | 1.1 | |
open_group | x | 11.0r5 | |
open_group | x | 11.0r6 | |
open_group | x | 11.0r6.1 | |
open_group | x | 11.0r6.2 | |
open_group | x | 11.0r6.3 | |
open_group | x | 11.0r6.4 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gdm:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "37AB5A38-A7C4-4016-8628-27AA0EC7E401", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r5:*:*:*:*:*:*:*", "matchCriteriaId": "A6BF5526-54BA-411B-8C18-BAD8801EEF18", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*", "matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*", "matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*", "matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro." } ], "id": "CVE-2000-0504", "lastModified": "2024-11-20T23:32:39.370", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-06-19T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1369" }, { "source": "cve@mitre.org", "url": "http://www.xfree86.org/security/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xfree86.org/security/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-09-22 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title." } ], "id": "CVE-2001-0955", "lastModified": "2024-11-20T23:36:31.663", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-09-22T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3657" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3663" }, { "source": "cve@mitre.org", "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "source": "cve@mitre.org", "url": "http://www.xfree86.org/security/" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xfree86.org/security/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." }, { "lang": "es", "value": "El emulador de terminal xterm en XFree86 4.2.0 permite a atacantes modificar el t\u00edtulo de la ventana mediante cierta secuencia de caracter de escape y a continuaci\u00f3n insertarlo de vuelta en la linea de comando en el terminal del usuario, por ejemplo, cuando el usuario ve un fichero que contiene la secuencia maliciosa, lo que podr\u00eda permitir ejecutar comandos arbitrarios." } ], "id": "CVE-2003-0063", "lastModified": "2024-11-20T23:43:51.587", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6940" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6940" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." }, { "lang": "es", "value": "La capacidad de procesamiento DEC UDK en el emulador de terminal xterm de XFree86 4.2.0 permite a atacantes causar una denegaci\u00f3n de servicio mediante cierta secuencia de car\u00e1cter de escape que hace que el terminal entre en un bucle cerrado." } ], "id": "CVE-2003-0071", "lastModified": "2024-11-20T23:43:52.790", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6950" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6950" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.3 | |
openbsd | openbsd | 3.4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades desconocidas en XFree86 4.1.0 to 4.3.0 relacionadas con el manejo inapropiado de ficheros de fuentes, un grupo de vulnerabilidades diferente de CAN-2004-0083." } ], "id": "CVE-2004-0106", "lastModified": "2024-11-20T23:47:46.553", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-04 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://online.securityfocus.com/archive/1/195008 | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/194907 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/2985 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6808 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/195008 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/194907 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2985 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6808 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3 | |
xfree86_project | x11r6 | 3.3.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack." } ], "id": "CVE-2001-1086", "lastModified": "2024-11-20T23:36:50.463", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-04T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2985" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-04-16 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter." } ], "id": "CVE-2000-0285", "lastModified": "2024-11-20T23:32:09.177", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-04-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/1306" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "249FA642-3732-4654-88CB-3F1D19A5860A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." } ], "id": "CVE-2003-0730", "lastModified": "2024-11-20T23:45:23.640", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-10-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24168" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24247" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8514" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24247" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8514" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0589" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-01 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
michael_jennings | eterm | 0.8.10 | |
putty | putty | 0.48 | |
rxvt | rxvt | 2.6.1 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "B33FE201-759E-4EE4-B19E-A25E6FBD711B", "vulnerable": true }, { "criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*", "matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized." } ], "id": "CVE-2000-0476", "lastModified": "2024-11-20T23:32:35.640", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-06-01T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1298" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." }, { "lang": "es", "value": "XFree86 4.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante un \u00edndice de un array fuera de l\u00edmites cuando usa la extenesi\u00f3n GLX y la infraestructura Direct Rendering" } ], "id": "CVE-2004-0093", "lastModified": "2024-11-20T23:47:45.283", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-15T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9701" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-11 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable." } ], "id": "CVE-2001-1178", "lastModified": "2024-11-20T23:37:04.563", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-11T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3030" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3030" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }