Vulnerabilites related to xfree86_project - x11r6
Vulnerability from fkie_nvd
Published
1999-03-21 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.3 | |
netbsd | netbsd | 1.3.2 | |
netbsd | netbsd | 1.3.3 | |
redhat | linux | 5.1 | |
redhat | linux | 5.2 | |
slackware | slackware_linux | 3.3 | |
slackware | slackware_linux | 3.4 | |
slackware | slackware_linux | 3.5 | |
slackware | slackware_linux | 3.6 | |
slackware | slackware_linux | 4.0 | |
suse | suse_linux | 5.1 | |
suse | suse_linux | 5.2 | |
suse | suse_linux | 6.0 | |
suse | suse_linux | 6.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D3C937A-E9D8-474A-ABEB-A927EF7CC5B0", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2A8F8DE7-7A84-4350-A6D8-FCCB561D63B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EF44364-0F57-4B74-81B0-501EA6B58501", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*", "matchCriteriaId": "363AB7DB-A8BA-4D58-97C4-1DF1F0F43E07", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "06F2131E-F9F2-4E65-B95C-B52DB25C69F5", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6732144-10D4-4114-A7DA-32157EE3EF38", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "125918E7-53BB-407A-8D95-5D95CDF39A88", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "CE0BBA4F-C61A-4A8E-A7E2-CE0DF76DF592", "vulnerable": true }, { "criteria": "cpe:2.3:o:slackware:slackware_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC3B1DD9-10B5-40FE-AE56-D068C41653DE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C0BBDD2-9FF9-4CB7-BCAF-D4AF15DC2C7C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1C826AA-6E2F-4DAC-A7A2-9F47729B5DA5", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F163E145-09F7-4BE2-9B46-5B6713070BAB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "124E1802-7984-45ED-8A92-393FC20662FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service." } ], "id": "CVE-1999-0433", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-03-21T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-05-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000." } ], "id": "CVE-2000-0453", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-05-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/1235" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.3 | |
openbsd | openbsd | 3.4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades desconocidas en XFree86 4.1.0 to 4.3.0 relacionadas con el manejo inapropiado de ficheros de fuentes, un grupo de vulnerabilidades diferente de CAN-2004-0083." } ], "id": "CVE-2004-0106", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.3 | |
openbsd | openbsd | 3.4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en ReadFontAlias de XFree86 4.1.0 a 4.3.0 permite a usuarios locales y atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de aliases de fuentes (font.alias) con un token largo, una vulnerabilidad distinta de CAN-2004-0084 y CAN-2004-0106." } ], "id": "CVE-2004-0083", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.idefense.com/application/poi/display?id=72" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9636" }, { "source": "cve@mitre.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.xfree86.org/cvs/changes" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/application/poi/display?id=72" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.xfree86.org/cvs/changes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E", "vulnerable": true }, { "criteria": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "249FA642-3732-4654-88CB-3F1D19A5860A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." } ], "id": "CVE-2003-0730", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-10-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24168" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24247" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8514" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24247" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/8514" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0589" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-04-06 01:19
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "86FD134D-A5C5-4B08-962D-70CF07C74923", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*", "matchCriteriaId": "FA84692E-F99D-4207-B4F2-799A6ADB88AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "8B0F1091-4B76-44F5-B896-6D37E2F909A2", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "EF15862D-6108-4791-8817-622123C8D10C", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*", "matchCriteriaId": "F1672825-AB87-4402-A628-B33AE5B7D4C8", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*", "matchCriteriaId": "939216D8-9E6C-419E-BC0A-EC7F0F29CE95", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*", "matchCriteriaId": "E520564E-964D-4758-945B-5EF0C35E605C", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*", "matchCriteriaId": "2294D5A7-7B36-497A-B0F1-514BC49E1423", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "AB80939E-8B58-48B6-AFB7-9CF518C0EE1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*", "matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "DF578B64-57E2-4FCD-A6E1-F8F3317FDB88", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "61B11116-FA94-4989-89A1-C7B551D5195A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AFADBA5A-8168-40B8-B5CA-0F1F7F9193D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*", "matchCriteriaId": "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "matchCriteriaId": "81B543F9-C209-46C2-B0AE-E14818A6992E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "DB89C970-DE94-4E09-A90A-077DB83AD156", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "FE524195-06F1-4504-9223-07596588CC70", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*", "matchCriteriaId": "2FEED00F-3B70-4E57-AD80-7903AECED14B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*", "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "F5BB6C5D-4C43-4BB8-B1CE-A70BBE650CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC77812C-D84E-493E-9D21-1BA6C2129E70", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", "matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "77FF1412-A7DA-4669-8AE1-5A529AB387FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." }, { "lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila." } ], "id": "CVE-2007-1351", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-04-06T01:19:00.000", "references": [ { "source": "secalert@redhat.com", "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "source": "secalert@redhat.com", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24741" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24745" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24756" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24758" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24765" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24768" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24770" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24771" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24772" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24776" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24791" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24885" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24889" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24921" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24996" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25004" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25006" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25096" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25195" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25216" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25305" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25495" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28333" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30161" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33937" }, { "source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "source": "secalert@redhat.com", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "source": "secalert@redhat.com", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT3438" }, { "source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1294" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1454" }, { "source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "source": "secalert@redhat.com", "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "source": "secalert@redhat.com", "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/23283" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/23300" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/23402" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1017857" }, { "source": "secalert@redhat.com", "url": "http://www.trustix.org/errata/2007/0013/" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1213" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24741" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24758" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24765" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24768" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/24770" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24772" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24776" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24885" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24889" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24921" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25096" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25216" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30161" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33937" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3438" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1294" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1454" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/23283" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23300" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23402" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017857" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2007/0013/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.3 | |
openbsd | openbsd | 3.4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n ReadFontAlias en XFree86 4.1.0 a 4.3.0, cuando se usa la funci\u00f3n CopyISOLatin1Lowered, permite a usuarios locales o remotos autenticados ejecutar c\u00f3digo arbitrario mediante una entrada malformada en el fichero de aliases de fuentes (font.alias), una vulnerabilidad distinta de CAN-2004-0083 y CAN-2004-0106." } ], "id": "CVE-2004-0084", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.idefense.com/application/poi/display?id=73" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9652" }, { "source": "cve@mitre.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/application/poi/display?id=73" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9652" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-03-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*", "matchCriteriaId": "63A4B331-2868-46E3-9734-DC3AEFD2F756", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D129D08C-AF18-4F9D-9781-64B8C1CFD65E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*", "matchCriteriaId": "64BE98C2-8EFA-4349-9FE2-D62CA63A16C4", "vulnerable": true }, { "criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*", "matchCriteriaId": "7D0AC3A3-A37C-4053-B05F-A031877AC811", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "11D69B83-4EF3-407B-8E8C-DE623F099C17", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:x86_64:*:*:*:*:*", "matchCriteriaId": "F1D16230-3699-4AAA-9CAE-5CAF34628885", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "124E1802-7984-45ED-8A92-393FC20662FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "C7F08806-9458-439A-8EAE-2553122262ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B67020A-6942-4478-B501-764147C4970D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "0AD0FF64-05DF-48C2-9BB5-FD993121FB2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*", "matchCriteriaId": "E74E0A28-7C78-4160-8BCF-99605285C0EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "76159C25-0760-47CB-AFCE-28306CDEA830", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7786607A-362E-4817-A17E-C76D6A1F737D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*", "matchCriteriaId": "8A206E1C-C2EC-4356-8777-B18D7069A4C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*", "matchCriteriaId": "6E2FE291-1142-4627-A497-C0BB0D934A0B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "49BC7C7E-046C-4186-822E-9F3A2AD3577B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9E7D75A-333E-4C63-9593-F64ABA5D1CE3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*", "matchCriteriaId": "2FE69F6F-6B17-4C87-ACA4-A2A1FB47206A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "467A30EB-CB8F-4928-AC8F-F659084A9E2B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "714C1439-AB8E-4A8B-A783-D60E9DDC38D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "62CAE5B0-4D46-4A93-A343-C8E9CB574C62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "819868A7-EB1E-4CA9-8D71-72F194E5EFEB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*", "matchCriteriaId": "FB647A8B-ADB9-402B-96E1-45321C75731B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "0944FD27-736E-4B55-8D96-9F2CA9BB9B05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*", "matchCriteriaId": "373BB5AC-1F38-4D0A-97DC-08E9654403EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "B5E71DA3-F4A0-46AF-92A2-E691C7A65528", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0519FF7D-363E-4530-9E63-6EA3E88432DC", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*", "matchCriteriaId": "1975A2DD-EB22-4ED3-8719-F78AA7F414B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAE3FF4F-646F-4E05-A08A-C9399DEF60F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*", "matchCriteriaId": "19F606EE-530F-4C06-82DB-52035EE03FA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*", "matchCriteriaId": "A0E896D5-0005-4E7E-895D-B202AFCE09A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*", "matchCriteriaId": "5A8B313F-93C7-4558-9571-DE1111487E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*", "matchCriteriaId": "37F124FE-15F1-49D7-9E03-8E036CE1A20C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "D5F98B9A-880E-45F0-8C16-12B22970F0D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*", "matchCriteriaId": "B905C6E9-5058-4FD7-95B6-CD6AB6B2F516", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ], "id": "CVE-2005-0605", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-03-02T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/14460" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18049" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18316" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19624" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1013339" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/12714" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/92-1/" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/97-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/14460" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18316" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1013339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/12714" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/92-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/97-1/" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
open_group | x | 11.0r6 | |
open_group | x | 11.0r6.1 | |
open_group | x | 11.0r6.2 | |
open_group | x | 11.0r6.3 | |
open_group | x | 11.0r6.4 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*", "matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*", "matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*", "matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." } ], "id": "CVE-2000-0620", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-06-19T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1409" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1409" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://online.securityfocus.com/archive/1/195008 | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/194907 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/2985 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6808 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/195008 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/194907 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2985 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6808 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3 | |
xfree86_project | x11r6 | 3.3.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack." } ], "id": "CVE-2001-1086", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-04T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2985" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-17 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters." } ], "id": "CVE-2001-1179", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-17T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/197498" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/197498" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
x.org | x11r6 | 6.7.0 | |
x.org | x11r6 | 6.8 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.2.11 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.4 | |
openbsd | openbsd | 3.5 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen XPM malformada." } ], "id": "CVE-2004-0687", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-10-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "cve@mitre.org", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" }, { "source": "cve@mitre.org", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20235" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/27-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/27-1/" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
x.org | x11r6 | 6.7.0 | |
x.org | x11r6 | 6.8 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.2.11 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
openbsd | openbsd | 3.4 | |
openbsd | openbsd | 3.5 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en xpmParseColors en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de imagen XPM malformado." } ], "id": "CVE-2004-0688", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-10-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "cve@mitre.org", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20235" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/27-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-560" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/27-1/" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)." }, { "lang": "es", "value": "Errores de falta de signo en enteros en XFree86 4.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario cuando se usa la extensi\u00f3n GLX y la infraestructura Direct Rendering" } ], "id": "CVE-2004-0094", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-15T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/9701" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/9701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-11 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable." } ], "id": "CVE-2001-1178", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-11T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3030" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3030" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." }, { "lang": "es", "value": "El emulador de terminal xterm en XFree86 4.2.0 permite a atacantes modificar el t\u00edtulo de la ventana mediante cierta secuencia de caracter de escape y a continuaci\u00f3n insertarlo de vuelta en la linea de comando en el terminal del usuario, por ejemplo, cuando el usuario ve un fichero que contiene la secuencia maliciosa, lo que podr\u00eda permitir ejecutar comandos arbitrarios." } ], "id": "CVE-2003-0063", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6940" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6940" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1995-11-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD822532-8A72-44E2-9C55-6E91E14E5A29", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", "matchCriteriaId": "056B3397-81A9-4128-9F49-ECEBE1743EE8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*", "matchCriteriaId": "200D8CB2-0D52-40A8-9CD9-6E4513605201", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm." } ], "id": "CVE-1999-0241", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1995-11-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/1369 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://www.xfree86.org/security/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1369 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.xfree86.org/security/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnome | gdm | 1.0 | |
gnome | gdm | 1.1 | |
open_group | x | 11.0r5 | |
open_group | x | 11.0r6 | |
open_group | x | 11.0r6.1 | |
open_group | x | 11.0r6.2 | |
open_group | x | 11.0r6.3 | |
open_group | x | 11.0r6.4 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gdm:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "37AB5A38-A7C4-4016-8628-27AA0EC7E401", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r5:*:*:*:*:*:*:*", "matchCriteriaId": "A6BF5526-54BA-411B-8C18-BAD8801EEF18", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*", "matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*", "matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*", "matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430", "vulnerable": true }, { "criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro." } ], "id": "CVE-2000-0504", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-06-19T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1369" }, { "source": "cve@mitre.org", "url": "http://www.xfree86.org/security/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xfree86.org/security/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.2.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module." }, { "lang": "es", "value": "Vulnerabilidad de b\u00fasqueda en ruta no confiable en libX11.so en xfree86, cuando se usa en programas setuid o setid, permite a usuarios locales ganar privilegios de root mediante una variable de entorno LD_PRELOAD modificada que apunta a c\u00f3digo malicioso." } ], "id": "CVE-2002-1472", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/11922" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/5735" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/11922" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/5735" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-04-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter." } ], "id": "CVE-2000-0285", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-04-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/1306" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." }, { "lang": "es", "value": "XFree86 4.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante un \u00edndice de un array fuera de l\u00edmites cuando usa la extenesi\u00f3n GLX y la infraestructura Direct Rendering" } ], "id": "CVE-2004-0093", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-03-15T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9701" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/9701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." }, { "lang": "es", "value": "La capacidad de procesamiento DEC UDK en el emulador de terminal xterm de XFree86 4.2.0 permite a atacantes causar una denegaci\u00f3n de servicio mediante cierta secuencia de car\u00e1cter de escape que hace que el terminal entre en un bucle cerrado." } ], "id": "CVE-2003-0071", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6950" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2003/dsa-380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6950" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
michael_jennings | eterm | 0.8.10 | |
putty | putty | 0.48 | |
rxvt | rxvt | 2.6.1 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "B33FE201-759E-4EE4-B19E-A25E6FBD711B", "vulnerable": true }, { "criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*", "matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized." } ], "id": "CVE-2000-0476", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-06-01T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/1298" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-09-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title." } ], "id": "CVE-2001-0955", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-09-22T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3657" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3663" }, { "source": "cve@mitre.org", "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "source": "cve@mitre.org", "url": "http://www.xfree86.org/security/" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xfree86.org/security/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | 3.3 | |
xfree86_project | x11r6 | 3.3.2 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
sgi | irix | 6.5 | |
sgi | irix | 6.5.1 | |
sgi | irix | 6.5.2 | |
sgi | irix | 6.5.3 | |
sgi | irix | 6.5.4 | |
sgi | irix | 6.5.5 | |
sgi | irix | 6.5.6 | |
sgi | irix | 6.5.7 | |
sgi | irix | 6.5.8 | |
sgi | irix | 6.5.9 | |
sgi | irix | 6.5.10 | |
sgi | irix | 6.5.11 | |
sgi | irix | 6.5.12 | |
sgi | irix | 6.5.13 | |
hp | hp-ux | 10.10 | |
hp | hp-ux | 10.20 | |
hp | hp-ux | 10.24 | |
hp | hp-ux | 11.00 | |
hp | hp-ux | 11.04 | |
hp | hp-ux | 11.11 | |
hp | hp-ux | 11.22 | |
sun | solaris | 2.5.1 | |
sun | solaris | 2.5.1 | |
sun | solaris | 2.6 | |
sun | solaris | 7.0 | |
sun | solaris | 8.0 | |
sun | solaris | 9.0 | |
sun | solaris | 9.0 | |
sun | sunos | - | |
sun | sunos | 5.5.1 | |
sun | sunos | 5.7 | |
sun | sunos | 5.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "C30D6962-3DBB-4DF8-A04F-8E47AFEDCF99", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "36B60E50-4F5A-4404-BEA3-C94F7D27B156", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "6ECB750B-9F53-4DB6-8B26-71BCCA446FF7", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6B2E6D1-8C2D-4E15-A6BB-E4FE878ED1E7", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "440B7208-34DB-4898-8461-4E703F7EDFB7", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "5663579C-3AD2-4E5B-A595-C8DB984F9C26", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "D07AA144-6FD7-4C80-B4F2-D21C1AFC864A", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "29113D8E-9618-4A0E-9157-678332082858", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "313613E9-4837-433C-90EE-84A92E8D24E5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "41AA1290-5039-406F-B195-3A4C018202D3", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "60CC9410-F6B8-4748-B76F-30626279028E", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "DCC67401-C85A-4E4E-AE61-85FEBBF4346B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "1C4427AC-07C1-4765-981B-B5D86D698C2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "63EF0CEE-74A9-45C8-8AFD-77815230ACC6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "38BFA923-7D80-4F01-AF9F-6F13209948AC", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "EDE44C49-172C-4899-8CC8-29AA99A7CD2F", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*", "matchCriteriaId": "4259A901-A1CF-44EE-80C4-2031D3FCADC3", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "9B7A7B90-9086-4A10-8FB4-1C1D909BC173", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F", "vulnerable": true }, { "criteria": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*", "matchCriteriaId": "EBD0DC0A-ACAD-4870-9C0F-3095F2AC8CCD", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "54AF87E4-52A4-44CA-B48E-A5BB139E6410", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*", "matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*", "matchCriteriaId": "3F305CBD-4329-44DE-A85C-DE9FF371425E", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en la rutina Dispatch() en el servidor de fuentes XFS (fs.auto) en Solaris 2.5.1 a 9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario mediante una cierta petici\u00f3n XFS." } ], "id": "CVE-2002-1317", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-11T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/advisories/4988" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6241" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/advisories/4988" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/6241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xfree86_project | x11r6 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xfree86_project:x11r6:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD822532-8A72-44E2-9C55-6E91E14E5A29", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." }, { "lang": "es", "value": "xdm, con la variable authComplain puesta a falso, permite a atacantes arbitrarios conectar al servidor X si el directorio auth de xdm no existe." } ], "id": "CVE-2002-1510", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-03-03T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11389.php" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/11389.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lesstif | lesstif | 0.93 | |
lesstif | lesstif | 0.93.12 | |
lesstif | lesstif | 0.93.18 | |
lesstif | lesstif | 0.93.34 | |
lesstif | lesstif | 0.93.36 | |
lesstif | lesstif | 0.93.40 | |
lesstif | lesstif | 0.93.91 | |
lesstif | lesstif | 0.93.94 | |
lesstif | lesstif | 0.93.96 | |
x.org | x11r6 | 6.7.0 | |
x.org | x11r6 | 6.8 | |
x.org | x11r6 | 6.8.1 | |
xfree86_project | x11r6 | 3.3 | |
xfree86_project | x11r6 | 3.3.2 | |
xfree86_project | x11r6 | 3.3.3 | |
xfree86_project | x11r6 | 3.3.4 | |
xfree86_project | x11r6 | 3.3.5 | |
xfree86_project | x11r6 | 3.3.6 | |
xfree86_project | x11r6 | 4.0 | |
xfree86_project | x11r6 | 4.0.1 | |
xfree86_project | x11r6 | 4.0.2.11 | |
xfree86_project | x11r6 | 4.0.3 | |
xfree86_project | x11r6 | 4.1.0 | |
xfree86_project | x11r6 | 4.1.11 | |
xfree86_project | x11r6 | 4.1.12 | |
xfree86_project | x11r6 | 4.2.0 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.2.1 | |
xfree86_project | x11r6 | 4.3.0 | |
gentoo | linux | * | |
redhat | fedora_core | core_2.0 | |
redhat | fedora_core | core_3.0 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 | |
suse | suse_linux | 9.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "AC8ECE7C-01E7-42C2-B8D0-20A3F0FF6202", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*", "matchCriteriaId": "F6B420D2-2684-4956-9AB2-36A2337F08F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*", "matchCriteriaId": "617462F8-47C2-418D-ABC3-B72509A65D58", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*", "matchCriteriaId": "184385E0-A3A7-4877-BC7B-0AAC48FA197A", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*", "matchCriteriaId": "069774CF-5CD4-4787-A066-5C9054FDCED0", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*", "matchCriteriaId": "AD3BF142-D7F7-491D-9175-DC61889237DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*", "matchCriteriaId": "0C1FC296-553B-460E-88FD-86C530086382", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*", "matchCriteriaId": "63A4B331-2868-46E3-9734-DC3AEFD2F756", "vulnerable": true }, { "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*", "matchCriteriaId": "6BCCBDBC-FBBD-414E-A4D8-D3C4220E8A35", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947", "vulnerable": true }, { "criteria": "cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D129D08C-AF18-4F9D-9781-64B8C1CFD65E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*", "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades en libXpm 6.8.1 y anteriores, usada en XFree86 y otros paquetes, incluyendo\r\n(1) m\u00faltiples desbordamientos de enteros,\r\n(2) accesos de memoria fuera de l\u00edmites,\r\n(3) atravesamiento de directorios,\r\n(4) metacaract\u00e9res de shell,\r\n(5) bucles infinitos, y\r\n(6) filtraciones de memoria\r\npodr\u00edan permitir a atacantes remotos obtener informaci\u00f3n sensible, causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante un cierto fichero de imagen XPM." } ], "id": "CVE-2004-0914", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13224/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "cve@mitre.org", "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11694" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "source": "cve@mitre.org", "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "source": "cve@mitre.org", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/13224/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
CVE-2000-0476 (GCVE-0-2000-0476)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
References
► | URL | Tags |
---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:31.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000601 Re: [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "name": "20000601 [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "name": "1298", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1298" }, { "name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-01T00:00:00", "descriptions": [ { "lang": "en", "value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:13:15.549161", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000601 Re: [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html" }, { "name": "20000601 [rootshell.com] Xterm DoS Attack", "tags": [ "mailing-list" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html" }, { "name": "1298", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/1298" }, { "name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1" }, { "name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0476", "datePublished": "2000-07-12T04:00:00", "dateReserved": "2000-07-11T00:00:00", "dateUpdated": "2024-08-08T05:21:31.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-1178 (GCVE-0-2001-1178)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:44:08.284Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20010711 suid xman 3.1.6 overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "name": "3030", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3030" }, { "name": "xfree86-xman-manpath-bo(6853)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20010711 suid xman 3.1.6 overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "name": "3030", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3030" }, { "name": "xfree86-xman-manpath-bo(6853)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1178", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20010711 suid xman 3.1.6 overflows", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html" }, { "name": "3030", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3030" }, { "name": "xfree86-xman-manpath-bo(6853)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1178", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:44:08.284Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0688 (GCVE-0-2004-0688)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.110Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#537878", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "TA05-136A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "name": "oval:org.mitre.oval:def:11796", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "libxpm-xpmfile-integer-overflow(17416)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "name": "11196", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#537878", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/537878" }, { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "TA05-136A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "name": "oval:org.mitre.oval:def:11796", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "tags": [ "x_refsource_MISC" ], "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "libxpm-xpmfile-integer-overflow(17416)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "name": "11196", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0688", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#537878", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/537878" }, { "name": "RHSA-2005:004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "TA05-136A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-560" }, { "name": "oval:org.mitre.oval:def:11796", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" }, { "name": "http://scary.beasts.org/security/CESA-2004-003.txt", "refsource": "MISC", "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "libxpm-xpmfile-integer-overflow(17416)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" }, { "name": "11196", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch", "refsource": "CONFIRM", "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0688", "datePublished": "2004-09-24T04:00:00", "dateReserved": "2004-07-13T00:00:00", "dateUpdated": "2024-08-08T00:24:27.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0093 (GCVE-0-2004-0093)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:02.925Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "xfree86-glx-array-dos(15272)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-19T00:00:00", "descriptions": [ { "lang": "en", "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-08-12T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "xfree86-glx-array-dos(15272)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0093", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "xfree86-glx-array-dos(15272)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272" }, { "name": "20040406-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "CLSA-2004:824", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0093", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-01-23T00:00:00", "dateUpdated": "2024-08-08T00:10:02.925Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-1086 (GCVE-0-2001-1086)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:44:07.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "xdm-cookie-brute-force(6808)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "name": "20010705 Re: xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "name": "20010704 xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "name": "2985", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/2985" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-04T00:00:00", "descriptions": [ { "lang": "en", "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "xdm-cookie-brute-force(6808)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "name": "20010705 Re: xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/195008" }, { "name": "20010704 xdm cookies fast brute force", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/194907" }, { "name": "2985", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/2985" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1086", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "xdm-cookie-brute-force(6808)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808" }, { "name": "20010705 Re: xdm cookies fast brute force", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/195008" }, { "name": "20010704 xdm cookies fast brute force", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/194907" }, { "name": "2985", "refsource": "BID", "url": "http://www.securityfocus.com/bid/2985" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1086", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:44:07.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1317 (GCVE-0-2002-1317)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:19:28.528Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBUX0212-228", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/advisories/4988" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "name": "oval:org.mitre.oval:def:149", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "name": "CA-2002-34", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "name": "oval:org.mitre.oval:def:152", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "name": "oval:org.mitre.oval:def:2816", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "name": "VU#312313", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "third-party-advisory", "x_refsource_ISS", "x_transferred" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "name": "solaris-fsauto-execute-code(10375)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "name": "20021202-01-I", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "name": "6241", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6241" }, { "name": "N-024", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-11-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "HPSBUX0212-228", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/advisories/4988" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "name": "oval:org.mitre.oval:def:149", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "name": "CA-2002-34", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "name": "oval:org.mitre.oval:def:152", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "name": "oval:org.mitre.oval:def:2816", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "name": "VU#312313", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/312313" }, { "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability", "tags": [ "third-party-advisory", "x_refsource_ISS" ], "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "name": "solaris-fsauto-execute-code(10375)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10375.php" }, { "name": "20021202-01-I", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "name": "6241", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6241" }, { "name": "N-024", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1317", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBUX0212-228", "refsource": "HP", "url": "http://www.securityfocus.com/advisories/4988" }, { "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" }, { "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2" }, { "name": "oval:org.mitre.oval:def:149", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" }, { "name": "CA-2002-34", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2002-34.html" }, { "name": "oval:org.mitre.oval:def:152", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" }, { "name": "oval:org.mitre.oval:def:2816", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" }, { "name": "VU#312313", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/312313" }, { "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability", "refsource": "ISS", "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" }, { "name": "solaris-fsauto-execute-code(10375)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10375.php" }, { "name": "20021202-01-I", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" }, { "name": "6241", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6241" }, { "name": "N-024", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1317", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-11-25T00:00:00", "dateUpdated": "2024-08-08T03:19:28.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0241 (GCVE-0-1999-0241)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:34:51.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T07:01:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0241", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0241", "datePublished": "2000-02-04T05:00:00", "dateReserved": "1999-06-07T00:00:00", "dateUpdated": "2024-08-01T16:34:51.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0083 (GCVE-0-2004-0083)
Vulnerability from cvelistv5
Published
2004-02-14 05:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "xfree86-fontalias-bo(15130)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=72" }, { "name": "9636", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9636" }, { "name": "GLSA-200402-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "oval:org.mitre.oval:def:806", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:830", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/cvs/changes" }, { "name": "VU#820006", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "name": "20040211 XFree86 vulnerability exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "name": "oval:org.mitre.oval:def:9612", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "xfree86-fontalias-bo(15130)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.idefense.com/application/poi/display?id=72" }, { "name": "9636", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9636" }, { "name": "GLSA-200402-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "oval:org.mitre.oval:def:806", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:830", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/cvs/changes" }, { "name": "VU#820006", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/820006" }, { "name": "20040211 XFree86 vulnerability exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "name": "oval:org.mitre.oval:def:9612", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0083", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SuSE-SA:2004:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "RHSA-2004:060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "xfree86-fontalias-bo(15130)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130" }, { "name": "57768", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "http://www.idefense.com/application/poi/display?id=72", "refsource": "MISC", "url": "http://www.idefense.com/application/poi/display?id=72" }, { "name": "9636", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9636" }, { "name": "GLSA-200402-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml" }, { "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2" }, { "name": "FLSA:2314", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "oval:org.mitre.oval:def:806", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806" }, { "name": "MDKSA-2004:012", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:830", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830" }, { "name": "RHSA-2004:059", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "http://www.xfree86.org/cvs/changes", "refsource": "CONFIRM", "url": "http://www.xfree86.org/cvs/changes" }, { "name": "VU#820006", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/820006" }, { "name": "20040211 XFree86 vulnerability exploit", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2" }, { "name": "oval:org.mitre.oval:def:9612", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612" }, { "name": "RHSA-2004:061", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0083", "datePublished": "2004-02-14T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:01:23.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0504 (GCVE-0-2000-0504)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:31.029Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/security/" }, { "name": "1369", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1369" }, { "name": "20000619 XFree86: libICE DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-19T00:00:00", "descriptions": [ { "lang": "en", "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/security/" }, { "name": "1369", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1369" }, { "name": "20000619 XFree86: libICE DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0504", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.xfree86.org/security/", "refsource": "CONFIRM", "url": "http://www.xfree86.org/security/" }, { "name": "1369", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1369" }, { "name": "20000619 XFree86: libICE DoS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0504", "datePublished": "2001-05-07T04:00:00", "dateReserved": "2000-07-11T00:00:00", "dateUpdated": "2024-08-08T05:21:31.029Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0730 (GCVE-0-2003-0730)
Vulnerability from cvelistv5
Published
2003-09-03 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "24168", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24168" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "name": "20030830 Multiple integer overflows in XFree86 (local/remote)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "ADV-2007-0589", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "name": "8514", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8514" }, { "name": "20031101-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "name": "MDKSA-2003:089", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "name": "RHSA-2003:289", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "name": "102803", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "name": "RHSA-2003:287", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "name": "RHSA-2003:286", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "name": "24247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24247" }, { "name": "NetBSD-SA2003-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:288", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "24168", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24168" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "name": "20030830 Multiple integer overflows in XFree86 (local/remote)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "ADV-2007-0589", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "name": "8514", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8514" }, { "name": "20031101-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "name": "MDKSA-2003:089", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "name": "RHSA-2003:289", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "name": "102803", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "name": "RHSA-2003:287", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "name": "RHSA-2003:286", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "name": "24247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24247" }, { "name": "NetBSD-SA2003-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:288", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0730", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "24168", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24168" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm" }, { "name": "20030830 Multiple integer overflows in XFree86 (local/remote)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "ADV-2007-0589", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0589" }, { "name": "8514", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8514" }, { "name": "20031101-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc" }, { "name": "MDKSA-2003:089", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089" }, { "name": "RHSA-2003:289", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html" }, { "name": "102803", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1" }, { "name": "RHSA-2003:287", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html" }, { "name": "RHSA-2003:286", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html" }, { "name": "24247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24247" }, { "name": "NetBSD-SA2003-015", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc" }, { "name": "DSA-380", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:288", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0730", "datePublished": "2003-09-03T04:00:00", "dateReserved": "2003-09-02T00:00:00", "dateUpdated": "2024-08-08T02:05:12.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0285 (GCVE-0-2000-0285)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:14:21.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000416 XFree86 server overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "name": "1306", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1306" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-04-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000416 XFree86 server overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "name": "1306", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1306" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0285", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20000416 XFree86 server overflow", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html" }, { "name": "1306", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1306" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0285", "datePublished": "2000-10-13T04:00:00", "dateReserved": "2000-04-26T00:00:00", "dateUpdated": "2024-08-08T05:14:21.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0914 (GCVE-0-2004-0914)
Vulnerability from cvelistv5
Published
2004-12-15 05:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:48.097Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "libxpm-directory-traversal(18146)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "name": "USN-83-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "name": "libxpm-image-bo(18142)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "name": "13224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13224/" }, { "name": "oval:org.mitre.oval:def:9943", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "name": "FEDORA-2004-433", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "name": "RHSA-2004:610", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "name": "libxpm-improper-memory-access(18144)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "DSA-607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "name": "11694", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11694" }, { "name": "GLSA-200502-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "name": "USN-83-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "name": "HPSBTU01228", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "name": "MDKSA-2004:137", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "name": "GLSA-200411-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "name": "libxpm-dos(18147)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "name": "libxpm-command-execution(18145)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "libxpm-directory-traversal(18146)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "name": "USN-83-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "name": "libxpm-image-bo(18142)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "name": "13224", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13224/" }, { "name": "oval:org.mitre.oval:def:9943", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "name": "FEDORA-2004-433", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "name": "RHSA-2004:610", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "name": "libxpm-improper-memory-access(18144)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "DSA-607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-607" }, { "name": "11694", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11694" }, { "name": "GLSA-200502-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "name": "USN-83-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "name": "HPSBTU01228", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "name": "MDKSA-2004:137", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "name": "GLSA-200411-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "name": "libxpm-dos(18147)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "name": "libxpm-command-execution(18145)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0914", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2005:004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "libxpm-directory-traversal(18146)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146" }, { "name": "USN-83-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-83-1" }, { "name": "RHSA-2004:537", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html" }, { "name": "libxpm-image-bo(18142)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142" }, { "name": "13224", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13224/" }, { "name": "oval:org.mitre.oval:def:9943", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943" }, { "name": "FEDORA-2004-433", "refsource": "FEDORA", "url": "http://www.linuxsecurity.com/content/view/106877/102/" }, { "name": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch", "refsource": "CONFIRM", "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch" }, { "name": "RHSA-2004:610", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html" }, { "name": "libxpm-improper-memory-access(18144)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144" }, { "name": "GLSA-200502-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "name": "FLSA-2006:152803", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "DSA-607", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-607" }, { "name": "11694", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11694" }, { "name": "GLSA-200502-06", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml" }, { "name": "USN-83-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-83-2" }, { "name": "HPSBTU01228", "refsource": "HP", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228" }, { "name": "MDKSA-2004:137", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137" }, { "name": "GLSA-200411-28", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml" }, { "name": "libxpm-dos(18147)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147" }, { "name": "libxpm-command-execution(18145)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0914", "datePublished": "2004-12-15T05:00:00", "dateReserved": "2004-09-27T00:00:00", "dateUpdated": "2024-08-08T00:31:48.097Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-1351 (GCVE-0-2007-1351)
Vulnerability from cvelistv5
Published
2007-04-06 01:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.134Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2007:0150", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "name": "24745", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24745" }, { "name": "24921", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24921" }, { "name": "oval:org.mitre.oval:def:1810", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "name": "33937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33937" }, { "name": "2007-0013", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0013/" }, { "name": "24771", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24771" }, { "name": "GLSA-200705-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "name": "24889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24889" }, { "name": "24770", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24770" }, { "name": "25006", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25006" }, { "name": "24756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24756" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "name": "25495", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25495" }, { "name": "24996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24996" }, { "name": "23283", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23283" }, { "name": "RHSA-2007:0126", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "name": "23300", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23300" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3438" }, { "name": "GLSA-200705-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "name": "USN-448-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "name": "APPLE-SA-2009-02-12", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "MDKSA-2007:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "name": "SSA:2007-109-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "name": "SUSE-SR:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "name": "MDKSA-2007:081", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "name": "DSA-1454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1454" }, { "name": "24758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24758" }, { "name": "ADV-2007-1264", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "name": "1017857", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017857" }, { "name": "24885", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24885" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "name": "25096", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25096" }, { "name": "25195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25195" }, { "name": "RHSA-2007:0125", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "name": "24741", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24741" }, { "name": "APPLE-SA-2007-11-14", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "name": "24776", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24776" }, { "name": "28333", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28333" }, { "name": "24768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24768" }, { "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "name": "24791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24791" }, { "name": "SUSE-SA:2007:027", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "name": "30161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30161" }, { "name": "GLSA-200805-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "name": "DSA-1294", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1294" }, { "name": "24765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24765" }, { "name": "25216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25216" }, { "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "name": "ADV-2007-1548", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "name": "xorg-bdf-font-bo(33417)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "name": "102886", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "name": "ADV-2007-1217", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "name": "[4.0] 011: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1213" }, { "name": "23402", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23402" }, { "name": "25004", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25004" }, { "name": "25305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25305" }, { "name": "oval:org.mitre.oval:def:11266", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "name": "RHSA-2007:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "name": "24772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24772" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "name": "[3.9] 021: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "name": "MDKSA-2007:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2007:0150", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "name": "24745", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24745" }, { "name": "24921", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24921" }, { "name": "oval:org.mitre.oval:def:1810", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "name": "33937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33937" }, { "name": "2007-0013", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0013/" }, { "name": "24771", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24771" }, { "name": "GLSA-200705-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "name": "24889", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24889" }, { "name": "24770", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24770" }, { "name": "25006", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25006" }, { "name": "24756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24756" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "name": "25495", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25495" }, { "name": "24996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24996" }, { "name": "23283", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23283" }, { "name": "RHSA-2007:0126", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "name": "23300", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23300" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3438" }, { "name": "GLSA-200705-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "name": "USN-448-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "name": "APPLE-SA-2009-02-12", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "MDKSA-2007:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "name": "SSA:2007-109-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "name": "SUSE-SR:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "name": "MDKSA-2007:081", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "name": "DSA-1454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1454" }, { "name": "24758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24758" }, { "name": "ADV-2007-1264", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "name": "1017857", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017857" }, { "name": "24885", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24885" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "name": "25096", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25096" }, { "name": "25195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25195" }, { "name": "RHSA-2007:0125", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "name": "24741", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24741" }, { "name": "APPLE-SA-2007-11-14", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "name": "24776", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24776" }, { "name": "28333", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28333" }, { "name": "24768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24768" }, { "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "name": "24791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24791" }, { "name": "SUSE-SA:2007:027", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "name": "30161", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30161" }, { "name": "GLSA-200805-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "name": "DSA-1294", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1294" }, { "name": "24765", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24765" }, { "name": "25216", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25216" }, { "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "name": "ADV-2007-1548", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "name": "xorg-bdf-font-bo(33417)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "name": "102886", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "name": "ADV-2007-1217", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "name": "[4.0] 011: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1213" }, { "name": "23402", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23402" }, { "name": "25004", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25004" }, { "name": "25305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25305" }, { "name": "oval:org.mitre.oval:def:11266", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "name": "RHSA-2007:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "name": "24772", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24772" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "name": "[3.9] 021: SECURITY FIX: April 4, 2007", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "name": "MDKSA-2007:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-1351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2007:0150", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html" }, { "name": "24745", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24745" }, { "name": "24921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24921" }, { "name": "oval:org.mitre.oval:def:1810", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" }, { "name": "33937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33937" }, { "name": "2007-0013", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0013/" }, { "name": "24771", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24771" }, { "name": "GLSA-200705-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml" }, { "name": "24889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24889" }, { "name": "24770", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24770" }, { "name": "25006", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25006" }, { "name": "24756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24756" }, { "name": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954" }, { "name": "25495", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25495" }, { "name": "24996", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24996" }, { "name": "23283", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23283" }, { "name": "RHSA-2007:0126", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html" }, { "name": "23300", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23300" }, { "name": "http://support.apple.com/kb/HT3438", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3438" }, { "name": "GLSA-200705-10", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml" }, { "name": "USN-448-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-448-1" }, { "name": "APPLE-SA-2009-02-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" }, { "name": "MDKSA-2007:080", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" }, { "name": "SSA:2007-109-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733" }, { "name": "SUSE-SR:2007:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" }, { "name": "MDKSA-2007:081", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" }, { "name": "DSA-1454", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1454" }, { "name": "24758", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24758" }, { "name": "ADV-2007-1264", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1264" }, { "name": "1017857", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017857" }, { "name": "24885", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24885" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" }, { "name": "25096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25096" }, { "name": "25195", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25195" }, { "name": "RHSA-2007:0125", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html" }, { "name": "24741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24741" }, { "name": "APPLE-SA-2007-11-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" }, { "name": "24776", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24776" }, { "name": "28333", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28333" }, { "name": "24768", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24768" }, { "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" }, { "name": "24791", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24791" }, { "name": "SUSE-SA:2007:027", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html" }, { "name": "30161", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30161" }, { "name": "GLSA-200805-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=498954", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954" }, { "name": "DSA-1294", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1294" }, { "name": "24765", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24765" }, { "name": "25216", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25216" }, { "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" }, { "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded" }, { "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded" }, { "name": "ADV-2007-1548", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1548" }, { "name": "xorg-bdf-font-bo(33417)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" }, { "name": "102886", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" }, { "name": "ADV-2007-1217", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1217" }, { "name": "[4.0] 011: SECURITY FIX: April 4, 2007", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata40.html#011_xorg" }, { "name": "https://issues.rpath.com/browse/RPL-1213", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1213" }, { "name": "23402", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23402" }, { "name": "25004", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25004" }, { "name": "25305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25305" }, { "name": "oval:org.mitre.oval:def:11266", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" }, { "name": "RHSA-2007:0132", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html" }, { "name": "24772", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24772" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" }, { "name": "[3.9] 021: SECURITY FIX: April 4, 2007", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata39.html#021_xorg" }, { "name": "http://issues.foresightlinux.org/browse/FL-223", "refsource": "CONFIRM", "url": "http://issues.foresightlinux.org/browse/FL-223" }, { "name": "MDKSA-2007:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-1351", "datePublished": "2007-04-06T01:00:00", "dateReserved": "2007-03-08T00:00:00", "dateUpdated": "2024-08-07T12:50:35.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0063 (GCVE-0-2003-0063)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-10-29 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:35.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "6940", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6940" }, { "name": "terminal-emulator-window-title(11414)", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "xfree86", "vendor": "xfree86", "versions": [ { "lessThanOrEqual": "4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2003-0063", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-24T17:38:21.119752Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-29T14:05:49.769Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-15T10:05:53.568606", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "6940", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/6940" }, { "name": "terminal-emulator-window-title(11414)", "tags": [ "vdb-entry" ], "url": "http://www.iss.net/security_center/static/11414.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" }, { "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0063", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-04T00:00:00", "dateUpdated": "2024-10-29T14:05:49.769Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0433 (GCVE-0-1999-0433)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:41:44.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T07:33:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0433", "datePublished": "1999-09-29T04:00:00", "dateReserved": "1999-06-07T00:00:00", "dateUpdated": "2024-08-01T16:41:44.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1472 (GCVE-0-2002-1472)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:26:28.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "xfree86-x11-program-execution(10137)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "name": "SuSE-SA:2002:032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "name": "5735", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5735" }, { "name": "CLA-2002:529", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "name": "11922", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/11922" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-09-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-09-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "xfree86-x11-program-execution(10137)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10137.php" }, { "name": "SuSE-SA:2002:032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "name": "5735", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5735" }, { "name": "CLA-2002:529", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "name": "11922", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/11922" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1472", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2003:067", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "xfree86-x11-program-execution(10137)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10137.php" }, { "name": "SuSE-SA:2002:032", "refsource": "SUSE", "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html" }, { "name": "5735", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5735" }, { "name": "CLA-2002:529", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529" }, { "name": "11922", "refsource": "OSVDB", "url": "http://www.osvdb.org/11922" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1472", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-05T00:00:00", "dateUpdated": "2024-08-08T03:26:28.527Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0687 (GCVE-0-2004-0687)
Vulnerability from cvelistv5
Published
2004-09-24 00:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "VU#882750", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "name": "TA05-136A", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "tags": [ "x_transferred" ], "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "11196", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "tags": [ "x_transferred" ], "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "name": "oval:org.mitre.oval:def:9187", "tags": [ "vdb-entry", "signature", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "name": "libxpm-multiple-stack-bo(17414)", "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2005:004", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" }, { "name": "USN-27-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/27-1/" }, { "name": "ADV-2006-1914", "tags": [ "vdb-entry" ], "url": "http://www.vupen.com/english/advisories/2006/1914" }, { "name": "GLSA-200409-34", "tags": [ "vendor-advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" }, { "name": "VU#882750", "tags": [ "third-party-advisory" ], "url": "http://www.kb.cert.org/vuls/id/882750" }, { "name": "TA05-136A", "tags": [ "third-party-advisory" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" }, { "name": "MDKSA-2004:098", "tags": [ "vendor-advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" }, { "name": "HPSBUX02119", "tags": [ "vendor-advisory" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "RHSA-2004:537", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" }, { "name": "20040915 CESA-2004-004: libXpm", "tags": [ "mailing-list" ], "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2" }, { "name": "DSA-560", "tags": [ "vendor-advisory" ], "url": "http://www.debian.org/security/2004/dsa-560" }, { "url": "http://scary.beasts.org/security/CESA-2004-003.txt" }, { "name": "APPLE-SA-2005-05-03", "tags": [ "vendor-advisory" ], "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" }, { "name": "CLA-2005:924", "tags": [ "vendor-advisory" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924" }, { "name": "SUSE-SA:2004:034", "tags": [ "vendor-advisory" ], "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" }, { "name": "11196", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/11196" }, { "name": "GLSA-200502-07", "tags": [ "vendor-advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" }, { "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "20235", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/20235" }, { "name": "SSRT4848", "tags": [ "vendor-advisory" ], "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" }, { "name": "57653", "tags": [ "vendor-advisory" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" }, { "name": "oval:org.mitre.oval:def:9187", "tags": [ "vdb-entry", "signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187" }, { "name": "libxpm-multiple-stack-bo(17414)", "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414" }, { "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0687", "datePublished": "2004-09-24T00:00:00", "dateReserved": "2004-07-13T00:00:00", "dateUpdated": "2024-08-08T00:24:27.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0094 (GCVE-0-2004-0094)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "xfree86-glx-integer-dos(15273)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-03-04T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040406-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "xfree86-glx-integer-dos(15273)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "name": "CLSA-2004:824", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0094", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040406-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" }, { "name": "9701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9701" }, { "name": "RHSA-2004:152", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html" }, { "name": "xfree86-glx-integer-dos(15273)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" }, { "name": "CLSA-2004:824", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0094", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-01-23T00:00:00", "dateUpdated": "2024-08-08T00:10:03.564Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0071 (GCVE-0-2003-0071)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:34.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "terminal-emulator-dec-udk(11415)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "6950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6950" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-05-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-380", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "terminal-emulator-dec-udk(11415)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11415.php" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "6950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6950" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "20030224 Terminal Emulator Security Issues", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0071", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-380", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-380" }, { "name": "RHSA-2003:067", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" }, { "name": "RHSA-2003:066", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" }, { "name": "terminal-emulator-dec-udk(11415)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11415.php" }, { "name": "20030224 Terminal Emulator Security Issues", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "name": "RHSA-2003:064", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "6950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6950" }, { "name": "RHSA-2003:065", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "20030224 Terminal Emulator Security Issues", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0071", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-04T00:00:00", "dateUpdated": "2024-08-08T01:43:34.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1510 (GCVE-0-2002-1510)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:26:28.676Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CLA-2002:533", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "55602", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "name": "xfree86-xdm-unauth-access(11389)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/11389.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-10-16T00:00:00", "descriptions": [ { "lang": "en", "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-05-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "CLA-2002:533", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "name": "RHSA-2003:064", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "55602", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "tags": [ "x_refsource_MISC" ], "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "name": "xfree86-xdm-unauth-access(11389)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/11389.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1510", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "CLA-2002:533", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533" }, { "name": "RHSA-2003:064", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" }, { "name": "RHSA-2003:065", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" }, { "name": "55602", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" }, { "name": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG", "refsource": "MISC", "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" }, { "name": "xfree86-xdm-unauth-access(11389)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11389.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1510", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-19T00:00:00", "dateUpdated": "2024-08-08T03:26:28.676Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0106 (GCVE-0-2004-0106)
Vulnerability from cvelistv5
Published
2004-02-16 05:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:02.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "oval:org.mitre.oval:def:11111", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "oval:org.mitre.oval:def:809", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "name": "xfree86-multiple-font-improper-handling(15206)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:832", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "oval:org.mitre.oval:def:11111", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "oval:org.mitre.oval:def:809", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "name": "xfree86-multiple-font-improper-handling(15206)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:832", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0106", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SuSE-SA:2004:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "oval:org.mitre.oval:def:11111", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" }, { "name": "RHSA-2004:060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "oval:org.mitre.oval:def:809", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" }, { "name": "xfree86-multiple-font-improper-handling(15206)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" }, { "name": "FLSA:2314", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "MDKSA-2004:012", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "oval:org.mitre.oval:def:832", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" }, { "name": "RHSA-2004:059", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0106", "datePublished": "2004-02-16T05:00:00", "dateReserved": "2004-02-02T00:00:00", "dateUpdated": "2024-08-08T00:10:02.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-0955 (GCVE-0-2001-0955)
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:37:07.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3663", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3663" }, { "name": "3657", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3657" }, { "name": "20011207 Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "name": "20011208 Re: Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xfree86.org/security/" }, { "name": "xfree86-xterm-title-bo(7683)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "name": "xfree86-konqueror-bo(7673)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "name": "20010922 XFree86 DOS / Buffer overflow local and remote.", "tags": [ "mailing-list", "x_refsource_VULN-DEV", "x_transferred" ], "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3663", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3663" }, { "name": "3657", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3657" }, { "name": "20011207 Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "name": "20011208 Re: Crashing X", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xfree86.org/security/" }, { "name": "xfree86-xterm-title-bo(7683)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "tags": [ "x_refsource_MISC" ], "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "name": "xfree86-konqueror-bo(7673)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "name": "20010922 XFree86 DOS / Buffer overflow local and remote.", "tags": [ "mailing-list", "x_refsource_VULN-DEV" ], "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3663", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3663" }, { "name": "3657", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3657" }, { "name": "20011207 Crashing X", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2" }, { "name": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2", "refsource": "CONFIRM", "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2" }, { "name": "20011208 Re: Crashing X", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2" }, { "name": "http://www.xfree86.org/security/", "refsource": "CONFIRM", "url": "http://www.xfree86.org/security/" }, { "name": "xfree86-xterm-title-bo(7683)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683" }, { "name": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c", "refsource": "MISC", "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c" }, { "name": "xfree86-konqueror-bo(7673)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673" }, { "name": "20010922 XFree86 DOS / Buffer overflow local and remote.", "refsource": "VULN-DEV", "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0955", "datePublished": "2002-02-02T05:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2024-08-08T04:37:07.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0605 (GCVE-0-2005-0605)
Vulnerability from cvelistv5
Published
2005-03-04 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:21:06.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:331", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19624" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/92-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2005:331", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19624" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/92-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0605", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2005:331", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" }, { "name": "RHSA-2005:412", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" }, { "name": "1013339", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013339" }, { "name": "18049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18049" }, { "name": "20060403-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" }, { "name": "SCOSA-2006.5", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=83598", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" }, { "name": "GLSA-200503-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" }, { "name": "DSA-723", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-723" }, { "name": "19624", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19624" }, { "name": "https://bugs.freedesktop.org/attachment.cgi?id=1909", "refsource": "CONFIRM", "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "18316", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18316" }, { "name": "14460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14460" }, { "name": "RHSA-2005:198", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" }, { "name": "FLSA-2006:152803", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" }, { "name": "RHSA-2005:044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" }, { "name": "GLSA-200503-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" }, { "name": "12714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12714" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=83655", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" }, { "name": "RHSA-2005:473", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "SCOSA-2005.57", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" }, { "name": "USN-97-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/97-1/" }, { "name": "oval:org.mitre.oval:def:10411", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" }, { "name": "USN-92-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/92-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0605", "datePublished": "2005-03-04T05:00:00", "dateReserved": "2005-03-01T00:00:00", "dateUpdated": "2024-08-07T21:21:06.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0453 (GCVE-0-2000-0453)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:29.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000518 Nasty XFree Xserver DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "name": "1235", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1235" }, { "name": "CSSA-2000-012.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000518 Nasty XFree Xserver DoS", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "name": "1235", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1235" }, { "name": "CSSA-2000-012.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0453", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20000518 Nasty XFree Xserver DoS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html" }, { "name": "1235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1235" }, { "name": "CSSA-2000-012.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0453", "datePublished": "2000-07-12T04:00:00", "dateReserved": "2000-06-14T00:00:00", "dateUpdated": "2024-08-08T05:21:29.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0084 (GCVE-0-2004-0084)
Vulnerability from cvelistv5
Published
2004-02-14 05:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:831", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "VU#667502", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "xfree86-copyisolatin1lLowered-bo(15200)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "name": "oval:org.mitre.oval:def:807", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10405", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "name": "9652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9652" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=73" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:831", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "name": "SuSE-SA:2004:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "VU#667502", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/667502" }, { "name": "RHSA-2004:060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "57768", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "xfree86-copyisolatin1lLowered-bo(15200)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "name": "oval:org.mitre.oval:def:807", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "name": "FLSA:2314", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10405", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "name": "9652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9652" }, { "name": "MDKSA-2004:012", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.idefense.com/application/poi/display?id=73" }, { "name": "RHSA-2004:059", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0084", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:831", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831" }, { "name": "SuSE-SA:2004:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" }, { "name": "VU#667502", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/667502" }, { "name": "RHSA-2004:060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" }, { "name": "57768", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1" }, { "name": "CLA-2004:821", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821" }, { "name": "xfree86-copyisolatin1lLowered-bo(15200)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200" }, { "name": "oval:org.mitre.oval:def:807", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807" }, { "name": "FLSA:2314", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2" }, { "name": "DSA-443", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-443" }, { "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10405", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405" }, { "name": "9652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9652" }, { "name": "MDKSA-2004:012", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" }, { "name": "http://www.idefense.com/application/poi/display?id=73", "refsource": "MISC", "url": "http://www.idefense.com/application/poi/display?id=73" }, { "name": "RHSA-2004:059", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" }, { "name": "RHSA-2004:061", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" }, { "name": "SSA:2004-043", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0084", "datePublished": "2004-02-14T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:10:03.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0620 (GCVE-0-2000-0620)
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:21:31.408Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "libx11-infinite-loop-dos(4996)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "name": "20000619 XFree86: Various nasty libX11 holes", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "name": "1409", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1409" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-06-19T00:00:00", "descriptions": [ { "lang": "en", "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "libx11-infinite-loop-dos(4996)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "name": "20000619 XFree86: Various nasty libX11 holes", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "name": "1409", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1409" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0620", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "libx11-infinite-loop-dos(4996)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996" }, { "name": "20000619 XFree86: Various nasty libX11 holes", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2" }, { "name": "1409", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1409" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0620", "datePublished": "2001-09-18T04:00:00", "dateReserved": "2000-07-19T00:00:00", "dateUpdated": "2024-08-08T05:21:31.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2001-1179 (GCVE-0-2001-1179)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:44:08.304Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20010717 xman (suid) exploit, made easier.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/197498" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20010717 xman (suid) exploit, made easier.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/197498" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1179", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20010717 xman (suid) exploit, made easier.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/197498" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1179", "datePublished": "2002-03-15T05:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T04:44:08.304Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }