CVE-2022-4283 : X.ORG X11 SERVER XKBGETKBDBYNAME REQUEST XKBCOPYNAMES USE AFTER FREE

Description

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

References

https://access.redhat.com/security/cve/CVE-2022-4283

https://bugzilla.redhat.com/show_bug.cgi?id=2151761

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-8523 : LMXCMS UP TO 1.4 SQL COMMAND EXECUTION MODULE ADMIN.PHP FORMATDATA DATA CODE INJECTION

CVE-2024-8523 : LMXCMS UP TO 1.4 SQL COMMAND EXECUTION MODULE ADMIN.PHP FORMATDATA DATA CODE INJECTION

Description A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the

CVE-2024-25584 : OPEN-XCHANGE OX DOVECOT PRO UP TO 2.3.21 DATA COMMAND DATA AUTHENTICITY

CVE-2024-25584 : OPEN-XCHANGE OX DOVECOT PRO UP TO 2.3.21 DATA COMMAND DATA AUTHENTICITY

Description Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be

CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING

CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING

Description A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index