Lucene search
+L

532 matches found

nessus
nessus
added 2018/01/09 12:0 a.m.20 views

GLSA-201801-10 : LibXfont, LibXfont2: Arbitrary file access

The remote host is affected by the vulnerability described in GLSA-201801-10 LibXfont, LibXfont2: Arbitrary file access It was discovered that libXfont incorrectly followed symlinks when opening font files. Impact : A local unprivileged user could use this flaw to cause the X server to access...

5.5CVSS6.5AI score0.0042EPSS
Exploits0References2
nessus
nessus
added 2017/12/18 12:0 a.m.29 views

FreeBSD : libXfont -- permission bypass when opening files through symlinks (08a125f3-e35a-11e7-a293-54e1ad3d6335)

the freedesktop.org project reports : A non-privileged X client can instruct X server running under root to open any file by creating own directory with 'fonts.dir', 'fonts.alias' or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue...

5.5CVSS6.3AI score0.0042EPSS
Exploits0References3
nessus
nessus
added 2017/12/18 12:0 a.m.25 views

FreeBSD : libXfont -- multiple memory leaks (3b9590a1-e358-11e7-a293-54e1ad3d6335)

The freedesktop.org project reports : If a pattern contains '?' character, any character in the string is skipped, even if it is '\0'. The rest of the matching then reads invalid memory. Without the checks a malformed PCF file can cause the library to make atom from random heap memory that was...

7.1CVSS6.3AI score0.00442EPSS
Exploits0References5
nessus
nessus
added 2017/12/14 12:0 a.m.25 views

openSUSE Security Update : libXfont (openSUSE-2017-1357)

This update for libXfont fixes several issues. These security issues were fixed : - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads bsc1054285 - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information bsc1049692 - Prevent the X server from...

7.1CVSS6.5AI score0.00442EPSS
Exploits0References5
osv
osv
added 2017/12/06 11:43 a.m.3 views

MGASA-2017-0442 Updated libxfont/libxfont2 packages fix security vulnerability

Fixes open files with ONOFOLLOW. CVE-2017-16611...

5.5CVSS5.4AI score0.0042EPSS
Exploits0References3
mageia
mageia
added 2017/12/06 11:43 a.m.52 views

Updated libxfont/libxfont2 packages fix security vulnerability

Fixes open files with ONOFOLLOW. CVE-2017-16611...

5.5CVSS1.9AI score0.0042EPSS
Exploits0References2
cnvd
cnvd
added 2017/12/05 12:0 a.m.6 views

libXfont and libXfont2 Arbitrary File Access Vulnerabilities

libXfont and libXfont2 are both X.Org Foundation X font processing libraries for servers and utilities. A security vulnerability exists in libXfont versions prior to 1.5.4 and libXfont2 versions prior to 2.0.3. A local attacker could exploit this vulnerability to allow the X server to access...

5.5CVSS6.7AI score0.0042EPSS
Exploits0References1
prion
prion
added 2017/12/01 5:29 p.m.19 views

Open redirect

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

4.9CVSS5.2AI score0.0042EPSS
Exploits0References8Affected Software3
nvd
nvd
added 2017/12/01 5:29 p.m.14 views

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS5.2AI score0.0042EPSS
Exploits0References8
attackerkb
attackerkb
added 2017/12/01 5:29 p.m.1 views

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS5.5AI score0.0042EPSS
Exploits0References11
osv
osv
added 2017/12/01 5:29 p.m.2 views

ALPINE-CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS6.7AI score0.0042EPSS
Exploits0References1
osv
osv
added 2017/12/01 5:29 p.m.17 views

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS6.4AI score
Exploits0References8
cve
cve
added 2017/12/01 5:0 p.m.135 views

CVE-2017-16611

Summary: CVE-2017-16611 affects libXfont (<=1.5.4) and libXfont2 (

5.5CVSS5.2AI score0.0042EPSS
Exploits0References8Affected Software1
debiancve
debiancve
added 2017/12/01 5:0 p.m.36 views

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS5.2AI score0.0042EPSS
Exploits0
alpinelinux
alpinelinux
added 2017/12/01 5:0 p.m.67 views

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS5.4AI score0.0042EPSS
Exploits0
redhatcve
redhatcve
added 2017/11/30 5:50 a.m.17 views

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS2.6AI score0.0042EPSS
Exploits0References1
nessus
nessus
added 2017/11/30 12:0 a.m.31 views

Ubuntu 14.04 LTS / 16.04 LTS : libXfont vulnerability (USN-3500-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3500-1 advisory. It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X...

5.5CVSS6.5AI score0.0042EPSS
Exploits0References2
nessus
nessus
added 2017/11/30 12:0 a.m.24 views

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 : libXfont (SSA:2017-333-02)

New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and 14.2 to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-333-02. The text itse...

5.5CVSS6.2AI score0.0042EPSS
Exploits0References2
openvas
openvas
added 2017/11/30 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-3500-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.8AI score0.0042EPSS
Exploits0References2
osv
osv
added 2017/11/29 6:1 p.m.2 views

USN-3500-1 libxfont, libxfont1, libxfont2 vulnerability

It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files...

5.5CVSS6.8AI score0.0042EPSS
Exploits0References2
Rows per page
Query Builder