Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for xorg-server by X.Org

    CVE-2026-55999 (GCVE-0-2026-55999)

    Vulnerability from nvd – Published: 2026-07-08 08:07 – Updated: 2026-07-09 03:55
    VLAI
    Title
    xorg-server / xwayland glamor font atlas Heap Buffer Overflow
    Summary
    Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    X.Org xorg-server Affected: 0 , < 21.1.24 (rpm)
    Create a notification for this product.
    X.Org xwayland Affected: 0 , < 24.1.13 (rpm)
    Create a notification for this product.
    Date Public
    2026-07-08 07:51
    Credits
    Anonymous working with Trend Micro Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55999",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:43.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "xorg-server",
              "product": "xorg-server",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "21.1.24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "xwayland",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with Trend Micro Zero Day Initiative."
            }
          ],
          "datePublic": "2026-07-08T07:51:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
                }
              ],
              "value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T08:12:17.088Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2026/07/08/2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "xorg-server / xwayland glamor font atlas Heap Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-55999",
        "datePublished": "2026-07-08T08:07:11.088Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-09T03:55:43.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-3164 (GCVE-0-2015-3164)

    Vulnerability from nvd – Published: 2015-07-01 14:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.freedesktop.org/archives/wayland-dev… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/75535 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201701-64 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:31.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[wayland-devel] 20150610 X.Org/Wayland Security Advisory: Missing authentication in XWayland",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html"
              },
              {
                "name": "75535",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75535"
              },
              {
                "name": "GLSA-201701-64",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-64"
              },
              {
                "name": "openSUSE-SU-2015:1095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[wayland-devel] 20150610 X.Org/Wayland Security Advisory: Missing authentication in XWayland",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html"
            },
            {
              "name": "75535",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75535"
            },
            {
              "name": "GLSA-201701-64",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-64"
            },
            {
              "name": "openSUSE-SU-2015:1095",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3164",
        "datePublished": "2015-07-01T14:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:31.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4730 (GCVE-0-2007-4730)

    Vulnerability from nvd – Published: 2007-09-11 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://osvdb.org/37726 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/26823 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1728 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200710-16.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/26859 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27147 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-08… vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/bid/25606 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/usn-514-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/26743 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27228 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30161 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    http://www.securitytracker.com/id?1018665 vdb-entryx_refsource_SECTRACK
    http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187 x_refsource_CONFIRM
    http://secunia.com/advisories/26897 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26755 third-party-advisoryx_refsource_SECUNIA
    http://bugs.freedesktop.org/show_bug.cgi?id=7447 x_refsource_CONFIRM
    http://secunia.com/advisories/26763 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/27179 third-party-advisoryx_refsource_SECUNIA
    http://bugs.gentoo.org/show_bug.cgi?id=191964 x_refsource_CONFIRM
    http://www.debian.org/security/2007/dsa-1372 vendor-advisoryx_refsource_DEBIAN
    http://www.vupen.com/english/advisories/2007/3098 vdb-entryx_refsource_VUPEN
    Date Public
    2007-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2007:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_54_xorg.html"
              },
              {
                "name": "MDKSA-2007:178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:178"
              },
              {
                "name": "[xorg-announce] 20070906 xorg-server 1.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html"
              },
              {
                "name": "37726",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37726"
              },
              {
                "name": "26823",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26823"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1728"
              },
              {
                "name": "GLSA-200710-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200710-16.xml"
              },
              {
                "name": "26859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26859"
              },
              {
                "name": "27147",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27147"
              },
              {
                "name": "RHSA-2007:0898",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0898.html"
              },
              {
                "name": "MDVSA-2008:022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
              },
              {
                "name": "25606",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25606"
              },
              {
                "name": "USN-514-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-514-1"
              },
              {
                "name": "26743",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26743"
              },
              {
                "name": "27228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27228"
              },
              {
                "name": "30161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30161"
              },
              {
                "name": "xorg-composite-bo(36535)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36535"
              },
              {
                "name": "GLSA-200805-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
              },
              {
                "name": "1018665",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018665"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187"
              },
              {
                "name": "26897",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26897"
              },
              {
                "name": "26755",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26755"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.freedesktop.org/show_bug.cgi?id=7447"
              },
              {
                "name": "26763",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26763"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:10430",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430"
              },
              {
                "name": "27179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27179"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=191964"
              },
              {
                "name": "DSA-1372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1372"
              },
              {
                "name": "ADV-2007-3098",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2007:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_54_xorg.html"
            },
            {
              "name": "MDKSA-2007:178",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:178"
            },
            {
              "name": "[xorg-announce] 20070906 xorg-server 1.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html"
            },
            {
              "name": "37726",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37726"
            },
            {
              "name": "26823",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26823"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1728"
            },
            {
              "name": "GLSA-200710-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200710-16.xml"
            },
            {
              "name": "26859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26859"
            },
            {
              "name": "27147",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27147"
            },
            {
              "name": "RHSA-2007:0898",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0898.html"
            },
            {
              "name": "MDVSA-2008:022",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
            },
            {
              "name": "25606",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25606"
            },
            {
              "name": "USN-514-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-514-1"
            },
            {
              "name": "26743",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26743"
            },
            {
              "name": "27228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27228"
            },
            {
              "name": "30161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "xorg-composite-bo(36535)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36535"
            },
            {
              "name": "GLSA-200805-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "1018665",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018665"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187"
            },
            {
              "name": "26897",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26897"
            },
            {
              "name": "26755",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26755"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.freedesktop.org/show_bug.cgi?id=7447"
            },
            {
              "name": "26763",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26763"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:10430",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430"
            },
            {
              "name": "27179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=191964"
            },
            {
              "name": "DSA-1372",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1372"
            },
            {
              "name": "ADV-2007-3098",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3098"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4730",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2007:054",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_54_xorg.html"
                },
                {
                  "name": "MDKSA-2007:178",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:178"
                },
                {
                  "name": "[xorg-announce] 20070906 xorg-server 1.4",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html"
                },
                {
                  "name": "37726",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37726"
                },
                {
                  "name": "26823",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26823"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1728",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1728"
                },
                {
                  "name": "GLSA-200710-16",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200710-16.xml"
                },
                {
                  "name": "26859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26859"
                },
                {
                  "name": "27147",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27147"
                },
                {
                  "name": "RHSA-2007:0898",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0898.html"
                },
                {
                  "name": "MDVSA-2008:022",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
                },
                {
                  "name": "25606",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25606"
                },
                {
                  "name": "USN-514-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-514-1"
                },
                {
                  "name": "26743",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26743"
                },
                {
                  "name": "27228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27228"
                },
                {
                  "name": "30161",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30161"
                },
                {
                  "name": "xorg-composite-bo(36535)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36535"
                },
                {
                  "name": "GLSA-200805-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
                },
                {
                  "name": "1018665",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018665"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187"
                },
                {
                  "name": "26897",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26897"
                },
                {
                  "name": "26755",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26755"
                },
                {
                  "name": "http://bugs.freedesktop.org/show_bug.cgi?id=7447",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.freedesktop.org/show_bug.cgi?id=7447"
                },
                {
                  "name": "26763",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26763"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:10430",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430"
                },
                {
                  "name": "27179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27179"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=191964",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=191964"
                },
                {
                  "name": "DSA-1372",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1372"
                },
                {
                  "name": "ADV-2007-3098",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3098"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4730",
        "datePublished": "2007-09-11T19:00:00.000Z",
        "dateReserved": "2007-09-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4447 (GCVE-0-2006-4447)

    Vulnerability from nvd – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
    VLAI
    Summary
    X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21660 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg/2006-J… mailing-listx_refsource_MLIST
    http://www.kb.cert.org/vuls/id/300368 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2006/3409 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/21693 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1193 vendor-advisoryx_refsource_DEBIAN
    http://security.gentoo.org/glsa/glsa-200704-22.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/22332 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0409 vdb-entryx_refsource_VUPEN
    http://security.gentoo.org/glsa/glsa-200608-25.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/23697 vdb-entryx_refsource_BID
    http://secunia.com/advisories/25059 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/25032 third-party-advisoryx_refsource_SECUNIA
    http://mail.gnome.org/archives/beast/2006-Decembe… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/19742 vdb-entryx_refsource_BID
    http://secunia.com/advisories/21650 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:14:46.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21660",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21660"
              },
              {
                "name": "MDKSA-2006:160",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
              },
              {
                "name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
              },
              {
                "name": "VU#300368",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/300368"
              },
              {
                "name": "ADV-2006-3409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3409"
              },
              {
                "name": "21693",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21693"
              },
              {
                "name": "DSA-1193",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1193"
              },
              {
                "name": "GLSA-200704-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
              },
              {
                "name": "22332",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22332"
              },
              {
                "name": "ADV-2007-0409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0409"
              },
              {
                "name": "GLSA-200608-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
              },
              {
                "name": "23697",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23697"
              },
              {
                "name": "25059",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25059"
              },
              {
                "name": "25032",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25032"
              },
              {
                "name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
              },
              {
                "name": "19742",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19742"
              },
              {
                "name": "21650",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21650"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-09-07T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21660",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21660"
            },
            {
              "name": "MDKSA-2006:160",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
            },
            {
              "name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
            },
            {
              "name": "VU#300368",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/300368"
            },
            {
              "name": "ADV-2006-3409",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3409"
            },
            {
              "name": "21693",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21693"
            },
            {
              "name": "DSA-1193",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1193"
            },
            {
              "name": "GLSA-200704-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
            },
            {
              "name": "22332",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22332"
            },
            {
              "name": "ADV-2007-0409",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0409"
            },
            {
              "name": "GLSA-200608-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
            },
            {
              "name": "23697",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23697"
            },
            {
              "name": "25059",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25059"
            },
            {
              "name": "25032",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25032"
            },
            {
              "name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
            },
            {
              "name": "19742",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19742"
            },
            {
              "name": "21650",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21650"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21660",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21660"
                },
                {
                  "name": "MDKSA-2006:160",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
                },
                {
                  "name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
                },
                {
                  "name": "VU#300368",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/300368"
                },
                {
                  "name": "ADV-2006-3409",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3409"
                },
                {
                  "name": "21693",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21693"
                },
                {
                  "name": "DSA-1193",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1193"
                },
                {
                  "name": "GLSA-200704-22",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
                },
                {
                  "name": "22332",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22332"
                },
                {
                  "name": "ADV-2007-0409",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0409"
                },
                {
                  "name": "GLSA-200608-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
                },
                {
                  "name": "23697",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23697"
                },
                {
                  "name": "25059",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25059"
                },
                {
                  "name": "25032",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25032"
                },
                {
                  "name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
                  "refsource": "MLIST",
                  "url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
                },
                {
                  "name": "19742",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19742"
                },
                {
                  "name": "21650",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21650"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4447",
        "datePublished": "2006-08-30T01:00:00.000Z",
        "dateReserved": "2006-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:14:46.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-55999 (GCVE-0-2026-55999)

    Vulnerability from cvelistv5 – Published: 2026-07-08 08:07 – Updated: 2026-07-09 03:55
    VLAI
    Title
    xorg-server / xwayland glamor font atlas Heap Buffer Overflow
    Summary
    Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    X.Org xorg-server Affected: 0 , < 21.1.24 (rpm)
    Create a notification for this product.
    X.Org xwayland Affected: 0 , < 24.1.13 (rpm)
    Create a notification for this product.
    Date Public
    2026-07-08 07:51
    Credits
    Anonymous working with Trend Micro Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55999",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:43.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "xorg-server",
              "product": "xorg-server",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "21.1.24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "xwayland",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with Trend Micro Zero Day Initiative."
            }
          ],
          "datePublic": "2026-07-08T07:51:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
                }
              ],
              "value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T08:12:17.088Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2026/07/08/2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "xorg-server / xwayland glamor font atlas Heap Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-55999",
        "datePublished": "2026-07-08T08:07:11.088Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-09T03:55:43.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-3164 (GCVE-0-2015-3164)

    Vulnerability from cvelistv5 – Published: 2015-07-01 14:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.freedesktop.org/archives/wayland-dev… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/75535 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201701-64 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:31.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[wayland-devel] 20150610 X.Org/Wayland Security Advisory: Missing authentication in XWayland",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html"
              },
              {
                "name": "75535",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75535"
              },
              {
                "name": "GLSA-201701-64",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-64"
              },
              {
                "name": "openSUSE-SU-2015:1095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[wayland-devel] 20150610 X.Org/Wayland Security Advisory: Missing authentication in XWayland",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html"
            },
            {
              "name": "75535",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75535"
            },
            {
              "name": "GLSA-201701-64",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-64"
            },
            {
              "name": "openSUSE-SU-2015:1095",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3164",
        "datePublished": "2015-07-01T14:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:31.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4730 (GCVE-0-2007-4730)

    Vulnerability from cvelistv5 – Published: 2007-09-11 19:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://osvdb.org/37726 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/26823 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1728 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200710-16.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/26859 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27147 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-08… vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/bid/25606 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/usn-514-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/26743 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27228 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30161 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    http://www.securitytracker.com/id?1018665 vdb-entryx_refsource_SECTRACK
    http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187 x_refsource_CONFIRM
    http://secunia.com/advisories/26897 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/26755 third-party-advisoryx_refsource_SECUNIA
    http://bugs.freedesktop.org/show_bug.cgi?id=7447 x_refsource_CONFIRM
    http://secunia.com/advisories/26763 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/27179 third-party-advisoryx_refsource_SECUNIA
    http://bugs.gentoo.org/show_bug.cgi?id=191964 x_refsource_CONFIRM
    http://www.debian.org/security/2007/dsa-1372 vendor-advisoryx_refsource_DEBIAN
    http://www.vupen.com/english/advisories/2007/3098 vdb-entryx_refsource_VUPEN
    Date Public
    2007-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2007:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_54_xorg.html"
              },
              {
                "name": "MDKSA-2007:178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:178"
              },
              {
                "name": "[xorg-announce] 20070906 xorg-server 1.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html"
              },
              {
                "name": "37726",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37726"
              },
              {
                "name": "26823",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26823"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1728"
              },
              {
                "name": "GLSA-200710-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200710-16.xml"
              },
              {
                "name": "26859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26859"
              },
              {
                "name": "27147",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27147"
              },
              {
                "name": "RHSA-2007:0898",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0898.html"
              },
              {
                "name": "MDVSA-2008:022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
              },
              {
                "name": "25606",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25606"
              },
              {
                "name": "USN-514-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-514-1"
              },
              {
                "name": "26743",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26743"
              },
              {
                "name": "27228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27228"
              },
              {
                "name": "30161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30161"
              },
              {
                "name": "xorg-composite-bo(36535)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36535"
              },
              {
                "name": "GLSA-200805-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
              },
              {
                "name": "1018665",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018665"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187"
              },
              {
                "name": "26897",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26897"
              },
              {
                "name": "26755",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26755"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.freedesktop.org/show_bug.cgi?id=7447"
              },
              {
                "name": "26763",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26763"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:10430",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430"
              },
              {
                "name": "27179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27179"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=191964"
              },
              {
                "name": "DSA-1372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1372"
              },
              {
                "name": "ADV-2007-3098",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2007:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_54_xorg.html"
            },
            {
              "name": "MDKSA-2007:178",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:178"
            },
            {
              "name": "[xorg-announce] 20070906 xorg-server 1.4",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html"
            },
            {
              "name": "37726",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37726"
            },
            {
              "name": "26823",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26823"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1728"
            },
            {
              "name": "GLSA-200710-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200710-16.xml"
            },
            {
              "name": "26859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26859"
            },
            {
              "name": "27147",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27147"
            },
            {
              "name": "RHSA-2007:0898",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0898.html"
            },
            {
              "name": "MDVSA-2008:022",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
            },
            {
              "name": "25606",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25606"
            },
            {
              "name": "USN-514-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-514-1"
            },
            {
              "name": "26743",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26743"
            },
            {
              "name": "27228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27228"
            },
            {
              "name": "30161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "xorg-composite-bo(36535)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36535"
            },
            {
              "name": "GLSA-200805-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "1018665",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018665"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187"
            },
            {
              "name": "26897",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26897"
            },
            {
              "name": "26755",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26755"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.freedesktop.org/show_bug.cgi?id=7447"
            },
            {
              "name": "26763",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26763"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:10430",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430"
            },
            {
              "name": "27179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=191964"
            },
            {
              "name": "DSA-1372",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1372"
            },
            {
              "name": "ADV-2007-3098",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3098"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4730",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2007:054",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_54_xorg.html"
                },
                {
                  "name": "MDKSA-2007:178",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:178"
                },
                {
                  "name": "[xorg-announce] 20070906 xorg-server 1.4",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html"
                },
                {
                  "name": "37726",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37726"
                },
                {
                  "name": "26823",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26823"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1728",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1728"
                },
                {
                  "name": "GLSA-200710-16",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200710-16.xml"
                },
                {
                  "name": "26859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26859"
                },
                {
                  "name": "27147",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27147"
                },
                {
                  "name": "RHSA-2007:0898",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0898.html"
                },
                {
                  "name": "MDVSA-2008:022",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
                },
                {
                  "name": "25606",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25606"
                },
                {
                  "name": "USN-514-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-514-1"
                },
                {
                  "name": "26743",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26743"
                },
                {
                  "name": "27228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27228"
                },
                {
                  "name": "30161",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30161"
                },
                {
                  "name": "xorg-composite-bo(36535)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36535"
                },
                {
                  "name": "GLSA-200805-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
                },
                {
                  "name": "1018665",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018665"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187"
                },
                {
                  "name": "26897",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26897"
                },
                {
                  "name": "26755",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26755"
                },
                {
                  "name": "http://bugs.freedesktop.org/show_bug.cgi?id=7447",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.freedesktop.org/show_bug.cgi?id=7447"
                },
                {
                  "name": "26763",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26763"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:10430",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430"
                },
                {
                  "name": "27179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27179"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=191964",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=191964"
                },
                {
                  "name": "DSA-1372",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1372"
                },
                {
                  "name": "ADV-2007-3098",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3098"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4730",
        "datePublished": "2007-09-11T19:00:00.000Z",
        "dateReserved": "2007-09-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4447 (GCVE-0-2006-4447)

    Vulnerability from cvelistv5 – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
    VLAI
    Summary
    X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21660 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg/2006-J… mailing-listx_refsource_MLIST
    http://www.kb.cert.org/vuls/id/300368 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2006/3409 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/21693 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1193 vendor-advisoryx_refsource_DEBIAN
    http://security.gentoo.org/glsa/glsa-200704-22.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/22332 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0409 vdb-entryx_refsource_VUPEN
    http://security.gentoo.org/glsa/glsa-200608-25.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/23697 vdb-entryx_refsource_BID
    http://secunia.com/advisories/25059 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/25032 third-party-advisoryx_refsource_SECUNIA
    http://mail.gnome.org/archives/beast/2006-Decembe… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/19742 vdb-entryx_refsource_BID
    http://secunia.com/advisories/21650 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:14:46.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21660",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21660"
              },
              {
                "name": "MDKSA-2006:160",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
              },
              {
                "name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
              },
              {
                "name": "VU#300368",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/300368"
              },
              {
                "name": "ADV-2006-3409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3409"
              },
              {
                "name": "21693",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21693"
              },
              {
                "name": "DSA-1193",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2006/dsa-1193"
              },
              {
                "name": "GLSA-200704-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
              },
              {
                "name": "22332",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22332"
              },
              {
                "name": "ADV-2007-0409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0409"
              },
              {
                "name": "GLSA-200608-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
              },
              {
                "name": "23697",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23697"
              },
              {
                "name": "25059",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25059"
              },
              {
                "name": "25032",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25032"
              },
              {
                "name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
              },
              {
                "name": "19742",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19742"
              },
              {
                "name": "21650",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21650"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-09-07T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21660",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21660"
            },
            {
              "name": "MDKSA-2006:160",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
            },
            {
              "name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
            },
            {
              "name": "VU#300368",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/300368"
            },
            {
              "name": "ADV-2006-3409",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3409"
            },
            {
              "name": "21693",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21693"
            },
            {
              "name": "DSA-1193",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1193"
            },
            {
              "name": "GLSA-200704-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
            },
            {
              "name": "22332",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22332"
            },
            {
              "name": "ADV-2007-0409",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0409"
            },
            {
              "name": "GLSA-200608-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
            },
            {
              "name": "23697",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23697"
            },
            {
              "name": "25059",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25059"
            },
            {
              "name": "25032",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25032"
            },
            {
              "name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
            },
            {
              "name": "19742",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19742"
            },
            {
              "name": "21650",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21650"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21660",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21660"
                },
                {
                  "name": "MDKSA-2006:160",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
                },
                {
                  "name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
                },
                {
                  "name": "VU#300368",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/300368"
                },
                {
                  "name": "ADV-2006-3409",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3409"
                },
                {
                  "name": "21693",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21693"
                },
                {
                  "name": "DSA-1193",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2006/dsa-1193"
                },
                {
                  "name": "GLSA-200704-22",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
                },
                {
                  "name": "22332",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22332"
                },
                {
                  "name": "ADV-2007-0409",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0409"
                },
                {
                  "name": "GLSA-200608-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
                },
                {
                  "name": "23697",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23697"
                },
                {
                  "name": "25059",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25059"
                },
                {
                  "name": "25032",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25032"
                },
                {
                  "name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
                  "refsource": "MLIST",
                  "url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
                },
                {
                  "name": "19742",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19742"
                },
                {
                  "name": "21650",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21650"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4447",
        "datePublished": "2006-08-30T01:00:00.000Z",
        "dateReserved": "2006-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:14:46.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }