Security Vulnerabilities - CVEs Published In March 2024
Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-27
Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.
CVSS Score
4.2
EPSS Score
0.0
Published
2024-03-27
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-03-27
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-03-27
S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().
CVSS Score
9.1
EPSS Score
0.001
Published
2024-03-27
Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-03-27
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-03-27
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-03-27
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.
CVSS Score
8.3
EPSS Score
0.007
Published
2024-03-27
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-03-27