Daniel Stone

6 exploits Active since Mar 2006
CVE-2018-15859 WRITEUP MEDIUM WRITEUP
libxkbcommon < 0.8.2 - Denial of Service via Crafted Keymap File
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
CVSS 5.5
CVE-2018-15861 WRITEUP MEDIUM WRITEUP
libxkbcommon < 0.8.1 - Denial of Service via Crafted Keymap File
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
CVSS 5.5
CVE-2018-15862 WRITEUP MEDIUM WRITEUP
libxkbcommon < 0.8.2 - Denial of Service via Crafted Keymap File with Invalid Virtual Modifiers
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
CVSS 5.5
CVE-2018-15863 WRITEUP MEDIUM WRITEUP
libxkbcommon < 0.8.2 - Denial of Service via Crafted Keymap File
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
CVSS 5.5
CVE-2018-15864 WRITEUP MEDIUM WRITEUP
libxkbcommon < 0.8.1 - Denial of Service via Crafted Keymap File
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
CVSS 5.5
CVE-2006-0745 EXPLOITDB text WORKING POC
X.Org server <1.0.0 - Privilege Escalation
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.