9.3

CVE-2011-0465

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Matthias HopfXrdb Version <= 1.0.8
Matthias HopfXrdb Version1.0.2
Matthias HopfXrdb Version1.0.3
Matthias HopfXrdb Version1.0.4
Matthias HopfXrdb Version1.0.5
Matthias HopfXrdb Version1.0.6
Matthias HopfXrdb Version1.0.7
XX11 Version <= r7.6
XX11 Versionr1
XX11 Versionr2
XX11 Versionr3
XX11 Versionr4
XX11 Versionr5
XX11 Versionr6
XX11 Versionr6.1
XX11 Versionr6.3
XX11 Versionr6.4
XX11 Versionr6.5.1
XX11 Versionr6.6
XX11 Versionr6.7
XX11 Versionr6.7.0
XX11 Versionr6.8.0
XX11 Versionr6.8.1
XX11 Versionr6.8.2
XX11 Versionr6.9.0
XX11 Versionr7.0
XX11 Versionr7.1
XX11 Versionr7.2
XX11 Versionr7.3
XX11 Versionr7.4
XX11 Versionr7.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.9% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.