VYPR

Xfree86

by Xfree86

CVEs (24)

  • CVE-2004-0084Mar 3, 2004
    risk 0.05cvss epss 0.25

    Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than…

  • CVE-2004-0083Mar 3, 2004
    risk 0.05cvss epss 0.21

    Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

  • CVE-2000-0976Dec 19, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

  • CVE-2000-0504Jun 19, 2000
    risk 0.03cvss epss 0.03

    libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

  • CVE-2000-0453May 18, 2000
    risk 0.03cvss epss 0.03

    XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

  • CVE-1999-0433Mar 21, 1999
    risk 0.03cvss epss 0.01

    XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

  • CVE-2014-8101Dec 10, 2014
    risk 0.00cvss epss 0.04

    The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8100Dec 10, 2014
    risk 0.00cvss epss 0.04

    The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8099Dec 10, 2014
    risk 0.00cvss epss 0.04

    The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8098Dec 10, 2014
    risk 0.00cvss epss 0.05

    The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8093Dec 10, 2014
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via…

  • CVE-2012-1699Dec 21, 2012
    risk 0.00cvss epss 0.00

    The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and…

  • CVE-2006-6103Dec 31, 2006
    risk 0.00cvss epss 0.00

    Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified…

  • CVE-2006-4447Aug 30, 2006
    risk 0.00cvss epss 0.00

    X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by…

  • CVE-2005-4691Dec 31, 2005
    risk 0.00cvss epss 0.00

    imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted…

  • CVE-2005-2495Sep 15, 2005
    risk 0.00cvss epss 0.04

    Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.

  • CVE-2004-0094Mar 15, 2004
    risk 0.00cvss epss 0.03

    Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).

  • CVE-2004-0093Mar 15, 2004
    risk 0.00cvss epss 0.03

    XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).

  • CVE-2004-0106Mar 3, 2004
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.

  • CVE-2003-0730Oct 20, 2003
    risk 0.00cvss epss 0.05

    Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.

Page 1 of 2