Xlock
by David Bagley
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19520 | Hig | 0.51 | 7.8 | 0.01 | Dec 5, 2019 | xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. | ||
| CVE-2001-0652 | 0.03 | — | 0.01 | Oct 30, 2001 | Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. | |||
| CVE-2000-0763 | 0.03 | — | 0.01 | Oct 20, 2000 | xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. | |||
| CVE-1999-0306 | 0.03 | — | 0.02 | Nov 4, 1997 | buffer overflow in HP xlock program. | |||
| CVE-1999-0030 | 0.03 | — | 0.01 | Jul 16, 1997 | root privileges via buffer overflow in xlock command on SGI IRIX systems. | |||
| CVE-2000-0455 | 0.00 | — | 0.00 | May 29, 2000 | Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option. |
- risk 0.51cvss 7.8epss 0.01
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
- CVE-2001-0652Oct 30, 2001risk 0.03cvss —epss 0.01
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
- CVE-2000-0763Oct 20, 2000risk 0.03cvss —epss 0.01
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.
- CVE-1999-0306Nov 4, 1997risk 0.03cvss —epss 0.02
buffer overflow in HP xlock program.
- CVE-1999-0030Jul 16, 1997risk 0.03cvss —epss 0.01
root privileges via buffer overflow in xlock command on SGI IRIX systems.
- CVE-2000-0455May 29, 2000risk 0.00cvss —epss 0.00
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.