VYPR
Vendor

Xfree86

Products
7
CVEs
33
Across products
33
Status
Private

Products

7

Recent CVEs

33
View all 33 CVEs →
  • CVE-2003-0063HigMar 3, 2003
    risk 0.48cvss 7.3epss 0.03

    The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence,…

  • CVE-2004-0084Mar 3, 2004
    risk 0.05cvss epss 0.25

    Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than…

  • CVE-2004-0083Mar 3, 2004
    risk 0.05cvss epss 0.21

    Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

  • CVE-2001-1086Jul 4, 2001
    risk 0.03cvss epss 0.03

    XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

  • CVE-2000-0976Dec 19, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

  • CVE-2000-0504Jun 19, 2000
    risk 0.03cvss epss 0.03

    libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

  • CVE-2000-0453May 18, 2000
    risk 0.03cvss epss 0.03

    XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

  • CVE-1999-0433Mar 21, 1999
    risk 0.03cvss epss 0.01

    XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

  • CVE-1999-1489Mar 4, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument.

  • CVE-2014-8101Dec 10, 2014
    risk 0.00cvss epss 0.04

    The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8100Dec 10, 2014
    risk 0.00cvss epss 0.04

    The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8099Dec 10, 2014
    risk 0.00cvss epss 0.04

    The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8098Dec 10, 2014
    risk 0.00cvss epss 0.05

    The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8093Dec 10, 2014
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via…

  • CVE-2011-2504Mar 8, 2013
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.

  • CVE-2012-1699Dec 21, 2012
    risk 0.00cvss epss 0.00

    The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and…

  • CVE-2006-6102Dec 31, 2006
    risk 0.00cvss epss 0.03

    Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified…

  • CVE-2006-6103Dec 31, 2006
    risk 0.00cvss epss 0.00

    Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified…

  • CVE-2006-6101Dec 31, 2006
    risk 0.00cvss epss 0.00

    Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph…

  • CVE-2006-4447Aug 30, 2006
    risk 0.00cvss epss 0.00

    X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by…

VYPR — Vulnerability Intelligence