Vendor CVEs
Xfree86
All CVEs
33 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0063 | Hig | 0.48 | 7.3 | 0.03 | Mar 3, 2003 | The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence,… | ||
| CVE-2004-0084 | 0.05 | — | 0.25 | Mar 3, 2004 | Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than… | |||
| CVE-2004-0083 | 0.05 | — | 0.21 | Mar 3, 2004 | Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. | |||
| CVE-2001-1086 | 0.03 | — | 0.03 | Jul 4, 2001 | XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. | |||
| CVE-2000-0976 | 0.03 | — | 0.01 | Dec 19, 2000 | Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. | |||
| CVE-2000-0504 | 0.03 | — | 0.03 | Jun 19, 2000 | libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | |||
| CVE-2000-0453 | 0.03 | — | 0.03 | May 18, 2000 | XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000. | |||
| CVE-1999-0433 | 0.03 | — | 0.01 | Mar 21, 1999 | XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | |||
| CVE-1999-1489 | 0.03 | — | 0.01 | Mar 4, 1997 | Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument. | |||
| CVE-2014-8101 | 0.00 | — | 0.04 | Dec 10, 2014 | The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a… | |||
| CVE-2014-8100 | 0.00 | — | 0.04 | Dec 10, 2014 | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a… | |||
| CVE-2014-8099 | 0.00 | — | 0.04 | Dec 10, 2014 | The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a… | |||
| CVE-2014-8098 | 0.00 | — | 0.05 | Dec 10, 2014 | The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a… | |||
| CVE-2014-8093 | 0.00 | — | 0.04 | Dec 10, 2014 | Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via… | |||
| CVE-2011-2504 | 0.00 | — | 0.00 | Mar 8, 2013 | Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. | |||
| CVE-2012-1699 | 0.00 | — | 0.00 | Dec 21, 2012 | The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and… | |||
| CVE-2006-6102 | 0.00 | — | 0.03 | Dec 31, 2006 | Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified… | |||
| CVE-2006-6103 | 0.00 | — | 0.00 | Dec 31, 2006 | Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified… | |||
| CVE-2006-6101 | 0.00 | — | 0.00 | Dec 31, 2006 | Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph… | |||
| CVE-2006-4447 | 0.00 | — | 0.00 | Aug 30, 2006 | X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by… | |||
| CVE-2005-4691 | 0.00 | — | 0.00 | Dec 31, 2005 | imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted… | |||
| CVE-2005-2495 | 0.00 | — | 0.04 | Sep 15, 2005 | Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. | |||
| CVE-2004-0419 | 0.00 | — | 0.02 | Aug 18, 2004 | XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. | |||
| CVE-2004-0094 | 0.00 | — | 0.03 | Mar 15, 2004 | Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). | |||
| CVE-2004-0093 | 0.00 | — | 0.03 | Mar 15, 2004 | XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). | |||
| CVE-2004-0106 | 0.00 | — | 0.00 | Mar 3, 2004 | Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. | |||
| CVE-2003-0730 | 0.00 | — | 0.05 | Oct 20, 2003 | Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. | |||
| CVE-2002-1472 | 0.00 | — | 0.00 | Mar 3, 2003 | Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. | |||
| CVE-2003-0071 | 0.00 | — | 0.00 | Mar 3, 2003 | The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. | |||
| CVE-2002-0164 | 0.00 | — | 0.00 | Mar 15, 2002 | Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. | |||
| CVE-2001-0955 | 0.00 | — | 0.00 | Sep 22, 2001 | Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an… | |||
| CVE-2000-0285 | 0.00 | — | 0.01 | Apr 16, 2000 | Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. | |||
| CVE-1999-0434 | 0.00 | — | 0.01 | Mar 30, 1999 | XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. |
- risk 0.48cvss 7.3epss 0.03
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence,…
- CVE-2004-0084Mar 3, 2004risk 0.05cvss —epss 0.25
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than…
- CVE-2004-0083Mar 3, 2004risk 0.05cvss —epss 0.21
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
- CVE-2001-1086Jul 4, 2001risk 0.03cvss —epss 0.03
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
- CVE-2000-0976Dec 19, 2000risk 0.03cvss —epss 0.01
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
- CVE-2000-0504Jun 19, 2000risk 0.03cvss —epss 0.03
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
- CVE-2000-0453May 18, 2000risk 0.03cvss —epss 0.03
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
- CVE-1999-0433Mar 21, 1999risk 0.03cvss —epss 0.01
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
- CVE-1999-1489Mar 4, 1997risk 0.03cvss —epss 0.01
Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument.
- CVE-2014-8101Dec 10, 2014risk 0.00cvss —epss 0.04
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…
- CVE-2014-8100Dec 10, 2014risk 0.00cvss —epss 0.04
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…
- CVE-2014-8099Dec 10, 2014risk 0.00cvss —epss 0.04
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…
- CVE-2014-8098Dec 10, 2014risk 0.00cvss —epss 0.05
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…
- CVE-2014-8093Dec 10, 2014risk 0.00cvss —epss 0.04
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via…
- CVE-2011-2504Mar 8, 2013risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.
- CVE-2012-1699Dec 21, 2012risk 0.00cvss —epss 0.00
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and…
- CVE-2006-6102Dec 31, 2006risk 0.00cvss —epss 0.03
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified…
- CVE-2006-6103Dec 31, 2006risk 0.00cvss —epss 0.00
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified…
- CVE-2006-6101Dec 31, 2006risk 0.00cvss —epss 0.00
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph…
- CVE-2006-4447Aug 30, 2006risk 0.00cvss —epss 0.00
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by…
- CVE-2005-4691Dec 31, 2005risk 0.00cvss —epss 0.00
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted…
- CVE-2005-2495Sep 15, 2005risk 0.00cvss —epss 0.04
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
- CVE-2004-0419Aug 18, 2004risk 0.00cvss —epss 0.02
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
- CVE-2004-0094Mar 15, 2004risk 0.00cvss —epss 0.03
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
- CVE-2004-0093Mar 15, 2004risk 0.00cvss —epss 0.03
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
- CVE-2004-0106Mar 3, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
- CVE-2003-0730Oct 20, 2003risk 0.00cvss —epss 0.05
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
- CVE-2002-1472Mar 3, 2003risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
- CVE-2003-0071Mar 3, 2003risk 0.00cvss —epss 0.00
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
- CVE-2002-0164Mar 15, 2002risk 0.00cvss —epss 0.00
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
- CVE-2001-0955Sep 22, 2001risk 0.00cvss —epss 0.00
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an…
- CVE-2000-0285Apr 16, 2000risk 0.00cvss —epss 0.01
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
- CVE-1999-0434Mar 30, 1999risk 0.00cvss —epss 0.01
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.