Filtered by vendor Xfree86 Project Subscriptions
Total 39 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2003-0063 3 Redhat, Xfree86, Xfree86 Project 4 Enterprise Linux, Linux, Xfree86 and 1 more 2024-11-21 7.3 High
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVE-2002-1510 2 Redhat, Xfree86 Project 3 Enterprise Linux, Linux, X11r6 2024-11-21 N/A
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
CVE-2002-1472 2 Redhat, Xfree86 Project 2 Linux, X11r6 2024-11-21 N/A
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
CVE-2002-1317 4 Hp, Sgi, Sun and 1 more 5 Hp-ux, Irix, Solaris and 2 more 2024-11-21 N/A
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
CVE-2001-1409 2 Redhat, Xfree86 Project 3 Enterprise Linux, Linux, Xfree86 X Server 2024-11-21 N/A
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
CVE-2001-1179 1 Xfree86 Project 1 X11r6 2024-11-21 N/A
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
CVE-2001-1178 1 Xfree86 Project 1 X11r6 2024-11-21 N/A
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
CVE-2001-1086 1 Xfree86 Project 1 X11r6 2024-11-21 N/A
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
CVE-2001-0955 1 Xfree86 Project 1 X11r6 2024-11-21 N/A
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
CVE-2000-1060 1 Xfree86 Project 1 Xfce 2024-11-21 N/A
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
CVE-2000-0976 1 Xfree86 Project 1 Xlib 2024-11-21 N/A
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
CVE-2000-0620 2 Open Group, Xfree86 Project 2 X, X11r6 2024-11-21 N/A
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
CVE-2000-0504 3 Gnome, Open Group, Xfree86 Project 3 Gdm, X, X11r6 2024-11-21 N/A
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
CVE-2000-0476 4 Michael Jennings, Putty, Rxvt and 1 more 4 Eterm, Putty, Rxvt and 1 more 2024-11-21 N/A
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
CVE-2000-0453 1 Xfree86 Project 1 X11r6 2024-11-21 N/A
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
CVE-2000-0285 1 Xfree86 Project 1 X11r6 2024-11-21 N/A
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
CVE-1999-0433 5 Netbsd, Redhat, Slackware and 2 more 5 Netbsd, Linux, Slackware Linux and 2 more 2024-11-21 N/A
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
CVE-1999-0241 3 Sgi, Sun, Xfree86 Project 4 Irix, Solaris, Sunos and 1 more 2024-11-21 N/A
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
CVE-1999-0126 1 Xfree86 Project 1 Xfree86 2024-11-21 N/A
SGI IRIX buffer overflow in xterm and Xaw allows root access.