Xfree86 Project
xfree86_project
39 CVEs • 8 products
Products (8)
Click to collapseToggle
Products (8)
Click to collapse
CVEs (39)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tigh...Show more |
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when t...Show more |
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. |
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious mo...Show more |
4Hp SgiSun+1 more5Hp Ux IrixSolaris+2 moreApr 16, 2026 Dec 11, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. |
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly thr...Show more |
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters. |
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. |
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force...Show more |
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. |
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges...Show more |
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop. |
3Gnome Open GroupXfree86 Project3Gdm XX11r6Apr 16, 2026 Jun 19, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. |
4Michael Jennings PuttyRxvt+1 more4Eterm PuttyRxvt+1 moreApr 16, 2026 Jun 1, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized. |
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000. |
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. |
5Netbsd RedhatSlackware+2 more5Linux NetbsdSlackware Linux+2 moreApr 16, 2026 Mar 21, 1999 N/A· v4 N/A· v3 4.6 MEDIUM· v2 XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. |
SGI IRIX buffer overflow in xterm and Xaw allows root access. |
3Sgi SunXfree86 Project4Irix SolarisSunos+1 moreApr 16, 2026 Nov 1, 1995 N/A· v4 N/A· v3 10.0 HIGH· v2 Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. |