Home/Product/xfree86 project x11r6
Product

xfree86 project x11r6

31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2007-1351
all versions
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and e
 CVE-2006-4447
all versions
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid an
 CVE-2006-1526
all versions
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (c
 CVE-2006-0745
all versions
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if
 CVE-2005-0605
all versions
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
 CVE-2004-0914
all versions
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer over
 CVE-2004-0688
all versions
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) Pa
 CVE-2004-0687
all versions
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in
 CVE-2004-0419
all versions
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to conne
 CVE-2004-0094
all versions
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code
 CVE-2004-0093
all versions
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array
 CVE-2004-0106
all versions
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnera
 CVE-2004-0084
all versions
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows loca
 CVE-2004-0083
all versions
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute
 CVE-2003-0730
all versions
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or
 CVE-2003-0071
all versions
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial o
 CVE-2003-0063
all versions
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escap
7.3HIGH
 CVE-2002-1510
all versions
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory
 CVE-2002-1472
all versions
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain ro
 CVE-2002-1317
all versions
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a
 CVE-2001-0955
all versions
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a den
 CVE-2001-1179
all versions
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metachara
 CVE-2001-1178
all versions
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
 CVE-2001-1086
all versions
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, wh
 CVE-2000-0620
all versions
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an
 CVE-2000-0504
all versions
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked b
 CVE-2000-0476
all versions
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the windo
 CVE-2000-0453
all versions
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is se
 CVE-2000-0285
all versions
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
 CVE-1999-0433
all versions
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly
 CVE-1999-0241
all versions
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin