CVE-2002-1510 — CVSS 10.0 (critical): xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not…
CVE-2004-0083 — CVSS 10.0 (critical): Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary…
CVE-2004-0084 — CVSS 10.0 (critical): Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or…
CVE-2004-0914 — CVSS 10.0 (critical): Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows…
CVE-2007-1351 — CVSS 8.5 (high): Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier…
CVE-2004-0687 — CVSS 7.5 (high): Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c…
CVE-2001-1086 — CVSS 7.5 (high): XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which…
CVE-2004-0094 — CVSS 7.5 (high): Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when…
CVE-2002-1317 — CVSS 7.5 (high): Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of…
CVE-2004-0688 — CVSS 7.5 (high): Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4)…
CVE-2003-0730 — CVSS 7.5 (high): Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute…
CVE-2005-0605 — CVSS 7.5 (high): scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2004-0093 — CVSS 7.5 (high): XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index…
CVE-2003-0063 — CVSS 7.3 (high): The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape…
CVE-2000-0285 — CVSS 7.2 (high): Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
CVE-2001-1178 — CVSS 7.2 (high): Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
CVE-2001-1179 — CVSS 7.2 (high): xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
CVE-2004-0106 — CVSS 7.2 (high): Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities…
CVE-2002-1472 — CVSS 7.2 (high): Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root…
CVE-2001-0955 — CVSS 7.2 (high): Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of…
CVE-2000-0476 — CVSS 5.0 (medium): xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be…
CVE-2000-0620 — CVSS 5.0 (medium): libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite…
CVE-2000-0453 — CVSS 5.0 (medium): XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to…
CVE-2000-0504 — CVSS 5.0 (medium): libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the…
CVE-1999-0433 — CVSS 4.6 (medium): XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing…
CVE-2003-0071 — CVSS 2.1 (low): The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service…