Vulnerabilities > Xfree86 Project > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-18 | CVE-2007-5760 | Local Privilege Escalation and Information Disclosure vulnerability in RETIRED: X.Org X Server Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. | 9.3 |
| 2006-12-31 | CVE-2006-6102 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | 10.0 |
| 2005-01-10 | CVE-2004-0914 | Multiple Unspecified vulnerability in LibXPM Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. | 10.0 |
| 2004-03-03 | CVE-2004-0084 | Buffer Overflow vulnerability in XFree86 CopyISOLatin1Lowered Font_Name Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. | 10.0 |
| 2004-03-03 | CVE-2004-0083 | Buffer Overflow vulnerability in XFree86 Font Information File Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. | 10.0 |
| 2003-03-03 | CVE-2002-1510 | Unspecified vulnerability in Xfree86 Project X11R6 xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. | 10.0 |
| 1995-11-01 | CVE-1999-0241 | Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. | 10.0 |