Vulnerabilities > Xfree86 Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-6103 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | 6.6 |
| 2006-12-31 | CVE-2006-6101 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. | 6.6 |
| 2005-09-15 | CVE-2005-2495 | Numeric Errors vulnerability in Xfree86 Project Xfree86 Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. | 5.1 |
| 2000-12-19 | CVE-2000-0976 | Unspecified vulnerability in Xfree86 Project Xlib 3.3X Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. | 4.6 |
| 2000-12-11 | CVE-2000-1060 | Unspecified vulnerability in Xfree86 Project Xfce 3.5.1 The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. | 4.6 |
| 2000-06-19 | CVE-2000-0620 | libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop. | 5.0 |
| 2000-06-19 | CVE-2000-0504 | libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | 5.0 |
| 2000-05-18 | CVE-2000-0453 | Unspecified vulnerability in Xfree86 Project X11R6 3.3.5/3.3.6/4.0 XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000. | 5.0 |
| 1999-03-21 | CVE-1999-0433 | XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | 4.6 |