3.3.3

DATE	CVE	VULNERABILITY TITLE	RISK
2005-03-02	CVE-2005-0605	Integer Overflow vulnerability in libXPM Bitmap_unit scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. network low complexity lesstif sgi x-org xfree86-project altlinux mandrakesoft redhat suse	7.5
2005-01-10	CVE-2004-0914	Multiple Unspecified vulnerability in LibXPM Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. network low complexity lesstif x-org xfree86-project gentoo redhat suse critical	10.0
2002-12-11	CVE-2002-1317	Remote Buffer Overrun vulnerability in Multiple Vendor X Font Server Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. network low complexity xfree86-project sgi hp sun	7.5
2001-07-04	CVE-2001-1086	Unspecified vulnerability in Xfree86 Project X11R6 3.3/3.3.3 XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. network low complexity xfree86-project	7.5
2000-06-19	CVE-2000-0620	libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop. network low complexity open-group xfree86-project	5.0
2000-06-19	CVE-2000-0504	libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. network low complexity gnome open-group xfree86-project	5.0
2000-06-01	CVE-2000-0476	Denial of Service vulnerability in Multiple Vendor xterm (and derivatives) xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized. network low complexity michael-jennings putty rxvt xfree86-project	5.0
1999-03-21	CVE-1999-0433	XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. local low complexity xfree86-project slackware redhat netbsd suse	4.6