CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1472
https://notcve.org/view.php?id=CVE-2002-1472
03 Mar 2003 — Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. Vulnerabilidad de búsqueda en ruta no confiable en libX11.so en xfree86, cuando se usa en programas setuid o setid, permite a usuarios locales ganar privilegios de root mediante una variable de entorno LD_PRELOAD modificada que apunta a código malicioso. • http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1510
https://notcve.org/view.php?id=CVE-2002-1510
03 Mar 2003 — xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. xdm, con la variable authComplain puesta a falso, permite a atacantes arbitrarios conectar al servidor X si el directorio auth de xdm no existe. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533 •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2003-0063
https://notcve.org/view.php?id=CVE-2003-0063
03 Mar 2003 — The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. El emulador de terminal xterm en XFree86 4.2.0 permite a atacantes modificar el título de la ventana mediante cierta secuencia de caracter de escape y a continuación insertar... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2003-0071
https://notcve.org/view.php?id=CVE-2003-0071
03 Mar 2003 — The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. La capacidad de procesamiento DEC UDK en el emulador de terminal xterm de XFree86 4.2.0 permite a atacantes causar una denegación de servicio mediante cierta secuencia de carácter de escape que hace que el terminal entre en un bucle cerrado. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html •
CVSS: 9.8EPSS: 42%CPEs: 37EXPL: 1CVE-2002-1317 – XFree86 X11R6 3.3.x - Font Server Remote Buffer Overrun
https://notcve.org/view.php?id=CVE-2002-1317
11 Dec 2002 — Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. Desbordamiento de búfer en la rutina Dispatch() en el servidor de fuentes XFS (fs.auto) en Solaris 2.5.1 a 9 permite a atacantes remotos causar una denegación de servicio (caída) o ejecutar código arbitrario mediante una cierta petición XFS. • https://www.exploit-db.com/exploits/22036 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2001-0955
https://notcve.org/view.php?id=CVE-2001-0955
22 Sep 2001 — Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. • http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2001-1179
https://notcve.org/view.php?id=CVE-2001-1179
17 Jul 2001 — xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters. • http://www.securityfocus.com/archive/1/197498 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2001-1178 – XFree86 X11R6 3.3.2 XMan - ManPath Environment Variable Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-1178
11 Jul 2001 — Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. • https://www.exploit-db.com/exploits/21010 •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 3CVE-2001-1086 – XFree86 X11R6 3.3 XDM - Session Cookie Guessing
https://notcve.org/view.php?id=CVE-2001-1086
04 Jul 2001 — XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. • https://www.exploit-db.com/exploits/20993 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2000-0976 – XFree86 3.3.5/3.3.6 - Xlib Display Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0976
19 Dec 2000 — Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. • https://www.exploit-db.com/exploits/20294 •