This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor xfree86 Project First view 2001-09-22
Product X11R6 Last view 2005-03-02
Version 4.0.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:xfree86_project:x11r6

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2005-03-02 CVE-2005-0605

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
10 2005-01-10 CVE-2004-0914

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
7.5 2004-10-20 CVE-2004-0688

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
7.5 2004-10-20 CVE-2004-0687

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
2.1 2003-03-03 CVE-2003-0071

The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
7.5 2003-03-03 CVE-2003-0063

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
7.2 2001-09-22 CVE-2001-0955

Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-81 Web Logs Tampering
CAPEC-93 Log Injection-Tampering-Forging

Open Source Vulnerability Database (OSVDB)

id Description
60459 XFree xterm DEC UDK Processing Feature Window Title Escape Sequence DoS
60279 XFree86 xterm Window Title Escape Sequence Arbitrary Command Execution
14373 libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow
14000 XFree86 fbglyph.c Remote Overflow
13999 XFree86 xterm -title Parameter Overflow
11991 X11 libXpm Multiple Unspecified Loops / Leaks DoS
11990 X11 libXpm Unspecified Path Traversal
11989 X11 libXpm Unspecified Out-of-bounds Memory DoS
11988 X11 libXpm Unspecified Multiple Overflows
10034 libXpm ParseAndPutPixels Function Stack Overflow
10033 libXpm ParsePixels Function Integer Overflow
10032 libXpm CreateXImage Function Integer Overflow
10031 libXpm XpmCreateImageFromXpmImage Function Integer Overflow
10030 libXpm xpmParseColors Function Integer Overflow
10029 libXpm xpmParseColors Function XPMv2/3 Parsing Stack Overflow
10028 libXpm xpmParseColors Function XPMv1 Parsing Stack Overflow
10027 libXpm ParsePixels Function Stack Overflow
10026 libXpm ParseAndPutPixels Function Integer Overflow

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-02-03 Name : Solaris Update for Runtime library for Solaris 10 119281-22
File : nvt/gb_solaris_119281_22.nasl
2010-02-03 Name : Solaris Update for CDE 1.6 119280-22
File : nvt/gb_solaris_119280_22.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for openmotif
File : nvt/sles9p5020391.nasl
2009-10-10 Name : SLES9: Security update for XFree86-libs
File : nvt/sles9p5016773.nasl
2009-10-10 Name : SLES9: Security update for OpenMotif
File : nvt/sles9p5014940.nasl
2009-10-10 Name : SLES9: Security update for openmotif
File : nvt/sles9p5010938.nasl
2009-01-07 Name : Fedora Core 9 FEDORA-2009-0059 (xterm)
File : nvt/fcore_2009_0059.nasl
2009-01-07 Name : FreeBSD Ports: xterm
File : nvt/freebsd_xterm.nasl
2009-01-07 Name : Fedora Core 8 FEDORA-2009-0154 (xterm)
File : nvt/fcore_2009_0154.nasl
2009-01-07 Name : Fedora Core 10 FEDORA-2009-0091 (xterm)
File : nvt/fcore_2009_0091.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-15 (X.org)
File : nvt/glsa_200503_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-34 (X)
File : nvt/glsa_200409_34.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200410-09 (lesstif)
File : nvt/glsa_200410_09.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-28 (X.Org, XFree86)
File : nvt/glsa_200411_28.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-06 (lesstif)
File : nvt/glsa_200502_06.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-07 (openmotif)
File : nvt/glsa_200502_07.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-08 (openmotif)
File : nvt/glsa_200503_08.nasl
2008-09-04 Name : FreeBSD Ports: linux-gdk-pixbuf
File : nvt/freebsd_linux-gdk-pixbuf.nasl
2008-09-04 Name : FreeBSD Ports: linux_base
File : nvt/freebsd_linux_base.nasl
2008-09-04 Name : xpm -- image decoding vulnerabilities
File : nvt/freebsd_agenda-snow-libs.nasl
2008-01-17 Name : Debian Security Advisory DSA 723-1 (xfree86)
File : nvt/deb_723_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 607-1 (xfree86)
File : nvt/deb_607_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 561-1 (xfree86)
File : nvt/deb_561_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2010-03-29 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_10_6_3.nasl - Type: ACT_GATHER_INFO
2010-03-29 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2010-002.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9399.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-0091.nasl - Type: ACT_GATHER_INFO
2009-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2009-0154.nasl - Type: ACT_GATHER_INFO
2009-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2009-0059.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-198.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-331.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-412.nasl - Type: ACT_GATHER_INFO
2006-06-06 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_33132.nasl - Type: ACT_GATHER_INFO
2006-06-06 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_33130.nasl - Type: ACT_GATHER_INFO
2006-06-06 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_33129.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-27-1.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-83-1.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-83-2.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-92-1.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-97-1.nasl - Type: ACT_GATHER_INFO
2005-10-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-816.nasl - Type: ACT_GATHER_INFO
2005-09-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-815.nasl - Type: ACT_GATHER_INFO
2005-09-12 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-273.nasl - Type: ACT_GATHER_INFO
2005-08-18 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2005-007.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_ef253f8b072711d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_bf2e7483d3fa440d8c6e8f1f2f018818.nasl - Type: ACT_GATHER_INFO