📦

xdm

Vendor: xfree86_project

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 1.00% Exploit Prob.

Latest CVE CVE-2006-5215 Oct 10

Security Vulnerability Index

Page 1 / 1

2.6 CVSS

CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

EPSS: 0.08%

Severity: LOW

Oct 10, 2006

7.2 CVSS

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

EPSS: 0.13%

Severity: HIGH

Aug 30, 2006

7.5 CVSS

CVE-2004-0419

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

EPSS: 2.80%

Severity: HIGH

Aug 18, 2004

Displaying 3 of 1 Total Entries

Total 1 Sections