MidnightBSD

Advisories for windowmaker

CVE-1999-1064 HIGH

Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
windowmaker windowmaker *
CVE-2000-0018 HIGH

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
windowmaker wmmon 1.0b2
CVE-2000-0026 HIGH

Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco unixware 7.1
windowmaker wmmon 1.0b2
CVE-2001-1027 HIGH

Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
windowmaker windowmaker 0.62.1
windowmaker windowmaker 0.61
windowmaker windowmaker 0.62
windowmaker windowmaker 0.63.1
windowmaker windowmaker *
windowmaker windowmaker 0.61.1
windowmaker windowmaker 0.60
windowmaker windowmaker 0.63
CVE-2002-1277 HIGH

Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
windowmaker windowmaker 0.62.1
windowmaker windowmaker 0.62
windowmaker windowmaker 0.63.1
windowmaker windowmaker 0.20.1.3
windowmaker windowmaker 0.52.2
windowmaker windowmaker 0.65
windowmaker windowmaker 0.61
windowmaker windowmaker 0.53
windowmaker windowmaker 0.61.1
windowmaker windowmaker 0.80
windowmaker windowmaker 0.63
windowmaker windowmaker 0.64
CVE-2004-2714 MEDIUM

Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
windowmaker windowmaker 0.62.1
windowmaker windowmaker 0.65.1
windowmaker windowmaker 0.80.2
windowmaker windowmaker 0.62
windowmaker windowmaker 0.63.1
windowmaker windowmaker 0.20.1.3
windowmaker windowmaker 0.52.2
windowmaker windowmaker 0.65
windowmaker windowmaker 0.60.0
windowmaker windowmaker 0.61
windowmaker windowmaker 0.53
windowmaker windowmaker 0.61.1
windowmaker windowmaker 0.80
windowmaker windowmaker 0.60
windowmaker windowmaker 0.63
windowmaker windowmaker 0.64