VYPR

Xfce

by Xfce

CVEs (6)

  • CVE-2022-45062Nov 9, 2022
    risk 0.00cvss epss 0.01

    In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

  • CVE-2022-32278Jun 13, 2022
    risk 0.00cvss epss 0.02

    XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.

  • CVE-2009-4996Sep 7, 2010
    risk 0.00cvss epss 0.00

    Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general…

  • CVE-2007-6531Jan 9, 2008
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be…

  • CVE-2007-6532Jan 9, 2008
    risk 0.00cvss epss 0.04

    Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."

  • CVE-2000-1060Dec 11, 2000
    risk 0.00cvss epss 0.00

    The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.