CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45062 – Gentoo Linux Security Advisory 202305-05
https://notcve.org/view.php?id=CVE-2022-45062
09 Nov 2022 — In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. En Xfce xfce4-settings anterior a 4.16.4 y 4.17.x anterior a 4.17.1, existe una vulnerabilidad de inyección de argumentos en xfce4-mime-helper. Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications ... • https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32278 – Ubuntu Security Notice USN-6008-1
https://notcve.org/view.php?id=CVE-2022-32278
13 Jun 2022 — XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. XFCE versión 4.16, permite a atacantes ejecutar código arbitrario porque xdg-open puede ejecutar un archivo .desktop en un servidor FTP controlado por el atacante It was discovered that exo, a support library for the Xfce desktop environment, would allow executing remote .desktop files. In some scenario, an attacker could use this vulnerability to trick an user an execute a... • https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-32563 – Gentoo Linux Security Advisory 202402-20
https://notcve.org/view.php?id=CVE-2021-32563
11 May 2021 — An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. Se detectó un problema en Thunar versiones anteriores a 4.16.7 y versiones 4.17.x anteriores a 4.17.2. Cuando es llamado con un archivo normal como argumento de línea de comandos, es delegado en un programa diferente (según el tipo de arch... • http://www.openwall.com/lists/oss-security/2021/05/11/3 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1588
https://notcve.org/view.php?id=CVE-2011-1588
14 Nov 2019 — Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. Thunar en versiones anteriores a la 1.3.1 podría bloquearse cuando se copia y pega un nombre de archivo con caracteres de formato % debido a un error de cadena de formato. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00008.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 1CVE-2018-18398
https://notcve.org/view.php?id=CVE-2018-18398
19 Oct 2018 — Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. Xfce Thunar 1.6.15, cuando se emplea Xfce 4.12, gestiona de manera incorrecta el método de entrada IBus-Unikey para las búsquedas de archivo en File Manager, lo que conduce a una lectura fuera de límites y a un SEGV... • https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4996
https://notcve.org/view.php?id=CVE-2009-4996
07 Sep 2010 — Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments ** IMPUGNADA ** Xfce4-session en Xfce no bloquea la pantalla cuando se pulsa e... • http://bugzilla.xfce.org/show_bug.cgi?id=4805 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-6531
https://notcve.org/view.php?id=CVE-2007-6531
09 Jan 2008 — Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability. Desbordamiento de búfer basado en pila en el componente Panel (xfce4-panel) para Xfce anterior a 4.4.2 podría permitir a atacantes remotos ejecutar código de su e... • http://bugs.gentoo.org/show_bug.cgi?id=201289 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2007-6532
https://notcve.org/view.php?id=CVE-2007-6532
09 Jan 2008 — Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management." Una vulnerabilidad de doble liberación en la Biblioteca Widgets (libxfcegui4) en Xfce versiones anteriores a 4.4.2, podría permitir a atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos relacionados al "cliend id, program name and working d... • http://bugs.gentoo.org/show_bug.cgi?id=201292 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •