CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 1CVE-2018-18398
https://notcve.org/view.php?id=CVE-2018-18398
19 Oct 2018 — Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. Xfce Thunar 1.6.15, cuando se emplea Xfce 4.12, gestiona de manera incorrecta el método de entrada IBus-Unikey para las búsquedas de archivo en File Manager, lo que conduce a una lectura fuera de límites y a un SEGV... • https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4996
https://notcve.org/view.php?id=CVE-2009-4996
07 Sep 2010 — Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments ** IMPUGNADA ** Xfce4-session en Xfce no bloquea la pantalla cuando se pulsa e... • http://bugzilla.xfce.org/show_bug.cgi?id=4805 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2007-6532
https://notcve.org/view.php?id=CVE-2007-6532
09 Jan 2008 — Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management." Una vulnerabilidad de doble liberación en la Biblioteca Widgets (libxfcegui4) en Xfce versiones anteriores a 4.4.2, podría permitir a atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos relacionados al "cliend id, program name and working d... • http://bugs.gentoo.org/show_bug.cgi?id=201292 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2007-6531
https://notcve.org/view.php?id=CVE-2007-6531
09 Jan 2008 — Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability. Desbordamiento de búfer basado en pila en el componente Panel (xfce4-panel) para Xfce anterior a 4.4.2 podría permitir a atacantes remotos ejecutar código de su e... • http://bugs.gentoo.org/show_bug.cgi?id=201289 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2000-1060
https://notcve.org/view.php?id=CVE-2000-1060
11 Dec 2000 — The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html •