RSS   Vulnerabilities for 'XFCE'   RSS

2010-09-07
 
CVE-2009-4996

CWE-264
 

 
** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.

 
2008-01-09
 
CVE-2007-6532

CWE-noinfo
 

 
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."

 
 
CVE-2007-6531

CWE-119
 

 
Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.

 

 >>> Vendor: XFCE 2 Products
XFCE
Thunar


Copyright 2024, cxsecurity.com

 

Back to Top