Xfce

xfce

8 CVEs • 4 products

Products (4)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45062 3Debian FedoraprojectXfce 3Debian Linux FedoraXfce4 Settings May 1, 2025 Nov 9, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
CVE-2022-32278 2Debian Xfce 2Debian Linux Exo Nov 21, 2024 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
CVE-2021-32563 1Xfce 1Thunar Nov 21, 2024 May 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation...Show more An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.Show less
CVE-2011-1588 3Debian OpensuseXfce 3Debian Linux OpensuseThunar Nov 21, 2024 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
CVE-2018-18398 1Xfce 2Thunar Xfce Nov 21, 2024 Oct 19, 2018 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary lo...Show more Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.Show less
CVE-2009-4996 1Xfce 1Xfce Apr 29, 2026 Sep 7, 2010 N/A· v4 N/A· v3 7.2 HIGH· v2 Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a r...Show more Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environmentsShow less
CVE-2007-6532 1Xfce 1Xfce Apr 23, 2026 Jan 9, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory...Show more Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."Show less
CVE-2007-6531 1Xfce 1Xfce Apr 23, 2026 Jan 9, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_...Show more Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.Show less