Xfree86 Project » Xfce : Security Vulnerabilities, CVEs,
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2000-12-11
Updated
2018-05-03
1 vulnerabilities found