Lucene search
K

30 matches found

Cvelist
Cvelist
added 2006/10/09 9:0 p.m.30 views

CVE-2006-5215

The Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file...

6.1AI score0.00304EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2006/10/09 9:0 p.m.36 views

CVE-2006-5214

Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...

1.2CVSS2AI score0.00351EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/04/21 12:0 a.m.32 views

Fedora Core 5 : gdm-2.14.1-1.fc5.2 (2006-338)

Notes taken from upstream release mail - The sockets connection between the slaves and the GDM daemon is now better managed to better ensure that sockets are never left open. Brian Cameron - Corrected bug that causes a core dump when you click on gdmgreeter fields that have an id. Brian Cameron -...

3.7CVSS5.5AI score0.00272EPSS
Exploits0References2
securityvulns
securityvulns
added 2005/03/18 12:0 a.m.32 views

Novell Netware Xsession Authentication Bypass

No description provided...

2.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/08/22 12:0 a.m.31 views

GDM symbolic links problem

.xsession-errors file in user's home is open with root permissions without checking for symlinks...

1.1AI score
Exploits0References1Affected Software1
CVE
CVE
added 2001/09/12 4:0 a.m.55 views

CVE-1999-1347

CVE-1999-1347 affects Red Hat Linux 6.1 and earlier. The vulnerability arises in Xsession, where local users with restricted accounts can bypass execution of the .xsession file by starting a desktop session (KDE, GNOME or similar) from KDM. This bypass allows the user to run with the environmenta...

4.6CVSS6.9AI score0.00451EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.20 views

CVE-2000-1059

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges...

6.5AI score0.00407EPSS
Exploits0References4
CVE
CVE
added 2001/01/22 5:0 a.m.55 views

CVE-2000-1059

The CVE-2000-1059 issue affects Mandrake Linux 7.0 and 7.1, where the default /etc/X11/Xsession configuration disables Xauthority via an "xhost + localhost" setting. This allows local users to connect to an X server on the localhost, potentially sniffing X Windows events and escalating privileges...

7.2CVSS6.5AI score0.00407EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2000/12/11 5:0 a.m.15 views

CVE-2000-1059

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges...

7.2CVSS6.5AI score0.00407EPSS
Exploits0References4
NVD
NVD
added 1999/10/07 4:0 a.m.15 views

CVE-1999-1347

Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm...

4.6CVSS6.5AI score0.00451EPSS
Exploits0References1
Rows per page
Query Builder