XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433