MiracleLinux 7 : xdg-user-dirs-0.15-5.el7 (AXSA:2018-2892:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2892:01 advisory. xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy CVE-2017-15131 Tenable has extracted the preceding...

CVE-2025-15131

creationtimestamp| type| source ---|---|--- 2025-12-28 10:35:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mb24rrdzwn22 2026-01-07 22:10:46+00:00| published-proof-of-concept| Telegram/lOZ6HjRUeOxN7v7DAN8vyTQPy1ICgDn2OfrrqTzgtrYU...

Linux Distros Unpatched Vulnerability : CVE-2017-15131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask...

RHEL 6 : xdg-user-dirs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy...

Mageia: Security Advisory (MGASA-2018-0215)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-15131

In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...

CVE-2020-15131

The CVE-2020-15131 issue affects the npm package slp-validate prior to v1.2.2, where a wallet could yield false‑positive NFT1 Child Genesis validations (NFT1 tokens could appear valid without burning the NFT1 Group token as required by the NFT1 spec). This is a software validation flaw in the NFT...

Huawei EulerOS: Security Advisory for xdg-user-dirs (EulerOS-SA-2018-1024)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for xdg-user-dirs (EulerOS-SA-2018-1025)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for xdg-user-dirs (EulerOS-SA-2018-1181)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-15131

CVE-2019-15131 affects Code42 Enterprise versions 6.7.5 and earlier, 6.8.4–6.8.8, and 7.0.0. The vulnerability may allow arbitrary files to be uploaded to Code42 servers and executed, enabling creation of directories and saving files that could lead to code execution. The connected documents reit...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xdg-user-dirs Vulnerability (NS-SA-2019-0026)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xdg-user-dirs packages installed that are affected by a vulnerability: - It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user...

CVE-2018-15131

CVE-2018-15131 affects Synacor Zimbra Collaboration Suite: versions 8.6.x prior to 8.6.0 Patch 11, 8.7.x prior to 8.7.11 Patch 6, 8.8.x prior to 8.8.8 Patch 9, and 8.8.9 prior to 8.8.9 Patch 3. are vulnerable to account number enumeration due to inconsistent responses for certain authentication r...

EulerOS 2.0 SP3 : xdg-user-dirs (EulerOS-SA-2018-1181)

According to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lea...

Amazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)

It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user's files being inadvertently exposed to other local users.CVE-2017-15131 C Tenable Network Security, Inc. The descriptive text and package checks i...

Scientific Linux Security Update : xdg-user-dirs on SL7.x x86_64 (20180410)

Security Fixes : - xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy CVE-2017-15131 Additional Changes : C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid109459;...

CentOS 7 : xdg-user-dirs (CESA-2018:0842)

An update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

xdg security update

CentOS Errata and Security Advisory CESA-2018:0842 An update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Oracle Linux 7 : xdg-user-dirs (ELSA-2018-0842)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-0842 advisory. 0.15-5 - Start using autostart mechanism instead of xinitrc.d script Resolves: 1412762 Tenable has extracted the preceding description block directly from the...

RHEL 7 : xdg-user-dirs (RHSA-2018:0842)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:0842 advisory. xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories. Security Fixes:...