Linux Distros Unpatched Vulnerability : CVE-2024-28184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs ...

xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

SUSE CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

AZL-7424 CVE-2020-27748 affecting package xdg-utils 1.1.3-7

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...