Lucene search
K

173 matches found

EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42435

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : mailcap vulnerability (USN-8518-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8518-1 advisory. Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of...

8.8CVSS6.5AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-10037

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 6 days ago24 views

CVE-2026-10037

CVE-2026-10037 describes a sandbox escape in Ubuntu’s OpenJDK packages. The issue arises from .jar MIME handlers installed by these packages executing files marked as executable when the mailcap package is present. A compromised sandboxed application with access to the OpenURI portal via xdg-desk...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-10037 Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago5 views

CVE-2026-10037 Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References1
Ubuntu
Ubuntu
added 6 days ago4 views

USN-8518-1: mailcap vulnerability

Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxed application and execute arbitrary code on the host operating system...

8.8CVSS6.5AI score0.0012EPSS
Exploits0
OSV
OSV
added 6 days ago3 views

USN-8518-1 mailcap vulnerability

Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxed application and execute arbitrary code on the host operating system...

8.8CVSS6.5AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago15 views

PT-2026-56604

Name of the Vulnerable Software and Affected Versions OpenJDK packages provided in Ubuntu affected versions not specified Description A sandbox escape issue exists where .jar MIME handlers execute files marked as executable if the mailcap package is installed. A malicious sandboxed application wi...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Python 3.7, Python 2.7

In Python aka CPython, up to version 3.10.8, the mailcap module does not add escape characters to commands found in the system’s mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if those commands lack validation of...

8CVSS7AI score0.07269EPSS
Exploits1References2
OSV
OSV
added 2026/02/26 10:58 p.m.11 views

CLSA-2026-1772146735 python: Fix of CVE-2015-20107

CVE-2015-20107: fix shell command injection vulnerability in the mailcap module...

8CVSS5.8AI score0.07269EPSS
Exploits1References1
OSV
OSV
added 2026/02/25 4:54 p.m.11 views

CLSA-2026-1772038463 python: Fix of CVE-2015-20107

CVE-2015-20107: fix shell command injection vulnerability in the mailcap module...

8CVSS5.8AI score0.07269EPSS
Exploits1References1
OSV
OSV
added 2026/02/25 4:41 p.m.9 views

CLSA-2026-1772037700 python: Fix of CVE-2015-20107

CVE-2015-20107: fix shell command injection vulnerability in the mailcap module...

8CVSS5.8AI score0.07269EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : python3-3.6.8-47.el8.ML.1 (AXSA:2022-3849:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3849:02 advisory. pythonmailcap: findmatch function does not sanitise the second argument CVE-2015-20107 python: urllib.parse does not sanitize URLs containing ASCII...

8CVSS7.4AI score0.08325EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : python3.9-3.9.14-1.el9 (AXSA:2022-4524:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4524:02 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107 python: open redirection vulnerability in lib/http/server.p...

8CVSS7.5AI score0.07269EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.6 views

CVE-1999-0365

The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry...

7.5CVSS7.3AI score0.04057EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.7 views

EulerOS Virtualization 2.13.0 : python3 (EulerOS-SA-2025-2595)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted...

9.8CVSS8.1AI score0.27095EPSS
Exploits21References14
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.7 views

EulerOS Virtualization 2.13.1 : python3 (EulerOS-SA-2025-2560)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted...

9.8CVSS8.1AI score0.27095EPSS
Exploits21References14
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in a Command (CVE-2015-20107)

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

8CVSS6.8AI score0.07269EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.10 views

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2308)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attacke...

9.8CVSS8.1AI score0.27095EPSS
Exploits21References14
Rows per page
Query Builder