Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13324

A vulnerability has been identified in the GNOME Geary package within its mailto URI handling component. This flaw occurs because the email client automatically processes a non-standard attach parameter in email links without prompting or alerting the user. An attacker could exploit this by...

6.5CVSS5.8AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/15 1:5 p.m.8 views

xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

7.4CVSS5.8AI score0.00652EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.3 views

SUSE CVE-2017-5078

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as have an...

8.8CVSS9.1AI score0.02775EPSS
Exploits0References5
OSV
OSV
added 2021/06/22 11:2 a.m.3 views

OESA-2021-1228 xdg-utils security update

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. The following tools are included in xdg-utils: xdg-desktop-menu Install desktop menu items xdg-desktop-icon Install icons to the desktop xdg-icon-resource Install...

6.5CVSS6.6AI score0.01443EPSS
Exploits1References2
OSV
OSV
added 2017/10/27 5:29 a.m.2 views

CVE-2017-5078

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as have an...

8.8CVSS7.3AI score0.02775EPSS
Exploits0References6
OSV
OSV
added 2017/10/27 5:29 a.m.11 views

UBUNTU-CVE-2017-5078

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as have an...

8.8CVSS7.3AI score0.02775EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2017/06/08 12:9 a.m.44 views

Security update for chromium (important)

This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth...

0.6AI score0.31212EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/06/08 12:0 a.m.43 views

openSUSE Security Update : chromium (openSUSE-2017-661)

This update to Chromium 59.0.3071.86 fixes the following security issues : - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetoot...

8.8CVSS7.3AI score0.31212EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2017/06/08 12:0 a.m.37 views

Google Chrome < 59.0.3071.86 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 59.0.3071.86. It is, therefore, affected by multiple vulnerabilities as referenced in the 201706stable-channel-update-for-desktop advisory. - A use after free in credit card autofill in Google Chrome prior to 59.0.3071....

8.8CVSS7.7AI score0.31212EPSS
Exploits1References34
Positive Technologies
Positive Technologies
added 2006/04/26 12:0 a.m.5 views

PT-2006-3039 · Microsoft +1 · Outlook +1

Name of the Vulnerable Software and Affected Versions: Avant Browser version 10.1 Build 17 Description: The issue allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler. This can be demonstrated by...

5CVSS6.8AI score0.01823EPSS
Exploits0References6
Rows per page
Query Builder