12 matches found
MiracleLinux 9 : xdg-utils-1.1.3-13.el9_6 (AXSA:2025-10482:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10482:01 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...
RLSA-2025:7672 Moderate: xdg-utils security update
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop. Security Fixes: xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 For more details about the security issues...
SUSE CVE-2025-52968
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...
xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...
OESA-2021-1228 xdg-utils security update
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. The following tools are included in xdg-utils: xdg-desktop-menu Install desktop menu items xdg-desktop-icon Install icons to the desktop xdg-icon-resource Install...
DEBIAN-CVE-2020-27748
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...
USN-4649-2 xdg-utils regression
USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Original advisory details: Jens Mueller discovered that xdg-utils incorrectly handl...
USN-4649-1 xdg-utils vulnerability
Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information...
xdg-utils Security Vulnerabilities
Freedesktop Xdg-utils is a software from the Xdg organization that provides integrated functionality for desktop systems. A security vulnerability exists in xdg-utils that can be exploited by an attacker to bypass access restrictions to xdg-utils data in order to obtain sensitive information...
The vulnerability of the xdg-utils lies in the lack of measures to sanitize input data, allowing an attacker to execute arbitrary code within the application context.
The vulnerability of the xdg-utils package is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the application, by injecting commands into the URL...
xdg-utils Eval Injection Vulnerability
xdg-utils is a set of command line tools used to help applications integrate with various desktop tasks. An Eval injection vulnerability exists in xdg-utils version 1.1.0 RC1. An attacker can exploit this vulnerability to execute arbitrary code with the help of the 'URL' parameter...
UBUNTU-CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...