Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : xdg-utils-1.1.3-13.el9_6 (AXSA:2025-10482:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10482:01 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...

7.4CVSS7.3AI score0.00652EPSS
Exploits1References2
OSV
OSV
added 2025/10/04 12:11 a.m.5 views

RLSA-2025:7672 Moderate: xdg-utils security update

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop. Security Fixes: xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 For more details about the security issues...

7.4CVSS7.3AI score0.00652EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/06/24 11:21 p.m.4 views

SUSE CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

2.7CVSS6.9AI score0.00183EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/05/15 1:5 p.m.8 views

xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

7.4CVSS5.8AI score0.00652EPSS
Exploits1References5
OSV
OSV
added 2021/06/22 11:2 a.m.4 views

OESA-2021-1228 xdg-utils security update

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. The following tools are included in xdg-utils: xdg-desktop-menu Install desktop menu items xdg-desktop-icon Install icons to the desktop xdg-icon-resource Install...

6.5CVSS6.6AI score0.01443EPSS
Exploits1References2
OSV
OSV
added 2021/06/01 2:15 p.m.2 views

DEBIAN-CVE-2020-27748

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...

6.5CVSS6.5AI score0.01443EPSS
Exploits1References1
OSV
OSV
added 2021/01/12 12:44 p.m.3 views

USN-4649-2 xdg-utils regression

USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Original advisory details: Jens Mueller discovered that xdg-utils incorrectly handl...

6.5CVSS6.8AI score0.01443EPSS
Exploits1References2
OSV
OSV
added 2020/11/26 1:57 p.m.2 views

USN-4649-1 xdg-utils vulnerability

Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information...

6.5CVSS6.8AI score0.01443EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/11/26 12:0 a.m.6 views

xdg-utils Security Vulnerabilities

Freedesktop Xdg-utils is a software from the Xdg organization that provides integrated functionality for desktop systems. A security vulnerability exists in xdg-utils that can be exploited by an attacker to bypass access restrictions to xdg-utils data in order to obtain sensitive information...

6.5CVSS6.8AI score0.01443EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2020/10/07 12:0 a.m.8 views

The vulnerability of the xdg-utils lies in the lack of measures to sanitize input data, allowing an attacker to execute arbitrary code within the application context.

The vulnerability of the xdg-utils package is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the application, by injecting commands into the URL...

7.3CVSS8.1AI score0.03256EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2015/01/23 12:0 a.m.3 views

xdg-utils Eval Injection Vulnerability

xdg-utils is a set of command line tools used to help applications integrate with various desktop tasks. An Eval injection vulnerability exists in xdg-utils version 1.1.0 RC1. An attacker can exploit this vulnerability to execute arbitrary code with the help of the 'URL' parameter...

6.8CVSS8.2AI score0.03256EPSS
Exploits1References1
OSV
OSV
added 2015/01/21 6:59 p.m.5 views

UBUNTU-CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

6.8CVSS7.6AI score0.03256EPSS
Exploits1References2
Rows per page
Query Builder