Azure Linux 3.0 Security Update: xdg-utils (CVE-2022-4055)

The version of xdg-utils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4055 advisory. - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to...

EUVD-2014-9435

Malware in sbrugna...

EUVD-2015-1983

Malware in sbrugna...

EUVD-2020-20252

Malware in sbrugna...

xdg-utils security update

An update is available for xdg-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The xdg-utils package is a set of simple scripts that provide basic desktop...

RockyLinux 9 : xdg-utils (RLSA-2025:7672)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:7672 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2025-52968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to,...

ROOT-OS-DEBIAN-12-CVE-2020-27748 CVE-2020-27748 in rootio-xdg-utils - Patched by Root

Root has patched CVE-2020-27748 in the rootio-xdg-utils package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2022-4055 CVE-2022-4055 in rootio-xdg-utils - Patched by Root

Root has patched CVE-2022-4055 in the rootio-xdg-utils package for Root:Debian:12. Multiple fixed versions available...

NewStart CGSL MAIN 7.02 : xdg-utils Vulnerability (NS-SA-2025-0195)

The remote NewStart CGSL host, running version MAIN 7.02, has xdg-utils packages installed that are affected by a vulnerability: - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not...

AlmaLinux 9 : xdg-utils (ALSA-2025:7672)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:7672 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...

CVE-2025-52968

A potential Cross-site request forgery CSRF flaw was found in xdg-utils. The xdg-open function in xdg-utils through version 1.2.1 can send requests containing SameSite=Strict cookies, facilitating a Cross-site request forgery CSRF attack vector. Mitigation Mitigation for this issue is either not...

DEBIAN-CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

AZL-64296 CVE-2025-52968 affecting package xdg-utils 1.2.1-3

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

UBUNTU-CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

xdg-utils 安全漏洞

xdg-utils is a software from the xdg organization that provides integrated functionality for desktop systems. A security vulnerability exists in xdg-utils versions 1.2.1 and earlier, which stems from the fact that xdg-open may send requests containing a SameSite=Strict cookie, which could lead to...

PT-2025-26609 · Xdg-Utils +1 · Xdg-Utils +1

Name of the Vulnerable Software and Affected Versions: xdg-utils versions 1.1.0 through 1.2.1 xdg-utils version 1.2.1 Description: The issue concerns xdg-open in xdg-utils, which can send requests containing SameSite=Strict cookies. This can facilitate Cross-Site Request Forgery CSRF attacks. The...

CVE-2025-52968

CVE-2025-52968 concerns xdg-open (xdg-utils) up to version 1.2.1, where the tool can send requests carrying SameSite=Strict cookies, potentially enabling CSRF. The OSV entry and NVD/NVD-derived records describe the vulnerable component as xdg-open invoked via xdg-utils and cite a scenario where b...