Lucene search
+L
FreedesktopXdg-utils

5 matches found

CVE
CVE
added 2021/06/01 1:15 p.m.265 views

CVE-2020-27748

CVE-2020-27748 affects xdg-utils’ xdg-email in 1.1.0-rc1 and newer. Handling mailto: URIs, xdg-email can discreetly attach a file to an email sent to Thunderbird, via code in xdg-email (not Thunderbird). This can lead to exposure of sensitive data if a user unknowingly sends the email with the at...

6.5CVSS6.1AI score0.01443EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.207 views

CVE-2022-4055

CVE-2022-4055 affects xdg-utils (xdg-mail) when configured to use Thunderbird for mailto URLs; improper parsing can pass extra headers to Thunderbird that should not be included per RFC 2368, enabling a mailto URL that appears safe but attaches files when clicked. The related Nessus advisories (e...

7.4CVSS7.1AI score0.00652EPSS
CVE
CVE
added 2018/05/10 2:0 p.m.144 views

CVE-2017-18266

CVE-2017-18266 applies to xdg-utils (xdg-open) where open_envvar does not validate strings before launching the program specified by BROWSER. The issue affects versions before 1.1.3 and can enable argument-injection via a crafted URL in the BROWSER value. Multiple connected advisories confirm ups...

8.8CVSS8.2AI score0.02493EPSS
CVE
CVE
added 2021/06/02 4:34 p.m.89 views

CVE-2015-1877

CVE-2015-1877 relates to the open_generic_xdg_mime function in xdg-open (xdg-utils 1.1.0 rc1) on Debian with dash. The root cause is improper handling of local variables, which enables remote attackers to execute arbitrary commands via a crafted file. Documented impact is command execution with h...

8.8CVSS8.5AI score0.03214EPSS
CVE
CVE
added 2009/01/07 7:0 p.m.61 views

CVE-2009-0068

CVE-2009-0068 affects the xdg-open component of xdg-utils. The flaw arises from an interaction error where a file sent with a dangerous MIME type but wrapped as a safe type is processed via automatic type detection, enabling remote attackers to execute arbitrary code (demonstrated by overwriting ...

6.8CVSS7.5AI score0.02164EPSS