Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2022-4055

Low priority
Vulnerable

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to...

1 affected package

xdg-utils

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xdg-utils Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2015-1877

Medium priority
Not affected

The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.

1 affected package

xdg-utils

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xdg-utils
Show less packages

CVE-2020-27748

Low priority
Ignored

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could...

1 affected package

xdg-utils

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xdg-utils Ignored Ignored Ignored
Show less packages

CVE-2017-18266

Medium priority
Fixed

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection...

1 affected package

xdg-utils

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xdg-utils Fixed Fixed
Show less packages

CVE-2014-9622

Medium priority
Ignored

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

1 affected package

xdg-utils

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xdg-utils
Show less packages

CVE-2009-0068

Low priority
Ignored

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file...

1 affected package

xdg-utils

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xdg-utils
Show less packages

CVE-2008-0386

Low priority
Not affected

Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.

1 affected package

xdg-utils

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xdg-utils
Show less packages