Vulnerabilites related to freedesktop - xdg-utils
Vulnerability from fkie_nvd
Published
2009-01-07 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | xdg-utils | 1.0 | |
| mozilla | firefox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:xdg-utils:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9BD904-E0D0-4B42-A654-DB7C620C33DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file."
},
{
"lang": "es",
"value": "Error de interacci\u00f3n en xdg-open permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n enviando un archivo con un tipo MIME peligroso pero utilizando un tipo seguro que Firefox env\u00eda a xdg-open, lo que provoca que xdg-open procese el archivo de tipo peligroso mediante una detecci\u00f3n de tipo autom\u00e1tica, como se demostr\u00f3 sobrescribiendo el archivo .desktop."
}
],
"id": "CVE-2009-0068",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-07T19:30:00.313",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/01/06/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/33137"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=19377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/01/06/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=19377"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-10 14:29
Modified
2024-11-21 03:19
Severity ?
Summary
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | xdg-utils | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:xdg-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A02FF8D-D825-4D34-B929-9296A6108D94",
"versionEndExcluding": "1.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable."
},
{
"lang": "es",
"value": "La funci\u00f3n open_envvar en xdg-open en xdg-utils en versiones anteriores a la 1.1.3 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto permite que atacantes remotos lleven a cabo ataques de inyecci\u00f3n de argumentos mediante una URL manipulada, tal y como demuestra %s en esta variable de entorno."
}
],
"id": "CVE-2017-18266",
"lastModified": "2024-11-21T03:19:43.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-10T14:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103807"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3650-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3650-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-01 14:15
Modified
2024-11-21 05:21
Severity ?
Summary
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1899769 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1899769 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | xdg-utils | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:xdg-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC0E0DB-5173-4AB8-BE8F-B142FBE8E3F9",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en el componente xdg-email de xdg-utils versiones 1.1.0-rc1 y posteriores. Al manejar mailto: URIs, xdg-email permite que los adjuntos se agreguen discretamente por medio del URI cuando se pasan a Thunderbird. Un atacante podr\u00eda enviar a la v\u00edctima un URI que adjunte autom\u00e1ticamente un archivo confidencial a un nuevo correo electr\u00f3nico. Si un usuario v\u00edctima no nota de que se agreg\u00f3 un archivo adjunto y env\u00eda el correo electr\u00f3nico, esto podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n confidencial. Se ha confirmado que el c\u00f3digo detr\u00e1s de este problema est\u00e1 en xdg-email y no en Thunderbird"
}
],
"id": "CVE-2020-27748",
"lastModified": "2024-11-21T05:21:45.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-01T14:15:08.387",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899769"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2025-04-29 19:15
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Summary
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | xdg-utils | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:xdg-utils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F69C0408-E439-4FF5-A724-E33B46B41275",
"versionEndIncluding": "1.1.3",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."
},
{
"lang": "es",
"value": "Cuando xdg-mail est\u00e1 configurado para usar Thunderbird para URL de correo, el an\u00e1lisis incorrecto de la URL puede provocar que se pasen encabezados adicionales a Thunderbird que no deber\u00edan incluirse seg\u00fan RFC 2368. Un atacante puede usar este m\u00e9todo para crear una URL de correo que parezca segura a los usuarios, pero en realidad adjuntar\u00e1 archivos cuando se haga clic en ellos."
}
],
"id": "CVE-2022-4055",
"lastModified": "2025-04-29T19:15:53.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-19T00:15:31.003",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-146"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-02 17:15
Modified
2024-11-21 02:26
Severity ?
Summary
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | xdg-utils | 1.1.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:xdg-utils:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7211834-2C76-4B2D-A4BB-F197AB37D45E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n open_generic_xdg_mime en xdg-open en xdg-utils versi\u00f3n 1.1.0 rc1 en Debian, cuando se usa dash, no maneja apropiadamente las variables locales, lo que permite a atacantes remotos ejecutar comandos arbitrarios por medio de un archivo dise\u00f1ado"
}
],
"id": "CVE-2015-1877",
"lastModified": "2024-11-21T02:26:19.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T17:15:08.037",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3165"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/7"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/9"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72675"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=89129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=89129"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-0068 (GCVE-0-2009-0068)
Vulnerability from cvelistv5
Published
2009-01-07 19:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:16.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33137",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33137"
},
{
"name": "[oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/06/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=19377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-10T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "33137",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33137"
},
{
"name": "[oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/06/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=19377"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33137"
},
{
"name": "[oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/06/1"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=19377",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=19377"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0068",
"datePublished": "2009-01-07T19:00:00",
"dateReserved": "2009-01-07T00:00:00",
"dateUpdated": "2024-08-07T04:24:16.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4055 (GCVE-0-2022-4055)
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2025-04-29 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T18:55:33.721446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T18:55:59.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xdg-utils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "xdg-utils 1.1.0 to and including 1.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-146",
"description": "CWE-146",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4055",
"datePublished": "2022-11-18T00:00:00.000Z",
"dateReserved": "2022-11-17T00:00:00.000Z",
"dateUpdated": "2025-04-29T18:55:59.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52968 (GCVE-0-2025-52968)
Vulnerability from cvelistv5
Published
2025-06-23 00:00
Modified
2025-06-23 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-420 - Unprotected Alternate Channel
Summary
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| freedesktop | xdg-utils |
Version: 0 ≤ 1.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T15:37:38.295673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T15:37:55.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "xdg-utils",
"vendor": "freedesktop",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:xdg-utils:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T16:18:03.769Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/tag/?h=v1.2.1"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/23/1"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52968",
"datePublished": "2025-06-23T00:00:00.000Z",
"dateReserved": "2025-06-23T00:00:00.000Z",
"dateUpdated": "2025-06-23T16:18:03.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27748 (GCVE-0-2020-27748)
Vulnerability from cvelistv5
Published
2021-06-01 13:15
Modified
2024-08-04 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xdg-utils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "xdg-utils-1.1.0-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T13:15:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xdg-utils",
"version": {
"version_data": [
{
"version_value": "xdg-utils-1.1.0-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1899769",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899769"
},
{
"name": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27748",
"datePublished": "2021-06-01T13:15:11",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18266 (GCVE-0-2017-18266)
Vulnerability from cvelistv5
Published
2018-05-10 14:00
Modified
2024-08-05 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog"
},
{
"name": "USN-3650-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3650-1/"
},
{
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1384-1] xdg-utils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html"
},
{
"name": "DSA-4211",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4211"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog"
},
{
"name": "USN-3650-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3650-1/"
},
{
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1384-1] xdg-utils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html"
},
{
"name": "DSA-4211",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4211"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb",
"refsource": "MISC",
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb"
},
{
"name": "https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog",
"refsource": "MISC",
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog"
},
{
"name": "USN-3650-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3650-1/"
},
{
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1384-1] xdg-utils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html"
},
{
"name": "DSA-4211",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4211"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=103807",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103807"
},
{
"name": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2",
"refsource": "MISC",
"url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18266",
"datePublished": "2018-05-10T14:00:00",
"dateReserved": "2018-05-10T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1877 (GCVE-0-2015-1877)
Vulnerability from cvelistv5
Published
2021-06-02 16:34
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=89129"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-02T16:34:34",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=89129"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/72675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-1877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=89129",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=89129"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/02/18/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/7"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/02/18/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/9"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722"
},
{
"name": "http://www.debian.org/security/2015/dsa-3165",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3165"
},
{
"name": "http://www.securityfocus.com/bid/72675",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/72675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-1877",
"datePublished": "2021-06-02T16:34:34",
"dateReserved": "2015-02-18T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}