Every CVE whose affected-product data names Freedesktop Xdg-utils, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2015-1877 — CVSS 8.8 (high): The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables…
CVE-2017-18266 — CVSS 8.8 (high): The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the…
CVE-2022-4055 — CVSS 7.4 (high): When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to…
CVE-2009-0068 — CVSS 6.8 (medium): Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a…
CVE-2020-27748 — CVSS 6.5 (medium): A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to…