VYPR

xe-utils

by xe-utils

CVEs (3)

  • CVE-2024-57074HigFeb 5, 2025
    risk 0.49cvss 7.5epss 0.00

    A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2015-1877Jun 2, 2021
    risk 0.00cvss epss 0.03

    The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.

  • CVE-2017-18266HigMay 10, 2018
    risk 0.00cvss 8.8epss 0.02

    The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s…