Showing 1 - 3 of 3

CVE-2022-45062

Status Candidate

Overview

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

Ubuntu Security Notice USN-6141-1: Posted Jun 6, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6141-1 - Robin Peraglie and Johannes Moritz discovered that xfce4-settings incorrectly parsed quoted input when processed through xdg-open. A remote attacker could possibly use this issue to inject arbitrary arguments into the default browser or file manager.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2022-45062; SHA-256 | 2f043764bc68fb396b2e0122391243701d80409155bba15c5060fdb94c8b99b6; Download | Favorite | View

Gentoo Linux Security Advisory 202305-05: Posted May 3, 2023; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202305-5 - A vulnerability has been discovered in xfce4-settings which could result in universal cross site scripting (uXSS). Versions less than 4.17.1 are affected.; tags | advisory, xss; systems | linux, gentoo; advisories | CVE-2022-45062; SHA-256 | fd1ac35c491ad1ad25a93321306d39c2c2d99d312563570dd3a94cb667f35df0; Download | Favorite | View

Debian Security Advisory 5296-1: Posted Dec 7, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5296-1 - Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications for opening links, this bug could be exploited by an attacker to run arbitrary code on an user machine by providing a malicious PDF file with specifically crafted links.; tags | advisory, arbitrary; systems | linux, debian; advisories | CVE-2022-45062; SHA-256 | 5313fb47906b2d901e10c9452bdc90cb3b55ceae32efa216ba1a94c0076fec3a; Download | Favorite | View

Page 1 of 1 Back 1 Next