Home

CVE-2022-32278

Description

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.805

Associated Vulnerability

VulnerabilityOS Platform
exo security update(DSA-5164-1) exo-utils_4.16.0-1+deb11u1_i386.debLinux
exo security update(DSA-5164-1) exo-utils_4.16.0-1+deb11u1_amd64.debLinux
exo security update(DSA-5164-1) exo-utils_0.12.4-1+deb10u1_i386.debLinux
exo security update(DSA-5164-1) exo-utils_0.12.4-1+deb10u1_amd64.debLinux
exo security update(DSA-5164-1) libexo-helpers_0.12.4-1+deb10u1_all.debLinux
exo security update(DSA-5164-1) libexo-common_4.16.0-1+deb11u1_all.debLinux
exo security update(DSA-5164-1) libexo-common_0.12.4-1+deb10u1_all.debLinux
exo security update(DSA-5164-1) libexo-2-dev_4.16.0-1+deb11u1_i386.debLinux
exo security update(DSA-5164-1) libexo-2-dev_4.16.0-1+deb11u1_amd64.debLinux
exo security update(DSA-5164-1) libexo-2-dev_0.12.4-1+deb10u1_i386.debLinux
exo security update(DSA-5164-1) libexo-2-dev_0.12.4-1+deb10u1_amd64.debLinux
exo security update(DSA-5164-1) libexo-2-0_4.16.0-1+deb11u1_i386.debLinux
exo security update(DSA-5164-1) libexo-2-0_4.16.0-1+deb11u1_amd64.debLinux
exo security update(DSA-5164-1) libexo-2-0_0.12.4-1+deb10u1_i386.debLinux
exo security update(DSA-5164-1) libexo-2-0_0.12.4-1+deb10u1_amd64.debLinux
exo security update(DSA-5164-1) libexo-1-dev_0.12.4-1+deb10u1_i386.debLinux
exo security update(DSA-5164-1) libexo-1-dev_0.12.4-1+deb10u1_amd64.debLinux
exo security update(DSA-5164-1) libexo-1-0_0.12.4-1+deb10u1_i386.debLinux
exo security update(DSA-5164-1) libexo-1-0_0.12.4-1+deb10u1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234