Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Python Subscribe
Filtered by product Pyxdg
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12761 1 Python 1 Pyxdg 2021-08-03 5.1 MEDIUM 7.5 HIGH
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.
CVE-2014-1624 1 Python 1 Pyxdg 2017-08-28 3.3 LOW N/A
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.