Lucene search
MitreCVELIST:CVE-2018-10992HistoryMay 11, 2018 - 10:00 p.m.
CVE-2018-10992
2018-05-1122:00:00
mitre
www.cve.org
5
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.
References
Related
cve
cve
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
osv
osv
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
lilypond-2.23.3-1.3 on GA media
2024-06-15 00:00:00
debiancve
debiancve
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
nvd
nvd
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
redhatcve
redhatcve
CVE-2018-10992
2019-05-14 12:24:17
prion
prion
Design/Logic Flaw
2018-05-11 22:29:00
Design/Logic Flaw
2017-12-11 06:29:00
ubuntucve
ubuntucve
CVE-2018-10992
2018-05-11 00:00:00
CVE-2017-17523
2017-12-11 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0412)
2022-01-28 00:00:00
openSUSE: Security Advisory for lilypond (openSUSE-SU-2018:1360-1)
2018-05-21 00:00:00
nessus
nessus
openSUSE Security Update : lilypond (openSUSE-2018-487)
2018-05-21 00:00:00
cvelist
cvelist
CVE-2017-17523
2017-12-11 06:00:00
mageia
mageia
Updated lilypond packages fix security vulnerability
2018-10-26 21:47:14
suse
suse
Security update for lilypond (moderate)
2018-05-21 03:07:38