DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIANCVE:CVE-2017-17518", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2017-17518", "description": "** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because \u201cthe current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a \"BROWSER environment variable\". Instead, the \"browser\" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the \"options\" menu. The default is chosen in the ./configure script, which tests various programs, first tested is \"xdg-open\".\u201d", "published": "2017-12-14T16:29:00", "modified": "2017-12-14T16:29:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://security-tracker.debian.org/tracker/CVE-2017-17518", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2017-17518"], "immutableFields": [], "lastseen": "2022-07-04T06:02:58", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-17518"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-17518"]}], "rev": 4}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-17518"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-17518"]}]}, "exploitation": null, "vulnersScore": 5.4}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "whitedune_0.30.10-2.2_all.deb", "packageVersion": "0.30.10-2.2", "operator": "le", "status": "open", "packageName": "whitedune"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "whitedune_0.30.10-2.2_all.deb", "packageVersion": "0.30.10-2.2", "operator": "le", "status": "open", "packageName": "whitedune"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "whitedune_0.30.10-2.2_all.deb", "packageVersion": "0.30.10-2.2", "operator": "le", "status": "open", "packageName": "whitedune"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "whitedune_0.30.10-2.2_all.deb", "packageVersion": "0.30.10-2.2", "operator": "le", "status": "open", "packageName": "whitedune"}]}

{"cve": [{"lastseen": "2022-03-23T15:03:06", "description": "** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because \u201cthe current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a \"BROWSER environment variable\". Instead, the \"browser\" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the \"options\" menu. The default is chosen in the ./configure script, which tests various programs, first tested is \"xdg-open\".\u201d", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-14T16:29:00", "type": "cve", "title": "CVE-2017-17518", "cwe": ["CWE-74"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17518"], "modified": "2020-02-10T21:38:00", "cpe": ["cpe:/a:white_dune_project:white_dune:0.30.10"], "id": "CVE-2017-17518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17518", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:white_dune_project:white_dune:0.30.10:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-01-21T20:43:24", "description": "** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10\ndoes not validate strings before launching the program specified by the\nBROWSER environment variable, which might allow remote attackers to conduct\nargument-injection attacks via a crafted URL. NOTE: This issue is being\ndisputed as not being a vulnerability because \u201cthe current version of\nwhite_dune (1.369 at https://wdune.ourproject.org/) do not use a \"BROWSER\nenvironment variable\". Instead, the \"browser\" variable is read from the\n$HOME/.dunerc file (or from the M$Windows registry). It is configurable in\nthe \"options\" menu. The default is chosen in the ./configure script, which\ntests various programs, first tested is \"xdg-open\".\u201d", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-14T00:00:00", "type": "ubuntucve", "title": "CVE-2017-17518", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17518"], "modified": "2017-12-14T00:00:00", "id": "UB:CVE-2017-17518", "href": "https://ubuntu.com/security/CVE-2017-17518", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}