Lucene search
Redhat.comRH:CVE-2018-10992HistoryMay 14, 2019 - 12:24 p.m.
CVE-2018-10992
2019-05-1412:24:17
redhat.com
access.redhat.com
10
EPSS
0.006
Percentile
78.9%
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.
Related
cve
cve
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
debiancve
debiancve
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
osv
osv
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
lilypond-2.23.3-1.3 on GA media
2024-06-15 00:00:00
nvd
nvd
CVE-2018-10992
2018-05-11 22:29:00
CVE-2017-17523
2017-12-11 06:29:00
prion
prion
Design/Logic Flaw
2018-05-11 22:29:00
Design/Logic Flaw
2017-12-11 06:29:00
cvelist
cvelist
CVE-2018-10992
2018-05-11 22:00:00
CVE-2017-17523
2017-12-11 06:00:00
ubuntucve
ubuntucve
CVE-2018-10992
2018-05-11 00:00:00
CVE-2017-17523
2017-12-11 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0412)
2022-01-28 00:00:00
openSUSE: Security Advisory for lilypond (openSUSE-SU-2018:1360-1)
2018-05-21 00:00:00
nessus
nessus
openSUSE Security Update : lilypond (openSUSE-2018-487)
2018-05-21 00:00:00
suse
suse
Security update for lilypond (moderate)
2018-05-21 03:07:38
mageia
mageia
Updated lilypond packages fix security vulnerability
2018-10-26 21:47:14