Lucene search
+L

89 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-8672

Malware in sbrugna...

8.8CVSS8.6AI score0.01685EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.15 views

EUVD-2017-8683

Malware in sbrugna...

8.8CVSS8.6AI score0.02127EPSS
Exploits0References6
nessus
nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-17535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

8.8CVSS7.2AI score0.01221EPSS
Exploits0References2
nessus
nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-17515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

8.8CVSS8AI score0.01635EPSS
Exploits0References2
nessus
nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-17529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - af/util/xp/utgofile.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might all...

8.8CVSS7.1AI score0.01221EPSS
Exploits0References3
nessus
nessus
added 2025/08/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-17517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

8.8CVSS7.4AI score0.01221EPSS
Exploits0References3
nessus
nessus
added 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-17511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to...

8.8CVSS7.8AI score0.01685EPSS
Exploits0References2
nessus
nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-17531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

8.8CVSS7.8AI score0.01228EPSS
Exploits0References2
nessus
nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-17519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER...

8.8CVSS7.2AI score0.0122EPSS
Exploits0References3
nessus
nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-17530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

8.8CVSS7.9AI score0.01495EPSS
Exploits1References2
susecve
susecve
added 2023/02/15 4:36 a.m.4 views

SUSE CVE-2017-17528

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.9AI score0.01643EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 4:36 a.m.5 views

SUSE CVE-2017-17534

uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521...

8.8CVSS8.6AI score0.0122EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 4:35 a.m.5 views

SUSE CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

5.3CVSS8.5AI score0.02493EPSS
Exploits0References5
rosalinux
rosalinux
added 2021/07/02 6:21 p.m.30 views

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

8.8CVSS9.1AI score0.03256EPSS
Exploits1
veracode
veracode
added 2020/09/21 6:27 a.m.22 views

Command Injection

KildClient is vulnerable to command injection. Lack of validation of strings before launching the program specified by the BROWSER environment variable allows remote attackers to conduct argument-injection attacks via a malicious URL...

8.8CVSS6AI score0.01685EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2019/05/14 12:24 p.m.33 views

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

9.8CVSS5.8AI score0.02127EPSS
Exploits0References1
mageia
mageia
added 2018/10/26 6:47 p.m.53 views

Updated lilypond packages fix security vulnerability

lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...

8.8CVSS5.6AI score0.02127EPSS
Exploits0References2
nessus
nessus
added 2018/06/08 12:0 a.m.37 views

openSUSE Security Update : xdg-utils (openSUSE-2018-573)

This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.8AI score0.02493EPSS
Exploits0References2
debian
debian
added 2018/05/25 9:2 p.m.23 views

[SECURITY] [DSA 4211-1] xdg-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...

6.8CVSS2AI score0.02493EPSS
Exploits0
veracode
veracode
added 2018/05/23 7:50 a.m.25 views

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. The application does not properly validate strings in the BROWSER environment variable, allowing a malicious user to inject and execute arbitrary commands...

8.8CVSS9.1AI score0.01834EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder