xdg-utils xdg-open 'open_envvar' function injection vulnerability

xdg-utils is a set of command line tools used to help integrate applications with various desktop tasks. xdg-open is one of these programs for opening files or URLs. A security vulnerability in the 'openenvvar' function of xdg-open in versions of xdg-utils prior to 1.1.3 stems from the program's...

Design/Logic Flaw

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

Design/Logic Flaw

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

UBUNTU-CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

SUSE SLED12 / SLES12 Security Update : zsh (SUSE-SU-2018:1072-1)

This update for zsh fixes the following issues : - CVE-2014-10070: environment variable injection could lead to local privilege escalation bnc1082885 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. bnc1082977 - CVE-2014-10072: buffer overflow In utils.c when scanning...

CVE-2017-2802

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. ...

The vulnerability of the dynamic loader ld.so, which is responsible for system calls and core functions of glibc, allows a attacker to trigger a memory corruption.

The vulnerability of the dynamic loader ld.so, which provides system calls and core functions of the glibc library, is related to resource management errors. Exploiting this vulnerability allows an attacker to trigger a memory leak by using the environment variable LDHWCAPMASK...

CVE-2014-10070

Mode C: CVE-2014-10070 affects zsh prior to 5.0.7, where environment-imported initial values of integer variables may be evaluated instead of literals when zsh is invoked in privilege-elevation contexts with unsanitized env (e.g., sudo with env_reset disabled). This can enable local privilege esc...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

Security update for lame (important)

This update for lame fixes the following issues: Lame was updated to version 3.100: Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection New switch --gain decibel, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the...

glibc $ORIGIN Expansion Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...

web2py environment variable value vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in web2py versions prior to 2.14.1. When a user uses the standalone version, an attacker can exploit the vulnerability by...

CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

CVE-2016-3952

web2py (standalone) before 2.14.1 is affected by CVE-2016-3952: an attacker can request examples/template_examples/beautify to obtain environment variable values, which can be leveraged to gain administrative access. The issue aligns with documented exposure of sensitive information in web2py-rel...

Twisted: sets environmental variable based on user supplied Proxy request header

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...