52 matches found
EUVD-2015-8669
Malware in sbrugna...
EUVD-2017-8684
Malware in sbrugna...
EUVD-2017-8694
Malware in sbrugna...
EUVD-2017-8672
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-17513
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attacke...
EulerOS 2.0 SP3 : xdg-utils (EulerOS-SA-2021-1861)
According to the version of the xdg-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER...
Command Injection
KildClient is vulnerable to command injection. Lack of validation of strings before launching the program specified by the BROWSER environment variable allows remote attackers to conduct argument-injection attacks via a malicious URL...
CVE-2018-10992
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...
MGASA-2018-0412 Updated lilypond packages fix security vulnerability
lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...
Updated scummvm packages fix security vulnerability
Updated scummvm package fixes security vulnerability ScummVM 1.8.1's POSIX backend does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL CVE-2017-17528. This...
openSUSE Security Update : xdg-utils (openSUSE-2018-573)
This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-18266
The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...
Design/Logic Flaw
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...
Design/Logic Flaw
The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...
CVE-2017-18266
CVE-2017-18266 applies to xdg-utils (xdg-open) where open_envvar does not validate strings before launching the program specified by BROWSER. The issue affects versions before 1.1.3 and can enable argument-injection via a crafted URL in the BROWSER value. Multiple connected advisories confirm ups...
[SECURITY] [DSA 4071-1] sensible-utils security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4071-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 21, 2017 https://www.debian.org/security/faq -...
CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linkedscripts/context/stubs/unix/mtxrun,...
CVE-2017-17535
lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17533
default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of th...
CVE-2017-17516
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...