EUVD-2017-8672

Malware in sbrugna...

EUVD-2017-8683

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-17535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

Linux Distros Unpatched Vulnerability : CVE-2017-17529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - af/util/xp/utgofile.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might all...

Linux Distros Unpatched Vulnerability : CVE-2017-17515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

Linux Distros Unpatched Vulnerability : CVE-2017-17517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

Linux Distros Unpatched Vulnerability : CVE-2017-17511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to...

Linux Distros Unpatched Vulnerability : CVE-2017-17531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

Linux Distros Unpatched Vulnerability : CVE-2017-17519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER...

Linux Distros Unpatched Vulnerability : CVE-2017-17530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

SUSE CVE-2017-17528

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

SUSE CVE-2017-17534

uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521...

SUSE CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

Command Injection

KildClient is vulnerable to command injection. Lack of validation of strings before launching the program specified by the BROWSER environment variable allows remote attackers to conduct argument-injection attacks via a malicious URL...

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

Updated lilypond packages fix security vulnerability

lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...

openSUSE Security Update : xdg-utils (openSUSE-2018-573)

This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...

[SECURITY] [DSA 4211-1] xdg-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. The application does not properly validate strings in the BROWSER environment variable, allowing a malicious user to inject and execute arbitrary commands...