Lucene search
K

89 matches found

Prion
Prion
added 2018/05/11 10:29 p.m.19 views

Design/Logic Flaw

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

7.5CVSS8.5AI score0.02109EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2018/05/11 10:0 p.m.29 views

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

9.8CVSS9AI score0.01501EPSS
Exploits0
Prion
Prion
added 2018/05/10 2:29 p.m.15 views

Design/Logic Flaw

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

6.8CVSS8.3AI score0.02472EPSS
Exploits0References7Affected Software3
Debian CVE
Debian CVE
added 2018/05/10 2:0 p.m.34 views

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

8.8CVSS8.1AI score0.02472EPSS
Exploits0
CNVD
CNVD
added 2017/12/15 12:0 a.m.4 views

nip2 Parameter Injection Vulnerability

nip2 is a GUI for the VIPS image processing library. A parameter injection vulnerability exists in nip2 8.4.0. The vulnerability arises because boxes.c in nip2 does not validate strings before starting a program specified by the BROWSER environment variable. A remote attacker could exploit this...

8.8CVSS7.4AI score0.01685EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/15 12:0 a.m.2 views

KildClient Parameter Injection Vulnerability

KildClient is a MUD client written in GTK+ Window Toolkit. A parameter injection vulnerability exists in KildClient 3.1.0. The vulnerability arises because KildClient does not validate strings before starting a program specified by the BROWSER environment variable. A remote attacker can exploit...

8.8CVSS7.4AI score0.01685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/12/14 8:49 p.m.32 views

CVE-2017-17521

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...

8.8CVSS5.6AI score0.01834EPSS
Exploits0References1
NVD
NVD
added 2017/12/14 4:29 p.m.17 views

CVE-2017-17535

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.01221EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/12/14 4:29 p.m.26 views

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS7.2AI score0.0122EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/12/14 4:29 p.m.25 views

CVE-2017-17519

batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS7.2AI score0.0122EPSS
Exploits0References3
Prion
Prion
added 2017/12/14 4:29 p.m.15 views

Design/Logic Flaw

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

6.8CVSS8.4AI score0.01221EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/12/14 4:29 p.m.8 views

Design/Logic Flaw

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

6.8CVSS8.3AI score0.01643EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/12/14 4:29 p.m.14 views

CVE-2017-17526

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.01221EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/12/14 4:29 p.m.28 views

CVE-2017-17527

delphigui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code...

8.8CVSS7.2AI score0.01633EPSS
Exploits0References3
NVD
NVD
added 2017/12/14 4:29 p.m.28 views

CVE-2017-17516

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.0122EPSS
Exploits0References1
NVD
NVD
added 2017/12/14 4:29 p.m.36 views

CVE-2017-17521

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...

8.8CVSS8.4AI score0.01834EPSS
Exploits0References1
Prion
Prion
added 2017/12/14 4:29 p.m.22 views

Design/Logic Flaw

DISPUTED swt/motif/browser.c in Whitedune aka whitedune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as n...

6.8CVSS8.3AI score0.01716EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2017/12/14 4:29 p.m.27 views

CVE-2017-17526

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS7.2AI score0.01221EPSS
Exploits0References3
Prion
Prion
added 2017/12/14 4:29 p.m.20 views

Design/Logic Flaw

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c...

6.8CVSS8.4AI score0.01685EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2017/12/14 4:29 p.m.9 views

CVE-2017-17526

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.8AI score0.01221EPSS
Exploits0References1
Rows per page
Query Builder