Lucene search
K

89 matches found

Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.25 views

CVE-2017-17513

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linkedscripts/context/stubs/unix/mtxrun,...

8.8CVSS8.6AI score0.01281EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.20 views

CVE-2017-17515

etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this...

8.8CVSS8.7AI score0.01635EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.28 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.6AI score0.01685EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.26 views

CVE-2017-17521

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...

8.8CVSS6.9AI score0.01834EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.20 views

CVE-2017-17519

batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.0122EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.25 views

CVE-2017-17531

gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.4AI score0.01228EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.54 views

CVE-2017-17530

common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a third party because no untrusted input can ...

8.8CVSS8.7AI score0.01495EPSS
Exploits1
Cvelist
Cvelist
added 2017/12/14 4:0 p.m.38 views

CVE-2017-17521

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...

8.5AI score0.01834EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/14 4:0 p.m.15 views

CVE-2017-17518

swt/motif/browser.c in Whitedune aka whitedune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being ...

8.4AI score0.01716EPSS
Exploits0References1
CVE
CVE
added 2017/12/14 4:0 p.m.61 views

CVE-2017-17511

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, allowing argument-injection/parameter-injection via a crafted URL (related to prefs.c and worldgui.c). Documented across multiple feeds (OSV, CNVD, Debian DLA references). The li...

8.8CVSS8.4AI score0.01685EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/12/14 4:0 p.m.17 views

CVE-2017-17532

examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.5AI score0.01635EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.20 views

CVE-2017-17516

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.0122EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.25 views

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.0122EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.21 views

CVE-2017-17535

Removed by vendor...

8.8CVSS8.9AI score0.01221EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.28 views

CVE-2017-17520

Removed by vendor...

8.8CVSS8.8AI score0.01896EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2017/12/14 12:0 a.m.6 views

PT-2017-14825 · Vips +2 · Nip2 +2

Name of the Vulnerable Software and Affected Versions: nip2 version 8.4.0 Description: The issue concerns the lack of validation for strings before launching a program specified by the BROWSER environment variable, potentially allowing remote attackers to conduct argument-injection attacks via a...

8.8CVSS8.6AI score0.01685EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2017/12/14 12:0 a.m.4 views

PT-2017-14829 · White Dune +1 · White Dune +1

Name of the Vulnerable Software and Affected Versions: White dune version 0.30.10 Description: The issue concerns the lack of validation for strings before launching a program specified by the BROWSER environment variable in the swt/motif/browser.c file. This could potentially allow remote...

8.8CVSS8.5AI score0.01716EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2017/12/14 12:0 a.m.5 views

PT-2017-14826 · Ecmwf +1 · Metview +1

Name of the Vulnerable Software and Affected Versions: Metview version 4.7.3 Description: The issue concerns a lack of validation for strings before launching a program specified by the BROWSER environment variable, potentially allowing remote attackers to conduct argument-injection attacks via a...

8.8CVSS8.8AI score0.01635EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2017/12/14 12:0 a.m.6 views

PT-2017-14837 · Pasdoc · Pasdoc

Name of the Vulnerable Software and Affected Versions: PasDoc version 0.14 Description: The issue concerns the delphi gui/WWWBrowserRunnerDM.pas file in PasDoc 0.14, which does not validate strings before launching the program specified by the BROWSER environment variable. This might allow remote...

8.8CVSS8.8AI score0.01633EPSS
Exploits0References8
Prion
Prion
added 2017/12/11 6:29 a.m.16 views

Design/Logic Flaw

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

6.8CVSS8.7AI score0.02109EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder