89 matches found
CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linkedscripts/context/stubs/unix/mtxrun,...
CVE-2017-17515
etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this...
CVE-2017-17514
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...
CVE-2017-17521
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...
CVE-2017-17519
batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17531
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17530
common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a third party because no untrusted input can ...
CVE-2017-17521
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...
CVE-2017-17518
swt/motif/browser.c in Whitedune aka whitedune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being ...
CVE-2017-17511
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, allowing argument-injection/parameter-injection via a crafted URL (related to prefs.c and worldgui.c). Documented across multiple feeds (OSV, CNVD, Debian DLA references). The li...
CVE-2017-17532
examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17516
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17535
Removed by vendor...
CVE-2017-17520
Removed by vendor...
PT-2017-14825 · Vips +2 · Nip2 +2
Name of the Vulnerable Software and Affected Versions: nip2 version 8.4.0 Description: The issue concerns the lack of validation for strings before launching a program specified by the BROWSER environment variable, potentially allowing remote attackers to conduct argument-injection attacks via a...
PT-2017-14829 · White Dune +1 · White Dune +1
Name of the Vulnerable Software and Affected Versions: White dune version 0.30.10 Description: The issue concerns the lack of validation for strings before launching a program specified by the BROWSER environment variable in the swt/motif/browser.c file. This could potentially allow remote...
PT-2017-14826 · Ecmwf +1 · Metview +1
Name of the Vulnerable Software and Affected Versions: Metview version 4.7.3 Description: The issue concerns a lack of validation for strings before launching a program specified by the BROWSER environment variable, potentially allowing remote attackers to conduct argument-injection attacks via a...
PT-2017-14837 · Pasdoc · Pasdoc
Name of the Vulnerable Software and Affected Versions: PasDoc version 0.14 Description: The issue concerns the delphi gui/WWWBrowserRunnerDM.pas file in PasDoc 0.14, which does not validate strings before launching the program specified by the BROWSER environment variable. This might allow remote...
Design/Logic Flaw
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...