28 matches found
EUVD-2017-8677
Malware in sbrugna...
EUVD-2018-3043
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-17534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...
Linux Distros Unpatched Vulnerability : CVE-2017-17526
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allo...
Linux Distros Unpatched Vulnerability : CVE-2017-17518
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - swt/motif/browser.c in Whitedune aka whitedune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, whi...
SUSE CVE-2017-17514
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...
SUSE CVE-2017-17521
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...
SUSE CVE-2017-17516
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
DEBIAN-CVE-2018-10992
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...
DEBIAN-CVE-2017-18266
The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...
UBUNTU-CVE-2017-18266
The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...
GNU GLOBAL 'gozilla.c' Arbitrary Code Execution Vulnerability
GNU GLOBAL is a software tool used to label program code for easy reading. An arbitrary code execution vulnerability exists in the GNU GLOBAL 'gozilla.c' handling of the BROWSER environment variable, which can be exploited by a remote attacker to submit a special URL request to execute arbitrary...
DEBIAN-CVE-2017-17532
examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17531
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17528
backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
UBUNTU-CVE-2017-17517
libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
DEBIAN-CVE-2017-17518
swt/motif/browser.c in Whitedune aka whitedune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being ...
UBUNTU-CVE-2017-17532
examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
UBUNTU-CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
DEBIAN-CVE-2017-17517
libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...