21 matches found
Advisory ROSA-SA-2021-2001
Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...
Huawei EulerOS: Security Advisory for xdg-utils (EulerOS-SA-2021-1861)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : xdg-utils (EulerOS-SA-2021-1861)
According to the version of the xdg-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER...
SUSE: Security Advisory (SUSE-SU-2018:1497-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : xdg-utils (openSUSE-2019-420)
This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...
Fedora 28 : xdg-utils (2018-efd98d9a58)
New upstream bugfix release, includes security fix for CVE-2017-18266 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
openSUSE: Security Advisory for xdg-utils (openSUSE-SU-2018:1596-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated xdg-utils package fixes security vulnerability
Updated xdg-utils package fixes security vulnerability: The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via ...
Security update for xdg-utils (important)
This update for xdg-utils fixes this security issues: - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...
openSUSE Security Update : xdg-utils (openSUSE-2018-573)
This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...
SUSE-SU-2018:1497-1 Security update for xdg-utils
This update for xdg-utils fixes the following issues: Security issue: - CVE-2017-18266: Fix an argument injection when BROWSER contains %s bsc1093086...
Debian DSA-4211-1 : xdg-utils - security update
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a '%s' and the victim opens a link crafted by an attacker with xdg-open, the malicious party could...
Debian: Security Advisory (DLA-1384-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4211-1] xdg-utils security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1384-1] xdg-utils security update
Package : xdg-utils Version : 1.1.0rc1+git20111210-6+deb7u4 CVE ID : CVE-2017-18266 Debian Bug : 898317 It was found that the openenvvar function in xdg-utils does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers t...
Fedora 27 : xdg-utils (2018-b753813bf0)
New upstream bugfix release, includes security fix for CVE-2017-18266 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora Update for xdg-utils FEDORA-2018-b753813bf0
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-18266
The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...
CVE-2017-18266
CVE-2017-18266 applies to xdg-utils (xdg-open) where open_envvar does not validate strings before launching the program specified by BROWSER. The issue affects versions before 1.1.3 and can enable argument-injection via a crafted URL in the BROWSER value. Multiple connected advisories confirm ups...
CVE-2017-18266
The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...