Lucene search
K

21 matches found

Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.30 views

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

8.8CVSS9.1AI score0.03256EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/05/03 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for xdg-utils (EulerOS-SA-2021-1861)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.02472EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.25 views

EulerOS 2.0 SP3 : xdg-utils (EulerOS-SA-2021-1861)

According to the version of the xdg-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER...

8.8CVSS6.8AI score0.02472EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2018:1497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.02472EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.28 views

openSUSE Security Update : xdg-utils (openSUSE-2019-420)

This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.8AI score0.02472EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.29 views

Fedora 28 : xdg-utils (2018-efd98d9a58)

New upstream bugfix release, includes security fix for CVE-2017-18266 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

8.8CVSS6.8AI score0.02472EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.18 views

openSUSE: Security Advisory for xdg-utils (openSUSE-SU-2018:1596-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.02472EPSS
Exploits0References2
Mageia
Mageia
added 2018/06/19 11:42 p.m.28 views

Updated xdg-utils package fixes security vulnerability

Updated xdg-utils package fixes security vulnerability: The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via ...

8.8CVSS6.3AI score0.02472EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/08 12:12 a.m.59 views

Security update for xdg-utils (important)

This update for xdg-utils fixes this security issues: - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...

5.9AI score0.02472EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/06/08 12:0 a.m.37 views

openSUSE Security Update : xdg-utils (openSUSE-2018-573)

This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.8AI score0.02472EPSS
Exploits0References2
OSV
OSV
added 2018/06/04 3:35 p.m.10 views

SUSE-SU-2018:1497-1 Security update for xdg-utils

This update for xdg-utils fixes the following issues: Security issue: - CVE-2017-18266: Fix an argument injection when BROWSER contains %s bsc1093086...

8.8CVSS8.9AI score0.02472EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/05/29 12:0 a.m.28 views

Debian DSA-4211-1 : xdg-utils - security update

Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a '%s' and the victim opens a link crafted by an attacker with xdg-open, the malicious party could...

8.8CVSS6.7AI score0.02472EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2018/05/27 12:0 a.m.26 views

Debian: Security Advisory (DLA-1384-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.02472EPSS
Exploits0References3
Debian
Debian
added 2018/05/25 9:2 p.m.26 views

[SECURITY] [DSA 4211-1] xdg-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...

8.8CVSS8.7AI score0.02472EPSS
Exploits0
Debian
Debian
added 2018/05/25 10:10 a.m.39 views

[SECURITY] [DLA 1384-1] xdg-utils security update

Package : xdg-utils Version : 1.1.0rc1+git20111210-6+deb7u4 CVE ID : CVE-2017-18266 Debian Bug : 898317 It was found that the openenvvar function in xdg-utils does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers t...

8.8CVSS8.8AI score0.02472EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/05/18 12:0 a.m.17 views

Fedora 27 : xdg-utils (2018-b753813bf0)

New upstream bugfix release, includes security fix for CVE-2017-18266 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

8.8CVSS6.8AI score0.02472EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/05/18 12:0 a.m.25 views

Fedora Update for xdg-utils FEDORA-2018-b753813bf0

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.02472EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/05/10 2:0 p.m.22 views

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

8.8CVSS8.1AI score0.02472EPSS
Exploits0
CVE
CVE
added 2018/05/10 2:0 p.m.143 views

CVE-2017-18266

CVE-2017-18266 applies to xdg-utils (xdg-open) where open_envvar does not validate strings before launching the program specified by BROWSER. The issue affects versions before 1.1.3 and can enable argument-injection via a crafted URL in the BROWSER value. Multiple connected advisories confirm ups...

8.8CVSS8.2AI score0.02472EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2018/05/10 2:0 p.m.30 views

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

8.3AI score0.02472EPSS
Exploits0References7
Rows per page
Query Builder