CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2017/12/14 4:29 p.m.•6 views

CVE-2017-17519

batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.8AI score0.0122EPSS

OSV•added 2017/12/14 4:29 p.m.•6 views

CVE-2017-17515

etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this...

8.8CVSS8.6AI score0.01635EPSS

OSV•added 2017/12/14 4:29 p.m.•5 views

UBUNTU-CVE-2017-17516

8.8CVSS5.8AI score0.0122EPSS

8.8CVSS7.5AI score0.03595EPSS

AZL-6823 CVE-2017-17522 affecting package python2 for versions less than 2.7.18-8

Exploits1References1

8.8CVSS6.9AI score0.0122EPSS

DEBIAN-CVE-2017-17516

OSV•added 2017/12/14 4:29 p.m.•6 views

CVE-2017-17526

8.8CVSS6.8AI score0.01221EPSS

OSV•added 2017/12/14 4:29 p.m.•17 views

CVE-2017-17524

library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.9AI score0.0122EPSS

8.8CVSS8.4AI score0.03595EPSS

DEBIAN-CVE-2017-17522

Exploits1References1

OSV•added 2017/12/14 4:29 p.m.•1 views

DEBIAN-CVE-2017-17521

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...

8.8CVSS7.1AI score0.01834EPSS

OSV•added 2017/12/14 4:29 p.m.•3 views

DEBIAN-CVE-2017-17515

8.8CVSS7.2AI score0.01635EPSS

OSV•added 2017/12/14 4:29 p.m.•0 views

UBUNTU-CVE-2017-17511

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c...

8.8CVSS7.3AI score0.01685EPSS

Exploits0References5

8.8CVSS7.3AI score0.01685EPSS

UBUNTU-CVE-2017-17514

DISPUTED boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the...

8.8CVSS8.1AI score0.01685EPSS

DEBIAN-CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

OSV•added 2017/12/14 4:29 p.m.•3 views

UBUNTU-CVE-2017-17524

8.8CVSS5.8AI score0.0122EPSS

OSV•added 2017/12/14 4:29 p.m.•4 views

UBUNTU-CVE-2017-17520

DISPUTED tools/urlhandler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional...

8.8CVSS5.8AI score0.01896EPSS

NVD•added 2017/12/14 4:29 p.m.•19 views

CVE-2017-17517

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.01221EPSS