Lucene search
K

482 matches found

Mageia
Mageia
added 2017/12/31 3:51 p.m.44 views

Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.8CVSS2.9AI score0.73927EPSS
Exploits6References2
Debian
Debian
added 2017/12/21 8:36 p.m.27 views

[SECURITY] [DSA 4071-1] sensible-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4071-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 21, 2017 https://www.debian.org/security/faq -...

8.8CVSS8.7AI score0.02217EPSS
Exploits1
OSV
OSV
added 2017/12/20 9:29 a.m.49 views

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS9.5AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2017/12/14 9:22 p.m.16 views

CVE-2017-17513

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linkedscripts/context/stubs/unix/mtxrun,...

8.8CVSS5.7AI score0.01281EPSS
Exploits0References1
NVD
NVD
added 2017/12/14 4:29 p.m.17 views

CVE-2017-17533

default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of th...

8.8CVSS8.6AI score0.01633EPSS
Exploits0References1
NVD
NVD
added 2017/12/14 4:29 p.m.17 views

CVE-2017-17535

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.01221EPSS
Exploits0References1
Prion
Prion
added 2017/12/14 4:29 p.m.19 views

Design/Logic Flaw

uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521...

6.8CVSS8.4AI score0.01834EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/12/14 4:29 p.m.7 views

Design/Logic Flaw

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

6.8CVSS8.3AI score0.01643EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/12/14 4:29 p.m.24 views

Design/Logic Flaw

DISPUTED etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this...

6.8CVSS8.6AI score0.01635EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2017/12/14 4:29 p.m.28 views

CVE-2017-17516

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.0122EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/12/14 4:29 p.m.30 views

CVE-2017-17535

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS7.3AI score0.01221EPSS
Exploits0References3
NVD
NVD
added 2017/12/14 4:29 p.m.24 views

CVE-2017-17525

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.0122EPSS
Exploits0References1
NVD
NVD
added 2017/12/14 4:29 p.m.23 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.6AI score0.01685EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/12/14 4:29 p.m.19 views

CVE-2017-17534

uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521...

8.8CVSS6.9AI score0.0122EPSS
Exploits0References3
OSV
OSV
added 2017/12/14 4:29 p.m.27 views

CVE-2017-17516

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.9AI score0.0122EPSS
Exploits0References1
OSV
OSV
added 2017/12/14 4:29 p.m.11 views

CVE-2017-17517

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6.8AI score0.01221EPSS
Exploits0References1
OSV
OSV
added 2017/12/14 4:29 p.m.13 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.5AI score0.01685EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/12/14 4:0 p.m.16 views

CVE-2017-17532

examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.5AI score0.01635EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/14 4:0 p.m.24 views

CVE-2017-17511

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c...

8.5AI score0.01685EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/12/14 4:0 p.m.21 views

CVE-2017-17531

gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.3AI score0.01228EPSS
Exploits0References2
Rows per page
Query Builder