SUSE CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

EulerOS 2.0 SP3 : xdg-utils (EulerOS-SA-2021-1861)

According to the version of the xdg-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER...

Updated xdg-utils package fixes security vulnerability

Updated xdg-utils package fixes security vulnerability: The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via ...

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

xdg-utils xdg-open 'open_envvar' function injection vulnerability

xdg-utils is a set of command line tools used to help integrate applications with various desktop tasks. xdg-open is one of these programs for opening files or URLs. A security vulnerability in the 'openenvvar' function of xdg-open in versions of xdg-utils prior to 1.1.3 stems from the program's...

CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

Design/Logic Flaw

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

CVE-2017-18266

CVE-2017-18266 applies to xdg-utils (xdg-open) where open_envvar does not validate strings before launching the program specified by BROWSER. The issue affects versions before 1.1.3 and can enable argument-injection via a crafted URL in the BROWSER value. Multiple connected advisories confirm ups...