Количество 8
Количество 8
CVE-2017-18266
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
CVE-2017-18266
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
CVE-2017-18266
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
CVE-2017-18266
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does no ...
openSUSE-SU-2018:1596-1
Security update for xdg-utils
SUSE-SU-2018:1497-1
Security update for xdg-utils
GHSA-76r6-j2q8-m63q
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
BDU:2020-01814
Уязвимость функции open_envvar инструмента для настройки использования пользовательских приложений по умолчанию xdg-open, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-18266 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | CVSS3: 8.8 | 1% Низкий | больше 7 лет назад |
 | CVE-2017-18266 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | CVSS3: 4.4 | 1% Низкий | около 8 лет назад |
 | CVE-2017-18266 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | CVSS3: 8.8 | 1% Низкий | больше 7 лет назад |
| CVE-2017-18266 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does no ... | CVSS3: 8.8 | 1% Низкий | больше 7 лет назад |
 | openSUSE-SU-2018:1596-1 Security update for xdg-utils | 1% Низкий | больше 7 лет назад | |
| SUSE-SU-2018:1497-1 Security update for xdg-utils | 1% Низкий | больше 7 лет назад | |
| GHSA-76r6-j2q8-m63q The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
 | BDU:2020-01814 Уязвимость функции open_envvar инструмента для настройки использования пользовательских приложений по умолчанию xdg-open, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность | CVSS3: 8.8 | 1% Низкий | больше 7 лет назад |
Уязвимостей на страницу