rpm package
opensuse/global&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/global&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38448 | Cri | 9.1 | < 6.6.13-1.1 | 6.6.13-1.1 | Jun 16, 2024 | htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. | |
| CVE-2017-17531 | Hig | 8.8 | < 6.6.6-1.3 | 6.6.6-1.3 | Dec 14, 2017 | gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. |
- affected < 6.6.13-1.1fixed 6.6.13-1.1
htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used.
- affected < 6.6.6-1.3fixed 6.6.6-1.3
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.