RHEL 8 : pyxdg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pyxdg: code injection via crafted python code CVE-2019-12761 Note that Nessus has not tested for this issue but has...

SUSE CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

SUSE SLES15 Security Update : python-pyxdg (SUSE-SU-2022:2997-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2997-1 advisory. - CVE-2019-12761: Fixed a code injection issue in Category elements of a Menu XML bsc1137627. Tenable has extracted the preceding descriptio...

SUSE-SU-2022:2997-1 Security update for python-pyxdg

This update for python-pyxdg fixes the following issues: - CVE-2019-12761: Fixed a code injection issue in Category elements of a Menu XML bsc1137627...

Debian: Security Advisory (DLA-1819-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: OSV:GHSA-R6V3-HPXJ-R8RV...

CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: OSV:PYSEC-2019-199...

CVE-2019-12761

CVE-2019-12761 affects PyXDG prior to 0.26. A code injection issue arises via crafted Python in a Category element of a Menu XML (.menu) file, triggered when XDG_CONFIG_DIRS leads to xdg.Menu.parse. Root cause is lack of sanitization before an eval call in xdg/Menu.py. Various advisories (Debian,...