14 matches found
Ubuntu 16.04 ESM : Smarty vulnerabilities (USN-5348-2)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-2 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...
Ubuntu 20.04 ESM : Smarty vulnerabilities (USN-5348-3)
The remote Ubuntu 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-3 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...
Ubuntu: Security Advisory (USN-5348-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5348-3: Smarty vulnerabilities
USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...
Debian DSA-5151-1 : smarty3 - security update
The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...
Mageia: Security Advisory (MGASA-2021-0335)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : Bacula-Web -- Multiple Vulnerabilities (f05dbd1f-2599-11ec-91be-001b217b3468)
Bacula-Web reports : Address Smarty CVE %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and use in source VuXML and...
GLSA-202105-06 : Smarty: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202105-06 Smarty: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Smarty template engine. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE...
[SECURITY] [DLA 2618-1] smarty3 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2618-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA April 05, 2021 https://wiki.debian.org/LTS -...
CVE-2021-26120
Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...
CVE-2021-26120
Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...
CVE-2021-26120
Smarty PHP template engine prior to version 3.1.39 is affected by CVE-2021-26120, which can enable code injection via an unexpected {function name= substring}. The issue is addressed in updates to Smarty3 (e.g., upgrading to 3.1.39+ or package updates in Fedora/Debian/Mageia). Remediation is to u...
CVE-2021-26120
Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...
CVE-2021-26120
creationtimestamp| type| source ---|---|--- 2021-02-19 12:13:23+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2740...