CVE-2019-12761

CVE-2019-12761 affects PyXDG prior to 0.26. A code injection issue arises via crafted Python in a Category element of a Menu XML (.menu) file, triggered when XDG_CONFIG_DIRS leads to xdg.Menu.parse. Root cause is lack of sanitization before an eval call in xdg/Menu.py. Various advisories (Debian,...

CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: SNYK:PYTHON-PYXDG-174562...

Arbitrary Command Execution

Overview pyxdg contains implementations of freedesktop.org standards in python. Affected versions of this package are vulnerable to Arbitrary Command Execution via the xdg.Menu.parse function. When it is possible to craft an evil menu file with a Category node containing Python injected code. The...

Fedora 20 : pyxdg-0.25-5.fc20 (2014-16357)

Fix CVE-2014-1624 pyxdg: TOCTOU race condition in getruntimedir when strict=False Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for pyxdg FEDORA-2014-16287

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for pyxdg FEDORA-2014-16357

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: pyxdg-0.25-5.fc20

PyXDG is a python library to access freedesktop.org standards...

Fedora Update for pyxdg FEDORA-2014-16466

Check the version of pyxdg SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868631";...

Fedora 19 : pyxdg-0.25-5.fc19 (2014-16466)

Fix CVE-2014-1624 pyxdg: TOCTOU race condition in getruntimedir when strict=False Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 21 : pyxdg-0.25-5.fc21 (2014-16287)

Fix CVE-2014-1624 pyxdg: TOCTOU race condition in getruntimedir when strict=False Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

[SECURITY] Fedora 21 Update: pyxdg-0.25-5.fc21

PyXDG is a python library to access freedesktop.org standards...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2014-1624 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2014-1624 Source advisory: OSV:PYSEC-2014-95...

PYSEC-2014-95

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

CVE-2014-1624

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...