725 matches found
NTP - Local Privilege Escalation
Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...
xymon-server -- multiple vulnerabilities
J.C. Cleaver reports: CVE-2016-2054: Buffer overflow in xymond handling of "config" command CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory CVE-2016-2056: Shell command injection in the "useradm" and "chpasswd" web applications CVE-2016-2057: Incorrect...
MGASA-2015-0478 Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
setroubleshoot: insecure use of commands.getstatusoutput in sealert
A shell command injection flaw was found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use this flaw to execute arbitrary code with root privileges...
Pygments FontManager._get_nix_font_path Shell Injection Vulnerability
Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...
SUSE-SU-2015:1361-1 Security update for osc
This update provides osc 0.152.0 with various fixes and improvements. This security issue was fixed: - CVE-2015-0778: Shell command injection via crafted service files. bsc901643 For a comprehensive list of changes, please refer to the package's change log...
Debian DLA-125-1 : mime-support security update
Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. For the oldstable...
openSUSE Security Update : osc (openSUSE-2015-224)
osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability : - fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed : - fix times when data comes from OBS...
openSUSE: Security Advisory for osc (openSUSE-SU-2015:0486-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for osc (important)
osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed: fix times when data comes from OBS backen...
SUSE-SU-2015:0487-1 Security update for osc
osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed: fix times when data comes from OBS backen...
Debian DSA-3114-1 : mime-support - security update
Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. %NASLMINLEVEL 7030...
[SECURITY] [DLA 125-1] mime-support security update
Package : mime-support Version : 3.48-1+deb6u1 CVE ID : CVE-2014-7209 Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could...
[SECURITY] [DSA 3114-1] mime-support security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3114-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 29, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3114-1 (mime-support - security update)
Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. OpenVAS...
openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)
This mailx update fixes the following security issue : bsc909208: shell command injection via crafted email addresses CVE-2004-2771, CVE-2014-7844 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
DLA-125-1 mime-support - security update
Bulletin has no description...
DSA-3114-1 mime-support - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3114-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.3 Security Update : mailx (SAT Patch Number 10096)
This mailx update fixes the following security issues : - Shell command injection via crafted email addresses. CVE-2004-2771 / CVE-2014-7844. bnc909208 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...