964 matches found
Scientific Linux Security Update : python-jinja2 on SL6.x i386/x86_64 (20140611)
It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of...
Moderate: Red Hat Security Advisory: python-jinja2 security update
Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Moderate: Red Hat Security Advisory: python33-python-jinja2 and python27-python-jinja2 security update
Updated python33-python-jinja2 and python27-python-jinja2 packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
python-jinja2: FileSystemBytecodeCache insecure cache temporary file use
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
CVE-2014-1402
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
PYSEC-2014-82
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...
CVE-2014-1402
CVE-2014-1402 affects the Jinja2 template engine. The vulnerability is in the default configuration of bccache.FileSystemBytecodeCache, where Jinja2 before 2.7.2 does not properly create temporary files/directories, allowing a local attacker to gain privileges via a crafted .cache file named star...
UBUNTU-CVE-2014-0012
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
Adobe Flash AVM Bytecode Verification Code Execution - Ver2 (CVE-2011-0609)
A code execution vulnerability has been reported in Adobe Flash. The vulnerability is due to an error in the Adobe Flash Player when parsing SWF files embedded in Excel files. A remote attacker could exploit this vulnerability by convincing a victim to open a specially crafted Excel file that...
DEBIAN-CVE-2014-2094
Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
MGASA-2014-0028 Updated python-jinja2 package fixes two security vulnerabilities
Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...
Updated python-jinja2 package fixes two security vulnerabilities
Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...
PT-2014-4172 · Pallets +3 · Jinja2 +3
Name of the Vulnerable Software and Affected Versions: Jinja2 versions prior to 2.7.2 Description: The default configuration for bccache.FileSystemBytecodeCache in Jinja2 does not properly create temporary files. This allows local users to gain privileges via a crafted .cache file with a name...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...