17 matches found
EUVD-2014-0090
Malware in sbrugna...
GHSA-R3VR-PRWV-86G9 python-gnupg's shell_quote function does not properly quote strings
The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...
GHSA-VCR5-XR9H-MVC5 python-gnupg vulnerable to shell injection
python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the shellquote function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...
python-gnupg vulnerable to shell injection
python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the shellquote function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...
CVE-2014-1929
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...
Design/Logic Flaw
The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...
PYSEC-2014-92
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...
CVE-2014-1928
The shellquote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "" backslash characters to form multi-command sequences, a different...
[SECURITY] [DSA 2946-1] python-gnupg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...
CVE-2013-7323
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...
CVE-2013-7323
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...
CVE-2013-7323
CVE-2013-7323 affects python-gnupg up to 0.3.5 (and related 0.3.6) where the shell_quote function does not properly escape or quote strings, allowing context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Several advisories (GHSA) describe shell...
CVE-2013-7323
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...
[SECURITY] [DSA 2946-1] python-gnupg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...
Fedora Update for python-gnupg FEDORA-2014-2103
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : python-gnupg-0.3.6-1.fc20 (2014-2103)
fixes protection against shell injection from previous 0.3.5 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 19 : python-gnupg-0.3.6-1.fc19 (2014-2140)
fixes protection against shell injection from previous 0.3.5 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...