8 matches found
SUSE CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
GLSA-201812-10 : GKSu: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-201812-10 GKSu: Arbitrary command execution A vulnerability was discovered in GKSus gksu-run-helper. Impact : An attacker could execute arbitrary commands. Workaround : There is no known workaround at this time. C Tenable Network...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
UBUNTU-CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
CVE-2014-2886
GKSu 2.0.2 vulnerability (CVE-2014-2886): when sudo-mode is not enabled, gksu-run-helper processes an argument containing a double quote, enabling arbitrary command execution in scenarios with an untrusted substring (e.g., untrusted filename during VirtualBox extension pack install). Affected: GK...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All reference...