Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2015-8557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell...

9.3CVSS8.6AI score0.06664EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 7 : python-pygments (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pygments: Shell injection in FontManager.getnixfontpath CVE-2015-8557 Note that Nessus has not tested for th...

9CVSS9.3AI score0.06664EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.12 views

RHEL 6 : python-pygments (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pygments: Shell injection in FontManager.getnixfontpath CVE-2015-8557 Note that Nessus has not tested for th...

9CVSS9.3AI score0.06664EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/02/09 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2024-1162)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9.2AI score0.06664EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/05/17 2:37 a.m.6 views

catsup (>=0.3.8 <=0.3.11), coil (=1.2.1) +9 more potentially affected by CVE-2015-8557 via pygments (>=1.6.0 <=2.0.2)

pygments PYPI version =1.6.0, =0.3.8, =0.0.1, =1.9.5, =3.0.0, =2.3.1, =3.2.0, =1.0.0, =1.0.0, =3.0.1 Source cves: CVE-2015-8557 Source advisory: OSV:GHSA-FFF8-4W9P-7V76...

9.3CVSS7.2AI score0.06664EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/23 12:0 a.m.29 views

EulerOS 2.0 SP3 : python-pygments (EulerOS-SA-2022-1185)

According to the versions of the python-pygments package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrar...

9.3CVSS8.6AI score0.06664EPSS
Exploits0References2
Debian
Debian
added 2016/01/13 10:13 p.m.29 views

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

9.3CVSS9.2AI score0.06664EPSS
Exploits0
OSV
OSV
added 2016/01/08 8:59 p.m.8 views

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

9CVSS9.3AI score
Exploits0References9
CVE
CVE
added 2016/01/08 8:0 p.m.130 views

CVE-2015-8557

CVE-2015-8557 affects Pygments up to version 2.0.2. The vulnerability lies in FontManager._get_nix_font_path (formatters/img.py) where font names containing shell metacharacters can lead to arbitrary command execution. Several sources (GHSA advisory, GLSA, Debian security notes, CNVD/Chinese trac...

9.3CVSS9.2AI score0.06664EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2015/12/18 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2015-0478)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9.2AI score0.06664EPSS
Exploits0References5
Mageia
Mageia
added 2015/12/17 8:19 p.m.30 views

Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

9.3CVSS9AI score0.06664EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/12/16 12:0 a.m.24 views

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

9.3CVSS7.3AI score0.06664EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/12/16 12:0 a.m.22 views

Debian DLA-369-1 : pygments security update

It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version 1.3.1+dfsg-1+deb6u11. NOTE: Tenable Network Security has extracted the preceding description block...

9.3CVSS8AI score0.06664EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/12/16 12:0 a.m.23 views

Amazon Linux AMI : python-pygments (ALAS-2015-630)

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

9.3CVSS8.3AI score0.06664EPSS
Exploits0References2
Debian
Debian
added 2015/12/15 6:25 p.m.15 views

[SECURITY] [DLA 369-1] pygments security update

Package : pygments Version : 1.3.1+dfsg-1+deb6u11 CVE ID : CVE-2015-8557 Debian Bug : 802828 It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version...

9.3CVSS9.2AI score0.06664EPSS
Exploits0
Rows per page
Query Builder