Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.24 views

Ubuntu 16.04 ESM : Smarty vulnerabilities (USN-5348-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-2 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...

9.8CVSS6.7AI score0.82316EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.37 views

Ubuntu 20.04 ESM : Smarty vulnerabilities (USN-5348-3)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5348-3 advisory. USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454...

9.8CVSS6.7AI score0.82316EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-5348-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.82316EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.27 views

Fedora: Security Advisory for php-Smarty (FEDORA-2022-d5fc9dcdd7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.2AI score0.82316EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2022/06/21 3:29 p.m.70 views

USN-5348-3: Smarty vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

9.8CVSS7.2AI score0.82316EPSS
Exploits2
OpenVAS
OpenVAS
added 2022/05/31 12:0 a.m.28 views

Debian: Security Advisory (DSA-5151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.0454EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/05/31 12:0 a.m.43 views

Debian DSA-5151-1 : smarty3 - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...

9.8CVSS7AI score0.82316EPSS
Exploits3References15
Tenable Nessus
Tenable Nessus
added 2022/05/06 12:0 a.m.30 views

Debian DLA-2995-1 : smarty3 - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2995 advisory. Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a...

8.8CVSS7AI score0.0222EPSS
Exploits0References8
NVD
NVD
added 2022/01/10 8:15 p.m.25 views

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.8CVSS0.01927EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2022/01/10 8:15 p.m.49 views

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.8CVSS6.7AI score0.01927EPSS
Exploits0References10
Cvelist
Cvelist
added 2022/01/10 12:0 a.m.34 views

CVE-2021-29454 Sandbox Escape by math function in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.1CVSS9.5AI score0.01927EPSS
Exploits0References11
Rows per page
Query Builder