50 matches found
EUVD-2016-0026
Malware in sbrugna...
EUVD-2023-36535
Malicious code in bioql PyPI...
RHEL 7 : python-pygments (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pygments: Shell injection in FontManager.getnixfontpath CVE-2015-8557 Note that Nessus has not tested for th...
RHEL 6 : python-pygments (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pygments: Shell injection in FontManager.getnixfontpath CVE-2015-8557 Note that Nessus has not tested for th...
EulerOS 2.0 SP5 : python-pygments (EulerOS-SA-2024-1162)
According to the versions of the python-pygments package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrar...
CVE-2023-32281
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32281
CVE-2023-32281 corresponds to a vulnerability in Horner Automation software where parsing CSP project files can trigger an out-of-bounds read in the FontManager, potentially allowing arbitrary code execution in the affected process. The issue is tied to improper validation of user-supplied data d...
CVE-2023-32281
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer in the FontManager system’s control module. This allows an attacker to execute arbitrary code.
The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading data beyond the buffer boundaries in the FontManager system’s memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by having the us...
GHSA-FFF8-4W9P-7V76 Command Injection in Pygments
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
Command Injection in Pygments
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2022-1185)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : python-pygments (EulerOS-SA-2022-1185)
According to the versions of the python-pygments package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrar...
GLSA-201612-05 : Pygments: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201612-05 Pygments: Arbitrary code execution A vulnerability in FontManagers getnixfontpath function allows shell metacharacters to be passed in a font name. Impact : A remote attacker could possibly execute arbitrary code with th...
Pygments: Arbitrary code execution
Background Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Description A vulnerability in FontManager’s getnixfontpath function allows shell metacharacters to be passed in a font name. Impact A remot...
CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
Design/Logic Flaw
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
PYSEC-2016-32
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
CVE-2015-8557
CVE-2015-8557 affects Pygments up to version 2.0.2. The vulnerability lies in FontManager._get_nix_font_path (formatters/img.py) where font names containing shell metacharacters can lead to arbitrary command execution. Several sources (GHSA advisory, GLSA, Debian security notes, CNVD/Chinese trac...