50 matches found
CVE-2015-8557
CVE-2015-8557 affects Pygments up to version 2.0.2. The vulnerability lies in FontManager._get_nix_font_path (formatters/img.py) where font names containing shell metacharacters can lead to arbitrary command execution. Several sources (GHSA advisory, GLSA, Debian security notes, CNVD/Chinese trac...
MGASA-2015-0478 Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
Important: python-pygments
Issue Overview: An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of...
MGASA-2015-0456 Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
Pygments FontManager._get_nix_font_path Shell Injection Vulnerability
Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...
pygments -- shell injection vulnerability
NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2015:0190-1) (POODLE)
OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs : - Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols ...
Security update for java-1_7_0-openjdk (important)
OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs: Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols -...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0828-1)
This version upgrade of java-160-openjdk fixes multiple security flaws : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability...
OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.237 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.237 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
Oracle Java GSUB TTF Table LookupCount Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fontmanager...
Oracle Java mort TTF Table Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fontmanager...
SuSE 11.1 Security Update : java-1_6_0-openjdk (SAT Patch Number 6437)
java-160-openjdk was updated to the IcedTea 1.11.3 release, fixing multiple security issues : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716:...
SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk)
Check for the Version of java-160-openjdk OpenVAS Vulnerability Test $Id: gbsuse201208281.nasl 8245 2017-12-26 06:29:59Z teissa $ SuSE Update for java-160-openjdk openSUSE-SU-2012:0828-1 java-160-openjdk Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...
OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.237 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
RHEL 6 : java-1.7.0-ibm (RHSA-2012:1289)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1289 advisory. - OpenJDK: AWT hardening fixes AWT, 7163201 CVE-2012-0547 - Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 Deployment...