Lucene search
K

50 matches found

CVE
CVE
added 2016/01/08 8:0 p.m.130 views

CVE-2015-8557

CVE-2015-8557 affects Pygments up to version 2.0.2. The vulnerability lies in FontManager._get_nix_font_path (formatters/img.py) where font names containing shell metacharacters can lead to arbitrary command execution. Several sources (GHSA advisory, GLSA, Debian security notes, CNVD/Chinese trac...

9.3CVSS9.2AI score0.06664EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2015/12/17 8:19 p.m.11 views

MGASA-2015-0478 Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

9.3CVSS9.1AI score0.06664EPSS
Exploits0References4
Mageia
Mageia
added 2015/12/17 8:19 p.m.30 views

Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

9.3CVSS9AI score0.06664EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/12/16 12:0 a.m.25 views

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

9.3CVSS7.3AI score0.06664EPSS
Exploits0References3
Amazon
Amazon
added 2015/12/14 12:0 a.m.37 views

Important: python-pygments

Issue Overview: An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of...

9.3CVSS9.4AI score0.06664EPSS
Exploits0
OSV
OSV
added 2015/11/26 8:47 p.m.3 views

MGASA-2015-0456 Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

7.3AI score
Exploits0References3
Mageia
Mageia
added 2015/11/26 8:47 p.m.21 views

Updated python-pygments packages fix security vulnerability

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

5.2AI score
Exploits0References2
0day.today
0day.today
added 2015/10/04 12:0 a.m.24 views

Pygments FontManager._get_nix_font_path Shell Injection Vulnerability

Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...

7.4AI score
Exploits0
FreeBSD
FreeBSD
added 2015/09/28 12:0 a.m.27 views

pygments -- shell injection vulnerability

NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

9.3CVSS9AI score0.06664EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/02/03 12:0 a.m.50 views

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2015:0190-1) (POODLE)

OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs : - Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols ...

10CVSS6.4AI score0.99999EPSS
Exploits12References15
OPENSUSE Linux
OPENSUSE Linux
added 2015/02/02 12:4 p.m.57 views

Security update for java-1_7_0-openjdk (important)

OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs: Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols -...

10CVSS0.99999EPSS
Exploits12References1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.31 views

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0828-1)

This version upgrade of java-160-openjdk fixes multiple security flaws : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability...

10CVSS8AI score0.93688EPSS
Exploits9References11
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.4 views

OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.237 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

10CVSS7.4AI score0.05983EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.5 views

OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.237 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

10CVSS7.4AI score0.05983EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2013/05/10 12:0 a.m.30 views

Oracle Java GSUB TTF Table LookupCount Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fontmanager...

10CVSS3.7AI score0.08778EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2013/05/10 12:0 a.m.46 views

Oracle Java mort TTF Table Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fontmanager...

10CVSS3.8AI score0.08869EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.36 views

SuSE 11.1 Security Update : java-1_6_0-openjdk (SAT Patch Number 6437)

java-160-openjdk was updated to the IcedTea 1.11.3 release, fixing multiple security issues : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716:...

10CVSS8AI score0.93688EPSS
Exploits9References19
OpenVAS
OpenVAS
added 2012/12/13 12:0 a.m.54 views

SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk)

Check for the Version of java-160-openjdk OpenVAS Vulnerability Test $Id: gbsuse201208281.nasl 8245 2017-12-26 06:29:59Z teissa $ SuSE Update for java-160-openjdk openSUSE-SU-2012:0828-1 java-160-openjdk Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

10CVSS8.6AI score0.93688EPSS
Exploits9References1
RedHat Linux
RedHat Linux
added 2012/10/03 3:11 p.m.3 views

OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.237 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

10CVSS7.4AI score0.05983EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/09/19 12:0 a.m.49 views

RHEL 6 : java-1.7.0-ibm (RHSA-2012:1289)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1289 advisory. - OpenJDK: AWT hardening fixes AWT, 7163201 CVE-2012-0547 - Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 Deployment...

10CVSS8.4AI score0.98536EPSS
Exploits10References30
Rows per page
Query Builder