python36:3.6 bug fix update

An update is available for python-docutils, python-pygments, python-PyMySQL, python-docs, python36, python-nose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

python36:3.6 security update

python-PyMySQL 0.8.0-10 - Bumping due to problems with modular RPM upgrade path 1695587 - Related: rhbz1693974 python-docs 3.6.7-2 - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz1695587 python-docutils 0.14-12 - Bumping due to problems with modular RPM upgrade path 169558...

python27:2.7 security update

Cython 0.28.1-7 - Bumping due to problems with modular RPM upgrade path 1695587 - Related: rhbz1693974 PyYAML 3.12-16 - Bumping due to problems with modular RPM upgrade path 1695587 - Related: rhbz1693974 babel 2.5.1-9 - Bumping due to problems with modular RPM upgrade path 1695587 - Related:...

AZL-40759 CVE-2019-11358 affecting package python-pygments for versions less than 2.7.4-1

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting Vulnerability

A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a stored cross site scripti...

SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting

------------------------------------------------------------------------ SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options ------------------------------------------------------------------------ Yorick Koster, February 2017...

GLSA-201612-05 : Pygments: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201612-05 Pygments: Arbitrary code execution A vulnerability in FontManagers getnixfontpath function allows shell metacharacters to be passed in a font name. Impact : A remote attacker could possibly execute arbitrary code with th...

Pygments: Arbitrary code execution

Background Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Description A vulnerability in FontManager’s getnixfontpath function allows shell metacharacters to be passed in a font name. Impact A remot...

Fedora 23 : python-pygments-2.0.2-3.fc23 (2015-c045f2ab1a)

python-pygments-2.0.2-3.fc22 - Backport patch to fix font manager shell injection for BZ1276321 python-pygments-2.0.2-3.fc23 - Backport patch to fix font manager shell injection for BZ1276321 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Pygments Arbitrary Command Execution Vulnerability

Pygments is a set of syntax highlighting tools that can be used in forums, wikis and other web applications with command line tools and development packages. A security vulnerability in the 'FontManager.getnixfontpath' function in Pygments' formatters/img.py file allows remote attackers to execut...

Debian DSA-3445-1 : pygments - security update

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3445-1 (pygments - security update)

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. OpenVAS Vulnerability Test $Id: deb3445.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generat...

DSA-3445-1 pygments - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3445-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : pygments -- shell injection vulnerability (5f276780-b6ce-11e5-9731-5453ed2e2b49)

NVD reports : The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

DEBIAN-CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...