389 matches found
Design/Logic Flaw
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
catsup (>=0.3.8 <=0.3.11), coil (=1.2.1) +9 more potentially affected by CVE-2015-8557 via pygments (>=1.6.0 <=2.0.2)
pygments PYPI version =1.6.0, =0.3.8, =0.0.1, =1.9.5, =3.0.0, =2.3.1, =3.2.0, =1.0.0, =1.0.0, =3.0.1 Source cves: CVE-2015-8557 Source advisory: OSV:PYSEC-2016-32...
PYSEC-2016-32
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
PYSEC-2016-32
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
CVE-2015-8557
CVE-2015-8557 affects Pygments up to version 2.0.2. The vulnerability lies in FontManager._get_nix_font_path (formatters/img.py) where font names containing shell metacharacters can lead to arbitrary command execution. Several sources (GHSA advisory, GLSA, Debian security notes, CNVD/Chinese trac...
CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
Ubuntu: Security Advisory (USN-2862-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Pygments vulnerability (USN-2862-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2862-1 advisory. It was discovered that Pygments incorrectly sanitized strings used to search system fonts. An attacker could possibly use this issue to execute arbitrary code...
USN-2862-1: Pygments vulnerability
It was discovered that Pygments incorrectly sanitized strings used to search system fonts. An attacker could possibly use this issue to execute arbitrary code...
USN-2862-1 pygments vulnerability
It was discovered that Pygments incorrectly sanitized strings used to search system fonts. An attacker could possibly use this issue to execute arbitrary code...
Mageia: Security Advisory (MGASA-2015-0478)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
MGASA-2015-0478 Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
UBUNTU-CVE-2015-8557
The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...
Amazon Linux: Security Advisory (ALAS-2015-630)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-369-1 : pygments security update
It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version 1.3.1+dfsg-1+deb6u11. NOTE: Tenable Network Security has extracted the preceding description block...
Amazon Linux AMI : python-pygments (ALAS-2015-630)
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
[SECURITY] [DLA 369-1] pygments security update
Package : pygments Version : 1.3.1+dfsg-1+deb6u11 CVE ID : CVE-2015-8557 Debian Bug : 802828 It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version...