79 matches found
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the sup-mail package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Fedora 23 : ruby-ncurses-1.3.1-16.fc23 / rubygem-sup-0.21.0-3.fc23 (2015-14929)
ruby-ncurses-1.3.1-16.fc23 - Fix Ruby 2.2 compatibility. rubygem- sup-0.21.0-3.fc23 - Relax rubygem-chronic dependency. - Temporary use ncurses, until rubygem-ncursesw is in Fedora. - Small cleanup. Note that Tenable Network Security has extracted the preceding description block directly from the...
Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the Debian GNU/Linux operating system’s sup package can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious actors...
DEBIAN-CVE-2013-4479
lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...
CVE-2013-4479
lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...
CVE-2013-4478
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment...
CVE-2013-4479
lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...
UBUNTU-CVE-2013-4479
lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...
Code injection
lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...
CVE-2013-4478
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment...
Code injection
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment...
CVE-2013-4479
lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...
CVE-2013-4479
lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...
CVE-2013-4478
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment...
CVE-2013-4478
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment...
[SECURITY] [DSA 2805-1] sup-mail security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2805-1 [email protected] http://www.debian.org/security/ Luciano Bello November 27, 2013 http://www.debian.org/security/faq -...
Sup-mail commands injection
It's possible to inject commands via filename and Content-Type...
Debian DSA-2805-1 : sup-mail - command injection
joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email. - CVE-2013-4478 Sup wrongly handled the filename of attachments. - CVE-2013-4479 Sup did not sanitize the...
[SECURITY] [DSA 2805-1] sup-mail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2805-1 [email protected] http://www.debian.org/security/ Luciano Bello November 27, 2013 http://www.debian.org/security/faq -...
DSA-2805-1 sup-mail - remote command injection
Bulletin has no description...