22 matches found
EUVD-2018-3357
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-11319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root...
CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
[SECURITY] Fedora 27 Update: vim-syntastic-3.9.0-1.fc27
Syntastic is a syntax checking plugin that runs files through external synt ax checkers and displays any resulting errors to the user. This can be done on demand, or automatically as files are saved. If syntax errors are detected, the user is notified and is happy because they didn't have to...
Debian DSA-4261-1 : vim-syntastic - security update
Enrico Zini discovered a vulnerability in Syntastic, an addon module for the Vim editor that runs a file through external checkers and displays any resulting errors. Config files were looked up in the current working directory which could result in arbitrary shell code execution if a malformed...
[SECURITY] [DSA 4261-1] vim-syntastic security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4261-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2018 https://www.debian.org/security/faq -...
DSA-4261-1 vim-syntastic - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4261-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1444-1 : vim-syntastic security update
CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin. For Debian 8 'Jessie', this problem has been fixed in version 3.5.0-1+deb8u1. We recommend that you upgrade your vim-syntastic packages. NOTE: Tenable...
[SECURITY] [DLA 1444-1] vim-syntastic security update
Package : vim-syntastic Version : 3.5.0-1+deb8u1 CVE ID : CVE-2018-11319 CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin. For Debian 8 "Jessie", this problem has been fixed in version 3.5.0-1+deb8u1...
Debian: Security Advisory (DLA-1444-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-1444-1 vim-syntastic - security update
Bulletin has no description...
Syntastic Code Execution Vulnerability
Syntastic vim-syntastic is a syntax-checking plugin for use on Linux systems. A security vulnerability exists in Syntastic 3.9.0 and earlier versions, which stems from the program's failure to properly handle searches of configuration files. The vulnerability can be exploited by an attacker to...
UBUNTU-CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
DEBIAN-CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
Directory traversal
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
CVE-2018-11319
Syntastic (vim-syntastic) up to version 3.9.0 is vulnerable due to how config files are searched: it traverses from the project directory upward toward root, enabling arbitrary code execution if an attacker can write to a parent directory of the checked project. Published fixes exist: Debian stre...