CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function pythonmodulepath...

Fedora 18 : fail2ban-0.8.8-1.fc18 (2012-20589)

Update to 0.8.8 CVE-2012-5642 Bug 887914 - Fixes : - Alan Jenkins - 8c38907 Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid banning due to misconfigured DNS. Close gh-64 - Yaroslav Halchenko - 83109bc IMPORTANT: escape the content of if used in custom action files since its value...

Ubuntu 10.04 LTS / 11.04 : python3.1 vulnerabilities (USN-1616-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. CVE-2008-5983 It was discovered that th...

Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit thi...

Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

USN-1613-2: Python 2.4 vulnerabilities

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working...

USN-1596-1: Python 2.6 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

Mandriva Security Advisory MDVSA-2009:046-1 (dia)

The remote host is missing an update to dia announced via advisory MDVSA-2009:046-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Security Advisory MDVSA-2009:046-1 (dia)

The remote host is missing an update to dia announced via advisory MDVSA-2009:046-1. OpenVAS Vulnerability Test $Id: mdksa20090461.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:046-1 dia Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandriva Linux Security Advisory : dia (MDVSA-2009:046-1)

Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory CVE-2008-5984. This update...

dstat: Untrusted search path

Background dstat is a versatile system resource monitor written in Python. Description Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path sys.path before calling "import". Impact A local attack...

Mandriva Linux Security Advisory : vim (MDVSA-2009:047-1)

Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory CVE-2009-0316. This update...

Fedora 10 : gedit-2.24.3-3.fc10 (2009-1187)

Untrusted search path vulnerability in gedit's Python module allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySysSetArgv function. References:...

Mandrake Security Advisory MDVSA-2009:063 (eog)

The remote host is missing an update to eog announced via advisory MDVSA-2009:063. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

Mandrake Security Advisory MDVSA-2009:048 (epiphany)

The remote host is missing an update to epiphany announced via advisory MDVSA-2009:048. OpenVAS Vulnerability Test $Id: mdksa2009048.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:048 epiphany Authors: Thomas Reinke Copyright: Copyright c 2009 E-Sof...

Mandrake Security Advisory MDVSA-2009:048-1 (epiphany)

The remote host is missing an update to epiphany announced via advisory MDVSA-2009:048-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:048 (epiphany)

The remote host is missing an update to epiphany announced via advisory MDVSA-2009:048. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:043 (gnumeric)

The remote host is missing an update to gnumeric announced via advisory MDVSA-2009:043. OpenVAS Vulnerability Test $Id: mdksa2009043.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:043 gnumeric Authors: Thomas Reinke Copyright: Copyright c 2009 E-Sof...

Epiphany PySys_SetArgv函数命令执行漏

BUGTRAQ ID: 33441 CVECAN ID: CVE-2008-5985 Epiphany是GNOME桌面所使用的WEB浏览器。 Epiphany的python接口使用argv0调用PySysSetArgv函数。由于Python对sys.path变量附加了空字符串，如果工作目录中的文件名匹配epiphany试图导入的python模块名，就可能允许本地用户在系统中执行任意代码。 GNOME Epiphany 2.22.3 厂商补丁： GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Mandrake Security Advisory MDVSA-2009:046 (dia)

The remote host is missing an update to dia announced via advisory MDVSA-2009:046. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...