Информационная безопасность
[RU] switch to English


Выполнение кода в python-GPG
Опубликовано:14 июня 2014 г.
Источник:
SecurityVulns ID:13837
Тип:библиотека
Уровень опасности:
5/10
Описание:Шел-инъекции.
Затронутые продукты:PYTHON : python-gnupg 2.3
CVE:CVE-2013-7329 (The CGI::Application module 4.50 and earlier for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.)
 CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.)
 CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.)
 CVE-2013-7323 (python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2946-1] python-gnupg security update (14.06.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород