Showing 1 - 1 of 1

CVE-2019-12761

Status Candidate

Overview

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

Related Files

Ubuntu Security Notice USN-4700-1: Posted Jan 20, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4700-1 - Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2019-12761; SHA-256 | f1f938b76cd293dbac877e577715cef0ee97d86d1517e9fea22bbc0ac63bea8f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 248 files
Ubuntu 91 files
indoushka 58 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 13 files
Debian 13 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,087)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,536)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,612)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,441)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,727)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

CVE-2019-12761

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems