CVE-2018-20167
https://notcve.org/view.php?id=CVE-2018-20167
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). • https://phab.enlightenment.org/T7504 https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2 https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2014-1846
https://notcve.org/view.php?id=CVE-2014-1846
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. Enlightenment, en versiones anteriores a la 0.17.6, podría permitir que los usuarios locales obtengan privilegios mediante el método gdb. • http://www.openwall.com/lists/oss-security/2014/02/03/19 https://bugzilla.redhat.com/show_bug.cgi?id=1059410 https://exchange.xforce.ibmcloud.com/vulnerabilities/91215 https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-1845
https://notcve.org/view.php?id=CVE-2014-1845
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. Un ayudante root setuid sin especificar en Enlightenment, en versiones anteriores a la 0.17.6, permite que usuarios locales obtengan privilegios aprovechando el error a la hora de sanear el entorno. • http://www.openwall.com/lists/oss-security/2014/02/03/19 https://bugzilla.redhat.com/show_bug.cgi?id=1059410 https://exchange.xforce.ibmcloud.com/vulnerabilities/91216 https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0 https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-8971
https://notcve.org/view.php?id=CVE-2015-8971
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. Terminology 0.7.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de secuencias de escape que modifican el título de la ventana y luego se escriben a el terminal, un problema similar a CVE-2003-0063. • http://www.debian.org/security/2016/dsa-3712 http://www.openwall.com/lists/oss-security/2016/11/04/12 http://www.openwall.com/lists/oss-security/2016/11/04/15 http://www.openwall.com/lists/oss-security/2016/11/07/1 http://www.securityfocus.com/bid/94132 https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2011-5326
https://notcve.org/view.php?id=CVE-2011-5326
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse. Imlib2 en versiones anteriores a 1.4.9 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de aplicación) dibujando una elipse 2x1. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html http://www.debian.org/security/2016/dsa-3555 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639414 https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 https://sourceforge.net/p/enlightenment/mailman/message/35055012 • CWE-189: Numeric Errors •