CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 3CVE-2014-1928 – Debian Security Advisory 2946-1
https://notcve.org/view.php?id=CVE-2014-1928
05 Jun 2014 — The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. La función shell_quote en python-gnupg 0.3.5 no escapa debidamente los caracteres, lo que permite a atac... • http://seclists.org/oss-sec/2014/q1/246 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1929 – Debian Security Advisory 2946-1
https://notcve.org/view.php?id=CVE-2014-1929
05 Jun 2014 — python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. python-gnupg 0.3.5 y 0.3.6 permite a atacantes dependientes de contexto tener un impacto no especificado a través de vectores relacionados con 'la inyección de opciones mediante argumentos posicionales.' NOTA: esta vulnerabilidad existe debido a una solución incompl... • http://seclists.org/oss-sec/2014/q1/245 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2014-1927 – Debian Security Advisory 2946-1
https://notcve.org/view.php?id=CVE-2014-1927
05 Jun 2014 — The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. La función shell_quote en python-gnupg 0.3.5 no cita debidamente cadenas, lo que permite a atacantes dependientes de contexto ejecu... • http://seclists.org/oss-sec/2014/q1/245 • CWE-20: Improper Input Validation •