Search criteria
2 vulnerabilities by supmua
CVE-2013-4479 (GCVE-0-2013-4479)
Vulnerability from cvelistv5 – Published: 2013-12-07 20:00 – Updated: 2024-08-06 16:45
VLAI
Summary
lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/sup-heliotrope/sup/commit/ca03… | x_refsource_CONFIRM |
| http://secunia.com/advisories/55294 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/55400 | third-party-advisoryx_refsource_SECUNIA |
| http://seclists.org/fulldisclosure/2013/Oct/272 | mailing-listx_refsource_FULLDISC |
| http://rubyforge.org/pipermail/sup-talk/2013-Octo… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2012/dsa-2805 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2013/10/30/2 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2013-10-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42"
},
{
"name": "55294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55294"
},
{
"name": "55400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55400"
},
{
"name": "20131029 Advisory: sup MUA Command Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Oct/272"
},
{
"name": "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
},
{
"name": "DSA-2805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
},
{
"name": "FEDORA-2015-14929",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42"
},
{
"name": "55294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55294"
},
{
"name": "55400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55400"
},
{
"name": "20131029 Advisory: sup MUA Command Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Oct/272"
},
{
"name": "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
},
{
"name": "DSA-2805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
},
{
"name": "FEDORA-2015-14929",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165917.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4479",
"datePublished": "2013-12-07T20:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4478 (GCVE-0-2013-4478)
Vulnerability from cvelistv5 – Published: 2013-12-07 20:00 – Updated: 2024-08-06 16:45
VLAI
Summary
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://rubyforge.org/pipermail/sup-talk/2013-Augu… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/55294 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/55400 | third-party-advisoryx_refsource_SECUNIA |
| http://rubyforge.org/pipermail/sup-talk/2013-Octo… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2012/dsa-2805 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/sup-heliotrope/sup/commit/8b46… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/10/30/2 | mailing-listx_refsource_MLIST |
Date Public
2013-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[sup-talk] 20130818 Fwd: Security issue with suggested configuration of sup",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html"
},
{
"name": "55294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55294"
},
{
"name": "55400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55400"
},
{
"name": "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
},
{
"name": "DSA-2805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-07T19:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[sup-talk] 20130818 Fwd: Security issue with suggested configuration of sup",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-August/004993.html"
},
{
"name": "55294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55294"
},
{
"name": "55400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55400"
},
{
"name": "[sup-talk] 20131029 Security advisory, releases 0.13.2.1 and 0.14.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html"
},
{
"name": "DSA-2805",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: sup MUA Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4478",
"datePublished": "2013-12-07T20:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}