CVE-2015-0854
published 2016-12-29CVE-2015-0854: App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is…
PriorityP341high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
2.50%
82.7th percentile
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | shutter | < shutter 0.93.1-1 (bookworm) | shutter 0.93.1-1 (bookworm) |
| shutter-project | shutter | <= 0.93.1 | — |
| tenfourzero | shutter | >= 0 < 0.93.1-1 | 0.93.1-1 |
| tenfourzero | shutter | >= 0 < 0.93.1-1 | 0.93.1-1 |
| tenfourzero | shutter | >= 0 < 0.93.1-1 | 0.93.1-1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2015-0854: shutter - App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote att...
vendor_debian·2015·CVSS 7.8
CVE-2015-0854 [HIGH] CVE-2015-0854: shutter - App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote att...
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.
Scope: local
bookworm: resolved (fixed in 0.93.1-1)
forky: resolved (fixed in 0.93.1-1)
sid: resolved (fixed in 0.93.1-1)
trixie: resolved (fixed in 0.93.1-1)
GHSA
GHSA-wxjm-f3hv-j7ff: App/HelperFunctions
ghsa_unreviewed·2022-05-17
CVE-2015-0854 [HIGH] GHSA-wxjm-f3hv-j7ff: App/HelperFunctions
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.
OSV
CVE-2015-0854: App/HelperFunctions
osv·2016-12-29·CVSS 7.8
CVE-2015-0854 [HIGH] CVE-2015-0854: App/HelperFunctions
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-0854 shutter: Insecure use of system() [fedora-all]
bugzilla·2015-09-14·CVSS 7.8
CVE-2015-0854 [HIGH] CVE-2015-0854 shutter: Insecure use of system() [fedora-all]
CVE-2015-0854 shutter: Insecure use of system() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While onl
Bugzilla
CVE-2015-0854 shutter: Insecure use of system()
bugzilla·2015-09-14·CVSS 7.8
CVE-2015-0854 [HIGH] CVE-2015-0854 shutter: Insecure use of system()
CVE-2015-0854 shutter: Insecure use of system()
A vulnerability in shutter was found. Using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter.
Reproducer available at:
http://seclists.org/oss-sec/2015/q3/541
Discussion:
Created shutter tracking bugs for this issue:
Affects: fedora-all [bug 1262932]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment)
bugzilla·2015-04-14·CVSS 7.6
CVE-2015-0458 [HIGH] CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment)
CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment)
Oracle Java SE 6u95, 7u79 and 8u45 fixes an unspecified vulnerability in the Deployment component (CVE-2015-0458). Upstream has CVSSv2 scored this issue as: 7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterp
Bugzilla
CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
bugzilla·2015-04-14·CVSS 10.0
CVE-2015-0459 [CRITICAL] CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
Oracle Java SE 5.0u85, 6u95, 7u79 and 8u45 fixes an unspecified vulnerability in the 2D component (CVE-2015-0459). Upstream has CVSSv2 scored this issue as: 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enter
Bugzilla
CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
bugzilla·2015-04-14·CVSS 10.0
CVE-2015-0491 [CRITICAL] CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
Oracle Java SE 5.0u85, 6u95, 7u79 and 8u45 fixes an unspecified vulnerability in the 2D component (CVE-2015-0491). Upstream has CVSSv2 scored this issue as: 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enter
Bugzilla
CVE-2015-0484 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
bugzilla·2015-04-14·CVSS 6.8
CVE-2015-0484 [MEDIUM] CVE-2015-0484 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
CVE-2015-0484 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
Oracle Java SE 7u79 and 8u45 fixes an unspecified vulnerability in the JavaFX component (CVE-2015-0484). Upstream has CVSSv2 scored this issue as: 6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RH
Bugzilla
CVE-2015-0486 Oracle JDK: unspecified vulnerability fixed in 8u45 (Deployment)
bugzilla·2015-04-14·CVSS 5.0
CVE-2015-0486 [MEDIUM] CVE-2015-0486 Oracle JDK: unspecified vulnerability fixed in 8u45 (Deployment)
CVE-2015-0486 Oracle JDK: unspecified vulnerability fixed in 8u45 (Deployment)
Oracle Java SE 8u45 fixes an unspecified vulnerability in the Deployment component (CVE-2015-0486). Upstream has CVSSv2 scored this issue as: 5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html
Bugzilla
CVE-2015-0492 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
bugzilla·2015-04-14·CVSS 9.3
CVE-2015-0492 [CRITICAL] CVE-2015-0492 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
CVE-2015-0492 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
Oracle Java SE 7u79 and 8u45 fixes an unspecified vulnerability in the JavaFX component (CVE-2015-0492). Upstream has CVSSv2 scored this issue as: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Via RH
2016-12-29
Published